Due to the risk involved, The procedure must be done very carefully. It is good first to do some training on non operational domain .
To restore Active Directory DB from backup:
- Determine exactly the object name that needs to be restored (OU name).
- Reboot domain controller into authoritative restore mode.
- Restore the system state from last backup.
- Open a command window
- Run “ntdsutil”
- Type “authoritative restore”, press Enter
- To restore a subtree, type “restore subtree” and the entire object name of the subtree to be restored. For example, to restore the sub-OU “Test ou2″ located in the upper-level OU “Marketing”, use the following syntax, being careful to capitalize as necessary: Example “restore subtree OU= Test ou2,OU= Marketing,DC= your sub domain name ,DC=your domain name ,DC=com”
- Type “quit” to exit from authoritative restore mode
- Type “quit” to exit from ntdsutil
- Reboot into normal operating mode
Replicating Restored data to other Domain Controllers
So basically what we did , we loaded the appropriate subtree into the replication system.
and no we need to Replicate the AD as follows:
- Open the AD Sites & Services MMC
- Open a DC that is not the one that was just used to restore Active Directory Data
- Open NTDS Settings
- Right-click each of the other servers and click “Replicate Now”
Good luck
And remember if you have any way to avoid this procedure , please use the other way
Related Blogs
- Related Blogs on Active Directory
- History of Active Directory
- Whitepaper: VMware and VSS: Application Backup and Recovery
You may also like -
Add custom field to ADUC- Employee IDHow to add Employee ID to Active Directory Users and Computers1. Open ADSI Edit2. Expand the CN=Configuration node and go to CN=DisplaySpecifiers, CN=409. Select ... 
How to delete a protected OU in ADUC Windows 2008In Windows 2008 Active Directory Users and Computers Microsoft activated new feature "Protect Container from accidential deletion"During OU creation you have the ability to ... 
Disable File And Folder Sharing, via GPOTo disable the Security tab from Windows 2000/XP Professional-based workstations that are members of a Windows 2000/2003 domain: Start Active Directory Users and Computers.Right-click ... 
Exchange 2007 ADD Powershell CmdLetsAdd- AD Permission - Used to add permissions to an Active Directory directory service object. Add-AvailabilityAddressSpace – Used to define the access method and ... 
Thanks for the tip!
You can also restore active directory objects from backup with a tool called active administrator.
This way you even don’t need to reboot your domain controller into restore mode while keeping everything online.
You will be able to restore single objects, their passwords as well as security separately from objects.
Active administrator also inludes very powerful abilities for active directory auditing, active directory security and group policy management.