Friday, May 15, 2020

Windows Server - Authoritative and NonAuthoritative Restore

What is a nonauthoritative restore?

When a domain controller or its directory is corrupted, damaged, or has failed, you have several options with which to restore the system. We will cover two options, the first option is a normal restore, called a nonauthoritative restore.
Visual representation of the nonauthoritative process and described in the following text.
Nonauthoritative restore steps
  1. In a nonauthoritative restore you simply restore a System State backup from a known good date. For example, suppose the domain controller crashed on Thursday, and you were making System State backups of each domain controller every night. You would then restore the system state from Wednesday night. Effectively, you roll the domain controller back in time.
  2. When AD DS restarts on the domain controller, the domain controller contacts its replication partners and requests all subsequent updates. Effectively, the domain controller catches up with the rest of the domain by using standard replication mechanisms.
Many administrators prefer to just demote/promote instead of performing restores. But there are a couple of cases where nonauthoritative restores can come in handy.

  • When you have a large AD DS database and you are restoring a domain controller at a remote site (so you don’t want to transfer a large AD DS database over the WAN due to congestion or lack of bandwidth).
  • When you have other software and configurations on the server (so you can save time by not having to restore those items).

What is an authoritative restore?

A nonauthoritative restore is useful when the directory on a domain controller has been damaged or corrupted, but the problem has not spread to other domain controllers. What about a situation in which damage has been done, and the damage has been replicated? For example, what if you delete one or more objects, and that deletion has replicated? In such situations, a non-authoritative restore is not sufficient. If you restore a known good version of AD DS and restart the domain controller, the deletion that happened subsequent to the backup will simply replicate back to the domain controller.
When a known good copy of AD DS has been restored that contains objects that must override the existing state of objects in the AD DS database, anauthoritative restore is necessary.
Visual representation of the authoritative restore steps described in the content text.

Authoritative restore steps

  1. In an authoritative restore, you restore the known good version of AD DS, just as you would in a nonauthoritative restore.
  2. However, before restarting the domain controller, you mark the objects that you wish to retain as authoritative so that they will replicate from the restored domain controller to its replication partners. When you mark objects as authoritative, Windows increments the version number of all object attributes to be so high that the version is virtually guaranteed to be higher than the version number on all other domain controllers.
  3. When the restored domain controller is restarted, it receives updates from its replication partners on all changes that have been made to the directory. It also notifies its partners that it has changes. The version numbers of the authoritatively restored objects ensure that partners take these changes and replicate them throughout the directory service.

Be sure to implement the Active Directory Recycle Bin. This will provide a simple alternative to restoring your server.

5 comments:

  1. Hello everyone..

    I'm selling fresh leads. Details in leads are:

    Full name
    SSN
    DOB
    Phone Numbers
    Address
    City
    State
    Zip
    Residential Status
    Account Number
    DL number
    Emails

    All leads are genuine, fresh & generated by spaming, I Will provide you samples for checking if u want.

    Dealing in almost all types of leads.

    SSN Leads
    Dead Fullz
    Premium Leads
    Mortgage Leads
    Bank Account Leads
    Employee Leads
    Business Leads
    Home Owners Leads
    DL Leads
    Emails Leads
    Phone Numbers Leads

    Each lead will b cost $1.

    Also cvv Fullz available track 1 & track 2 with pin.

    Interested person contact, scammers stay away, sampling is free of cost.

    email > leads.sellers1212@gmail.com
    Whatsapp > +923172721122
    Telegram > @leadsupplier
    ICQ > 752822040

    ReplyDelete
  2. **FULLZ AVAILABLE WITH HIGH CREDIT SCORES**
    (Spammed From Credit Bureau of USA)

    **TOOLS & TUTORIALS AVAILABLE FOR HACKING SPAMMING CARDING**

    =>Contact 24/7<=

    Telegram> @killhacks
    ICQ> 752822040
    Skype> Peeterhacks

    FRESHLY SPAMMED
    VALID INFO WITH VALID DL EXPIRIES

    *All info included*
    NAME+SSN+DOB+DL+DL-STATE+ADDRESS
    Employee & Bank details included

    CC & CVV'S ONLY USA AVAILABLE

    $1 for SSN+DOB
    $2 for SSN+DOB+DL
    $5 for High credit fullz 700+
    (bulk order negotiable)
    *Payment in all crypto currencies will be accepted

    ->You can buy few for testing
    ->Serious buyers contact me for long term business
    ->Genuine & Verified stuff

    PLEASE DON'T ASK ANYTHING FOR FREE

    TOOLS & TUTORIALS AVAILABLE FOR
    (Carding, spamming, hacking, scam page, Cash outs, dumps cash outs)

    Ethical Hacking Tools & Tutorials
    Kali linux
    Facebook & Google hacking
    SQL Injector
    Bitcoin flasher
    Viruses
    Keylogger & Keystroke Logger
    Premium Accounts (Netflix, coinbase, FedEx, Pornhub, etc)
    Paypal Logins
    Bulk SMS Sender
    Bitcoin Cracker
    SMTP Linux Root
    DUMPS with pins track 1 and 2 with & without pin
    Smtp's, Safe Socks, rdp's, VPN, Viruses
    Cpanel
    Php mailer
    Server I.P's & Proxies
    HQ Emails Combo

    *If you need a valid vendor I'm here for you, you'll never be disappointed*

    CONTACT 24/7
    Telegram> @killhacks
    ICQ> 752822040
    Skype> Peeterhacks

    ReplyDelete
  3. QUALITY SSN DOB DL HIGH CREDIT SCORES Leads
    CC with CVV Fullz (USA, UK, CANADA)
    Tutorials & E-Books For Ethical Hacking
    Tools For Everything You Need

    I'm On Telegram = @killhacks & I C Q = 752822040

    Stuff available for
    (Spamming, Carding, Ethical Hacking, LINUX, Programming, Scripting, etc. )

    Deals in all kind of Tools, Tutorials, E-books, Leads/Fullz/Pros
    Availability 24/7
    FASTEST DELIVERY

    Build Your Own Business with proper guide & Legit Tools
    Always glad to serve

    GOOD LUCK
    Here I'm:
    I C Q = 752822040
    Tele-gram = @killhacks

    ReplyDelete
  4. We are providing fresh databases for fullz & Tools
    All stuff will be fresh, Genuine, Legit & Guaranteed
    Our team is available for you 24/7
    If you need anything regarding
    Hacking|Carding|Fullz|Tools|tutorials|Ebooks
    Just let us know
    we'll fulfill your demand in mins
    Contact Here

    Whats-app +92.317. 272.1122
    T-ele-gram/I.C.Q @killhacks
    Wickr or Skype @peeterhacks
    Mail exploit dot tools4u at gmail dot-com

    SSN fullz with DL info
    USA Pros with good credit scores
    Dumps with Pins/CC with CVV's

    Hacking tools & Tutorials
    S-pamming complete stuff with all tools
    CArding Methods of cashouts, transfers, cloning
    Mailers & RDP's
    Many other tools We can provide on demand
    Let us know what you need !

    ReplyDelete