Restoring accidentally deleted information

If the domain has other domain controllers, you can use the Ntdsutil tool to perform an authoritative restore of certain entries only. For example, you can restore an unintentionally deleted user account or computer account.

To restore accidentally deleted information

1. Perform steps 1–5 from "Restoring the Active Directory database" to restart the domain controller into Directory Services Restore Mode (DSRM) and to restore the Active Directory database.
2. Without exiting DSRM, run the following command:

   Ntdsutil

3. At the tool's command prompt, run the following commands:

   activate instance ntds
   authoritative restore

4. At the tool's command prompt, run the restore subtree or restore object command with the necessary parameters.

   For example, the following command restores the Manager user account in the Finance organizational unit of the example.com domain:

   restore object cn=Manager,ou=Finance,dc=example,dc=com

   For more information about using the Ntdsutil tool, refer to its documentation.

   Details. Other objects will be replicated from other domain controllers when you restart the domain controller. This way, you will restore the unintentionally deleted objects and keep the other objects up-to-date.

5. Restart the domain controller in normal mode. Make sure that the Active Directory service has started successfully and that the restored objects have become available.