When to perform an authoritative restore
User Rating: / 0
PoorBest 
 

Written by Hywel Mallett, on 07-03-2007 14:16

If you are restoring Active Directory data, you will generally be restoring it for one of two reasons:

  • You are restoring an entire domain controller, and you need some Active Directory data for it to start up correctly
  • You need to restore all or part of your Active Directory data to a prior state, such as if you've accidentally deleted an organisational unit

In the second case you need to perform an authoritative restore, in the first a non-authoritative restore is adequate. 

When Active Directory starts up it takes various steps to ensure that the data it contains is consistent. Normally when a domain controller starts it connects to other domain controllers to ensure that it receives any updates that have occurred in the time the domain controller has been down. In order to do this it must have some Active Directory data to start with, which is why data needs to be restored to a domain controller as part of a disaster recovery.

An authoritative restore allows Active Directory data to be restored, and then have its sequence number incremented, to make it appear to be newer than it actually is. If you perform an authoritative restore on a domain controller then restart it, it will tell other domain controllers that it has the latest updates, and they will replicate data from the restored copy of Active Directory.

So what scenarios require what sort of restore?

  • If you have only one domain controller and are performing a disaster recovery on it, there is no need to perform an authoritative restore. There is only one copy of Active Directory data, so no update sequences occur anyway.
  • If you have more than one domain controller and are performing a disaster recovery on one domain controller, there is no need to perform an authoritative restore. When the restored domain controller restarts it will receive the latest data from another domain controller.
  • If you have more than one domain controller and are performing a disaster recovery on all your domain controller, there is no need to perform an authoritative restore. When the restored domain controllers restart they will automatically negotiate the latest data.
  • If you are restoring old Active Directory data and want to revert to the old data, you need to perform an authoritative restore.
Note that you can't perform an authoritative restore using a copy of Active Directory data that is older than your tombstone period. See http://support.microsoft.com/kb/216993 for more information.

Last update : 20-11-2007 14:32
Favoured Send to friend

Users' Comments  RSS feed comment
 

Average user rating

  

No comment posted

Add your comment



mXcomment 1.0.7 © 2007-2008 - visualclinic.fr
License Creative Commons - Some rights reserved
< Prev   Next >
Do you backup Microsoft SQL Server?
 

Search this site


Login Form






Lost Password?
No account yet? Register
BackupExecFAQ.com is in no way affiliated with Symantec Corporation (Symantec) or Symantec Backup Exec. This is an independent site to provide information and is wholly responsible for its content. Symantec, Veritas and Backup Exec are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
Backup Exec FAQ © 2007, 2008