Windows Directory Services Restore Mode Operations - x360Recover

Written By Tami Sutcliffe (Super Administrator)

Updated at August 17th, 2021

The procedures in this article provide step-by-step instructions on how to recover Active Directory objects to a previous point in time. Simply restoring a Domain Controller to an earlier point in time is insufficient in itself, since the directory is replicated to multiple Domain Controllers and time-stamped with a serial number to identify the latest version. After recovering a Domain Controller from backup, perform the following steps to flag the recovered version of Active Directory as the authoritative version.

1. On the first boot after recovering the domain controller, select <F8> and then choose Directory Services Restore Mode from the boot menu. You will need the original Directory Services Restore Mode Administrator password created when this server was promoted to a domain controller. If the customer does not have this password, contact Microsoft for support.

Important

If you allow this domain controller to boot normally before performing the following actions, Active Directory will be overwritten by replication from other Domain Controllers, and you will have to perform the server recovery again to gain access to the historical directory data.

2. Log in as Administrator and open an elevated command prompt.

Important

Please verify that time, time zone, and date are correct on the server before proceeding. Incorrect time settings can cause USN Rollback corruption of the Active Directory being recovered.

3. Open a Command Prompt and perform the following steps:

    • First, connect to the Active Directory Database in Restore Mode, run:
      • Ntdsutil
      • activate instance ntds
      • authoritative restore

    • To restore the entire Directory run:
      • restore database

    • To restore a particular Directory tree or Organizational Unit run:
      • restore subtree <Distinguished Name>
        For example: restore subtree dc=nwtraders,dc=com,ou=boston
      • To restore a specific Directory Object or User run:
        • restore object <Distinguished Name>
          For example: restore object dc=nwtraders,dc=com,ou=boston,cn=bsmith
      • Repeat to restore additional subtrees or objects.

4. When you have recovered the objects or directory trees you wish to restore, type quit and then press Enter in the NTDSUTIL console. 

5. Repeat until back at the command prompt. 

6. Reboot the server into normal mode.

7. Complete any remaining recovery steps, like changing drive letters, assigning correct IP addresses, hardware detection and driver discovery, and so forth.

8. Use Active Directory Sites and Services to force replication with all Domain Controllers and verify that your changes have been successfully applied.