Authoritative restore is a method to recover objects and containers that have been deleted for AD DS. An authoritative restore marks specific data as current and prevents the replication from overwriting that data. The authoritative data is then replicated throughout the domain.

The basic process for performing an authoritative restore of AD DS is the same as a Non-authoritative restore except for one step. After the restore of AD DS is complete in DSRM and then, before restarting, you manually run NTDSUTIL, and the mark the object that you want to restore as AUTHORITATIVE. This command increases the Update Sequence Number (USN) version of all attributes of the selected by 100,000 (per day passed since the backup was taken). Once restored, these changes have a much higher version than the production ones, which replicates to other DCs, overwriting all other domain controllers in the network to match the restored DC.


In this article, you will now “accidentally” delete user “Prabir Singh” and an “IT” OU, and then restore it using Windows Server Backup (Wbadmin.exe) and NTDSUTIL to perform an authoritative restore of deleted AD DS objects. For the Windows Server Backup, please check my previous article on “How to Backup AD DS Database in Windows Server 2012 R2”.

Deleting the user and an OU, perform the following steps:

1. Open Active Directory User and Computers, Expand required OU, deleted the user and an IT OU as shown in figure.


CDR report not working !

incrediblepbx*CLI> cdr show status

Call Detail Record (CDR) settings
  Logging:  Enabled
  Mode:  Simple
  Log unanswered calls:  No
  Log congestion:  No

* Registered Backends
incrediblepbx*CLI> module show like mysql
Module  Description  Use Count
0 modules loaded
incrediblepbx*CLI> module load

module show like mysql Module Description Use Count CBMysql conference scheduling 0 MySQL RealTime Configuration Driver 0 Simple Mysql Interface 0 MySQL CDR Backend 0




1)      Launch regedit.

2)      Navigate to HKLM\Software\Microsoft\ADFS\ProxyConfigurationStatus.

3)      Change ProxyConfigurationStatus from “2” (configured) to “1” (not configured).

4)      Launch the Remote Access Manager snap-in.

5)      Select Web Application Proxy.

6)      Select Run the Web Application Proxy Configuration Wizard.

7)      During the wizard it will prompt to select a certificate. Select the certificate you were using before. Enter in some Domain Admin credentials (I don't think they're saved? Just used to authenticate?). Finish the config wizard.

9)      Web Application Proxy now work again.


Страница 1 от 2


Recent Posts