4 restoring accidentally deleted information, 5 avoiding a usn rollback, P. 210) – Acronis Backup for Windows Server - User Guide User Manual

210

Copyright © Acronis International GmbH, 2002-2014

d. On the General tab, click Start. After the service starts, click OK.

Details. This change is needed because the Acronis agent service on a domain controller runs
under a domain user account, but domain user accounts are unavailable in Directory Services
Restore Mode.

5. Start Acronis Backup and recover the database files from the backup. If necessary, also recover

the SYSVOL folder.
Details. For paths to these files and folders, see "Active Directory backup" (p. 202). The recovery
procedure is similar to the one described in "Recovering Exchange Server database files (p. 206).

6. If the domain has other domain controllers, ensure that a USN rollback problem will not occur (p.

210).

7. Restart the domain controller in normal mode. Ensure that the Active Directory service has

started successfully.

8. Change the account for the Acronis agent service back to the original one, as described in step 4.

11.4.4 Restoring accidentally deleted information

If the domain has other domain controllers, you can use the Ntdsutil tool to perform an
authoritative restore of certain entries only. For example, you can restore an unintentionally deleted
user account or computer account.

To restore accidentally deleted information

1. Perform steps 1–5 from "Restoring the Active Directory database" (p. 209) to restart the domain

controller into Directory Services Restore Mode (DSRM) and to restore the Active Directory
database.

2. Without exiting DSRM, run the following command:

Ntdsutil

3. At the tool's command prompt, run the following commands:

activate instance ntds
authoritative restore

4. At the tool's command prompt, run the restore subtree or restore object command with

the necessary parameters.
For example, the following command restores the Manager user account in the Finance
organizational unit of the example.com domain:

restore object cn=Manager,ou=Finance,dc=example,dc=com

For more information about using the Ntdsutil tool, refer to its documentation.
Details. Other objects will be replicated from other domain controllers when you restart the
domain controller. This way, you will restore the unintentionally deleted objects and keep the
other objects up-to-date.

5. Restart the domain controller in normal mode. Ensure that the Active Directory service has

started successfully and that the restored objects have become available.

6. Change the account for the Acronis agent service back to the original one, as described in step 4

from "Restoring the Active Directory database" (p. 209).

11.4.5 Avoiding a USN rollback

If the domain has two or more domain controllers and you need to recover one of the controllers or
its database, consider taking action against a USN rollback.