Read it & follow the snaps carefully before restoration .

- Performing an Authoritative Restore of Active Directory Objects

AskDS - Best practices around Active Directory Authoritative Restores in Windows Server 2003 and 2008 


Installed WBADMIN from feathers & taking Backup Using WBADMIN.

Click Add Items

Select System state


(Here non auth restoration needed to be done by DSRM mode)
DSRM : bcdedit /set safeboot dsrepair
Normal : bcdedit /deletevalue safeboot

a)Getting the backup version using the "wbadmin get versions" (If we have multiple backups in same location)

b) Restroing the backup using "wbadmin start systemstaterecovery".

Press Y for reboot & will do auth restore for an user account - DSRM Mode.

Press Enter !

Click Yes !

Activate Instance "NTDS"
authoritative restore
restore object <"DN">

AD DS Backup and Restoration

Known Issues for AD DS Backup and Recovery

AD DS Backup and Recovery Step-by-Step Guide

Windows Server 2012: Planning for Active Directory Forest Recovery


How to check Active directory recycle bin enabled or not ?

Get-ADOptionalFeature -F 'name -like "Recycle Bin Feature"' | Select-Object EnabledScopes
Active directory recycle bin is disabled ,If above command output is empty.

How to restore the ActiveDirectory Objects

See the Tombstone

Get-ADObject -Filter {LastKnownparent -eq "OU=ADFS,DC=Contoso,DC=COM"} -IncludeDeletedObjects

Restore the Object

Get-ADObject -Filter {LastKnownparent -eq "OU=ADFS,DC=Contoso,DC=COM"} -IncludeDeletedObjects | Restore-ADObject -NewName bshwjt

See the deleted Objects From Active Directory Recycle BIN

##Prerequsites : 1. WIndows 2008 R2 DFL 2) Active Directory Recycle Bin
Get-ADObject –SearchBase “CN=Deleted Objects,DC=Contoso,DC=Com” –ldapFilter “(objectClass=*)” -includeDeletedObjects | FL *


Attributes Backup

How to manage our environment AD restoration without any downtime of any DC.

Best Practice:

1.   Take valid group membership back daily basis(with script).
2.   Take all attributes backup daily(with script)..
3.   Use ADRESTORE.NET(free systeminternal tool) for restoring the deleted object.


Restore the Group membership from backup and compare the attr value.
Schedule the backup  off-business hrs.

Dsquery for all users & all attributes backup - Domain 

Dsquery * -limit 0 -filter "&(objectClass=User)(objectCategory=Person)" -attr * >> Domain_all_users_attrs.txt

How to Export the Deleted Objects using LDIFDE

Ldifde –x –d “CN=Deleted Objects,DC=Contoso,DC=com” –f Del_obj.ldf && notepad Del_obj.ldf

Also See some proactive Steps Using Powershell

Active Directory Objects Restoration


Note: Disclaimer: This posting is provided & with no warranties or guarantees and confers no rights.