Q. I need to perform an AD database restore. Can I just stop the Active Directory service (NTDS) on my Windows Server 2008 or later domain controller (DC), perform the restore, then start the service again?

A. No. Server 2008 has an Active Directory (AD) service that you can restore, it's only usable for certain scenarios. If you need to restore an AD database, you need to boot the DC into Directory Services Restore Mode (DSRM), restore the backup, mark the objects you want to keep as authoritative, and boot back into normal mode.

The AD service's ability to restart can be used is if you have a DC that still has an object that has been changed or deleted (perhaps you have a lag configured for the DC's site). You could stop NTDS, mark objects as authoritative, then restart NTDS. No reboot is required.

Related Reading:

Check out hundreds more useful Q&As like this in John Savill's FAQ for Windows. Also, watch instructional videos made by John at ITTV.net.
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.