Authoritative Restore Question

[acl03]

So I am trying to test my ability to do an authoritative restore with a test domain. I successfully restored some groups, users and OUs from a system state backup.

So after restoring one of the ou's (it contained 3 groups), I deleted it again. i then tried to restore the same OU again, from the same system state backup. It restored without error in NTDSUTIL (the same as it did the first time), but when I rebooted the group was not there. I am thinking this had to do with the version number being the same as the one I deleted. I have 2 DC's in this domain.

Here is the sequence of events, and what I think may be going on:

1) System State is backed up on MyDC2 to MyBackup1.bkf
2) I delete the OU named MyOU
3) I reboot MyDC2 in AD Restore Mode
4) I restore the system state from backup
5) I use Ntdsutil.exe to do an Auth Restore of MyOU (i see a message saying that a few objects were restored successfully)
6) I reboot in normal mode, and after replication, MyOU exists again on all DC's.
7) I repeat steps 2 through 5

Here's what I think is going on:

Let's say the original version number of MyOU was 55. The first time i restored it, it got bumped to 100,055.

Then i erased it. When i restored from backup the second time, it was restored with the same version number, 100,055. Since the new and old numbers were identical, it doesn't restore the object properly.

Question: how can i manually increase the version number of the object so it would work if it were deleted twice, and restored from the same backup?






Thanks,
Andrew

 

[juniper911]

I think ur right in thinking that, im guessing if you made a backup now and then deleted and then did an authorative restore it would be 200,055.

To do it manually I think you have to use ADSI edit? Im not 100% sure or maybe u cant manually increase it.

interesting that ur practising as most ppl will only practise when its required!!

 

[PScottC]

You say that you only perform steps 2-5. Replication doesn't start until step 6. By performing an Authoritative restore, the USNs are reset, telling all other DCs that the restored data is valid.

Are you verifying the replication of the deletion occurs after step 2?

PSC

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers

 

[acl03]

Whoops - i meant that I repeat 2-6.

Yeah, the delete occurs on both DC's before i start the process.



Thanks,
Andrew

 

[PScottC]

List the commands you use in NTDSUtil. I feel like something is missing here.

Also, check this link.
[URL unfurl="true"]http://technet2.microsoft.com/windowsserver/en/library/690730c7-83ce-4475-b9b4-46f76c9c7c901033.mspx?mfr=true[/url]

PSC

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers

 

[acl03]

here's what I did...


ntdsutil
a r
restore subtree <path>


It told me that a few objects were restored successfully. Note that this worked fine the first time, the deleted objects were restored.

When i tried to restore these objects for the SECOND time (Using the same .bkf file), the restore succeeded successfully in ntdsutil, but the objects never showed up in AD again.



Thanks,
Andrew