Operation Manual
304 Copyright © Acronis International GmbH, 2002-2015
11.4.4 Restoring accidentally deleted information
If the domain has other domain controllers, you can use the Ntdsutil tool to perform an
authoritative restore of certain entries only. For example, you can restore an unintentionally deleted
user account or computer account.
To restore accidentally deleted information
1. Perform steps 1–5 from "Restoring the Active Directory database" (p. 303) to restart the domain
controller into Directory Services Restore Mode (DSRM) and to restore the Active Directory
database.
2. Without exiting DSRM, run the following command:
Ntdsutil
3. At the tool's command prompt, run the following commands:
activate instance ntds
authoritative restore
4. At the tool's command prompt, run the restore subtree or restore object command with
the necessary parameters.
For example, the following command restores the Manager user account in the Finance
organizational unit of the example.com domain:
restore object cn=Manager,ou=Finance,dc=example,dc=com
For more information about using the Ntdsutil tool, refer to its documentation.
Details. Other objects will be replicated from other domain controllers when you restart the
domain controller. This way, you will restore the unintentionally deleted objects and keep the
other objects up-to-date.
5. Restart the domain controller in normal mode. Ensure that the Active Directory service has
started successfully and that the restored objects have become available.
6. Change the account for the Acronis agent service back to the original one, as described in step 4
from "Restoring the Active Directory database" (p. 303).
11.4.5 Avoiding a USN rollback
If the domain has two or more domain controllers and you need to recover one of the controllers or
its database, consider taking action against a USN rollback.
A USN rollback is unlikely to occur when you recover an entire domain controller from a VSS-based
disk-level backup.
A USN rollback is highly probable if any of the following is true:
A domain controller was recovered partially: not all disks or volumes were recovered or only the
Active Directory database was recovered.
A domain controller was recovered from a backup created without VSS. For example, the backup
was created by using bootable media or the Use VSS option (p. 129) was disabled or the VSS
provider malfunctioned.
The following information will help you avoid a USN rollback by taking a few simple steps.
Replication and USNs
Active Directory data is constantly replicated between the domain controllers. At any given moment,
the same Active Directory object may have a newer version on one domain controller and an older