JSI Tip 9038. If your distinguished name path contains extended characters, using Ntdsutil.exe to perform an authoritative restore, from the command-line, fails?

NOTE: The behavior described in this tip only happens when you use the ntdsutil.exe command line. If you automate Ntdsutil.exe using a batch file, the problem will not happen because a Unicode-aware parser is used.

If you type a distinguished name path that contains one or more extended characters, the restore will fail because Ntdsutil.exe cannot locate the path in Active Directory.

To workaround this behavior, you must encapsulate the distinguished name path that contains extended characters, and spaces, with the backslash-double-quotation-mark (\") escape sequences.

Instead of typing:

ntdsutil.exe: authoritative restore
authoritative restore: restore object OU=testname,DC=domain,DC=com

where the distinguished name actually contains an extended character, like ü, type:

ntdsutil "aut res" "res obj \"OU=testname,DC=domain,DC=com\"" "q" "q"

Even if you properly escape the distinguished name, Ntdsutil.exe echoes different characters in the distinguished name path in the message that it displays. The ü character might be displayed as the é character.

NOTE: In Windows 2000, the restore object command does NOT exist. To restore both the container and leaf objects, use the restore subtree command.

NOTE: See Diacritical marks described and explained.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.