Tips to Restore Deleted Objects Using Active Directory

By CIOReview | Friday, August 5, 2016

The word ‘delete’ is a powerful term that solely denotes the removal of unwanted files. The same term at large can even eliminate the critical information within the system. Deliberately deleting files that are of no longer use may not create issues in the future; however inadvertently deleting files can further increase the chances of loosing crucial information from the system. Applications can crash, disks may fail, and users can even make mistakes that might lead to compromising of data; raising data security issues. In order to retain the files from being deleted or removed, a robust active directory restore is a worthwhile.

Active Directory restore provides a backup by incorporating into the operations schedule for a set of domain controllers on which the users perform backup operations. Only performed when indicated by a failure, the Active Directory restore comprises of two techniques denominated non-authoritative and authoritative.

Non-Authoritative Model of Restoring

A non-authoritative restore enables seamless restoring of Active Directory Domain Services (AD DS) within a system. It further processes the normal replication to overwrite the state with altered backup changes by returning the domain controller to its state at the time of backup. After restoration of AD DS from the backup; the replication partners are further queried by the domain controller. The standard replication protocols are used by replication partners to update AD DS and additional information including shared folders.

The non-authoritative restores the directory service without reintroducing or changing objects since the last backup. It further reinstates a domain controller immediately after a catastrophe. However, the problems of data corruption cannot be handled using non-authoritative as it deals only with issues concerning to AD DS.

Authoritative Model of Restoring

The authoritative restore processes the restored data over other domain controllers. It allows user to perform an authoritative restore immediately if the organizational unit is advertently deleted. It involves an indirect non-authoritative restore from the backup, later followed by the authoritative restore of the deleted objects. Performing a non-authoritative restore from backup updates the domain controller wherein declining the restoration of the deleted organizational unit. In order to recover the operational unit, performing authoritative restore procedure can help in reducing the chances of replication to occur. The authoritative restore also overwrites the current version of objects in the Active Directory with the restored version.

The process also works irrespective of the how the user creates the backup or where the data is restored. The restored Active Directory objects are allotted with a new version number and are automated, affecting all the domain controllers in the domain.

Executing Authoritative Mode of Restoration

The restoration in the authoritative process is performed using a command line and also through leveraging domain directory partitions, application directory partitions and configuration directory partitions. The domain directory partition allows user to restore the objects on a domain controller. The application directory partition works by hosting the application directory that domain controller possess. Configuration directory works along by restoring objects on any domain controller.

Before the origination of the restore process, determining the object and the object’s location within the Active Directory play a pivotal role.  Ntdsutil can be used for the domain running on windows server to take a snap top of the complete directory database. The Active Directory database mounting tool such as Dsamain.exe can be used in mounting the database snapshots and is further viewed using Active Directory users. In addition, the database mounting tool compares data using snapshots and backups taken at different intervals thus improving recovery process.

Executing a Non-Authoritative Restoration

The non-authoritative restore can be performed from backup on a Windows Server 2008 domain controller. The AD DS service running on domain controls including windows server 2008 can be stopped and restarted anytime by starting the services in the Directory Services Restore Mode (DRSM).

The non-authoritative restore solely depends on robust backup including system state backup, critical-volume backup, and full server backup. The system state back up helps in restoring AD DS by using (wbadmin start systemstaterecovery) command prompt. Critical- volumes backup holds well for reinstalling the operating system. The backup also holds data on volumes that contains registry files, boot files and Active Directory files. The full service backup is used as an alternative to critical-volume backup. It also carries the same functioning of volume backup; to roll back all the data in all volumes. The seamless way to complete non-authoritative restore is to stop the Active Directory Domain Service.

To Wrap it Up:

The Active Directory techniques should be strictly followed in order to successfully restore deleted objects containing pivotal information. Following a strict disaster recovery plan can indeed help in preventing loss of inadvertent information. Additionally, user should restart the Active Directory Domain Service immediately after the steps are being incorporated. The following command (Net Start NTDS) should be entered to in order to successfully recover deleted files.