CautionIn Backup, distributed services such as the Active Directory directory service are contained in a collection known as the System State data. When you back up the System State data on a domain controller, you are backing up all Active Directory data that exists on that server (along with other system components such as the SYSVOL directory and the registry). In order to restore these distributed services to that server, you must restore the System State data. However, if you have more than one domain controller in your organization, and your Active Directory is replicated to any of these other servers, you will need to perform what is called an authoritative restore in order to ensure that your restored data gets replicated to all of your servers.
During a normal restore operation, Backup operates in nonauthoritative restore mode. That is, any data that you restore, including Active Directory objects, will have their original update sequence number. The Active Directory replication system uses this number to detect and propagate Active Directory changes among the servers in your organization. Because of this, any data that is restored nonauthoritatively will appear to the Active Directory replication system as though it is old, which means the data will never get replicated to your other servers. Instead, the Active Directory replication system will actually update the restored data with newer data from your other servers. Authoritative restore solves this problem.
To authoritatively restore Active Directory data, you need to run the Ntdsutil utility after you have restored the System State data but before you restart the server. The Ntdsutil utility lets you mark Active Directory objects for authoritative restore. When an object is marked for authoritative restore its update sequence number is changed so that it is higher than any other update sequence number in the Active Directory replication system. This will ensure that any replicated or distributed data that you restore is properly replicated or distributed throughout your organization.
For example, if you inadvertently delete or modify objects stored in the Active Directory directory service, and those objects are replicated or distributed to other servers, you will need to authoritatively restore those objects so they are replicated or distributed to the other servers. If you do not authoritatively restore the objects, they will never get replicated or distributed to your other servers because they will appear to be older than the objects currently on your other servers. Using the Ntdsutil utility to mark objects for authoritative restore ensures that the data you want to restore gets replicated or distributed throughout your organization. On the other hand, if your system disk has failed or the Active Directory database is corrupted, then you can simply restore the data nonauthoritatively without using the Ntdsutil utility.
The Ntdsutil command line utility can be run from the command prompt. Help for the Ntdsutil utility can also be found at the command prompt by typing ntdsutil /?.
Caution
Note
Restore files from a file or a tape