ntdsutil: how to restore user account


  • I have been given the assignment of restoring a deleted user account that was created in Active Directory. The user account is named Alice, and it part of the WidgetSales Organisational Unit. It's user logon name is Alice @410Server2012.local. I am using Windows Server 2012 R2. I did a successful backup of the server with "wbadmin start systemstatebackup -backuptarget:e: ('e' is the drive letter of my virtual backup drive). It backed up the system state from volumes System Reversed (350.00 MB) and (C:). It found 94483 files. The backup operation successfully completed.

    I soon after deleted the user named 'Alice' from Active Directory Users and Computers. I restated my server virtual machine and pressed the F8 key to launch the 'Advanced Boot Options' screen. I selected 'Directory Services Repair Mode'. When I was presented with the login screen, I entered the username as Administrator (to log in with the local administrator account). In the password field I entered the DSRM password which I set when I installed and configure Active Directory Domain services. Once I was logged into my server (in DSRM mode) and closed the Server Manager window, and opened a command prompt window.

    As a wanted to restore a specific Active Directory object I used the "ntdsutil" command, which in my case, is the user 'Alice'.
    I typed the following commands:
    - ntdsutil
    - activate instance ntds
    - restore object "cn=Alice,ou=WidgetSales,dc=410Server2012,dc=local"
    - then pressed the Enter key on the keyboard

    It launched the Authoritative Restore Confirmation Dialog box asking the me if I would like to perform this Authoritative Restore. I click 'Yes'.

    The command prompt windows outputs the following text:

    Opening DIT database... Done.
    The current time is 05-31-18 13:58.44
    Most recent database update occurred at 05-31-18 12:00.25.
    Increasing attribute version numbers by 100000.

    Counting records that need adjusting...
    Records found: 0000000000
    Could not find the object with the given DN: failed on component "cn=Alice".

    Authoritative Restore failed.

    Error parsing Input - Invalid Syntax.


    I would like to know what I am doing wrong here and what can I do to restore 'Alice' to my Active Directory Users and Computers service.

    Thursday, May 31, 2018 7:17 AM

All replies