The document discusses two types of restorations for Active Directory - non-authoritative and authoritative. Non-authoritative restoration can restore an entire domain controller using Windows Server Backup. Authoritative restoration restores individual Active Directory objects and marks them as authoritative by increasing their update sequence number, allowing other domain controllers to recognize it as the most recent update. The document provides details on performing both types of restoration.

2. Objectives
 The two types of restorations:
 Use the Windows Server Backup to do a
Non-Authoritative restoration
 Use the NTDSUtil and WBAdmin to do an
Authoritative restoration

3. Non-Authoritative Restore
 Its most often done using the Windows Server
Backup tool, you can restore the entire Domain
Controller by this method.
 To run a Non-Authoritative restore, just go to
Windows Server Backup and click on Recover,
then chose the most recent backup to recover
data from
 But if the deleted objects are replicated to all
DC then there is a problem with Non-
Authoritative backup

4. Authoritative Restore
 Using the WBAdmin and NTDSUtil you can
restore an individual OU, User or any other
Active Directory Object and mark it as
Authoritative.
 An Authoritative restores means, that the
Update Sequence Number of the
corresponding Object is increased by 10,000
so that the other DCs know that it’s the most
recent update.

5. Update Sequence Number (USN)

6. Authoritative Restore

7. Recovery through WBAdmin
WBADMIN START
SYSTEMSTATERECOVERY
-version:04/31/2005-09:18
-backupTarget:E:
 The <WBAdmin get versions> command is used to get
the versions of the backups available

8. Authoritative Restore

9. Authoritative Restore

10. Authoritative Restore

11. Authoritative Restore

12. Authoritative Restore