JSI Tip 7643. After performing an authoritative restore of Active Directory, some attributes come back?

A System State backup of Active Directory only backs up attributes that are set.

When you restore, it replaces objects in the local Active Directory. The authoritative restore then increases the version number of each attribute on the backup set, so they are higher than on the other domain controllers. When replication occurs, these restored attributes will replace those on the the other domain controllers.

The authoritative restore leaves the attributes that were not on the data set empty, without metadata, so their version is NOT increased. When replication occurs, these attributes will be replaced with the value replicated from the replication partner.

If you created new objects in the Active Directory, and then restored prior to their creation, they will be recreated from the replication partner at the next replication cycle. An authoritative restore does NOT generate a deletion order.

Back can recover from attribute replacement or object deletion, but can't handle new objects or added attributes.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.