Windows How To DoYour Windows Knowledge Base

I got situation when administrator deleted OU named “Secred” by mistake. Location of this OU was OU=Secret,OU=PrivUsers,DC=mydomain,DC=com.

To restore it first of all we need to perform non-authoritative restore. To perform it boot your Windows server 2003 into Directory Services Restore Mode (F8 when booting server) and restore latest system state backup with OU secret in place.

Note, if you dont know DSRM password, check this article how to reset it.

After system state restore dont reboot server.

It is time to start authoritative restore. To do that open command line and type:

ntdsutil and press Enter
authoritative restore and press Enter
restore subtree “OU=Secret,OU=PrivUsers,DC=mydomain,DC=com” and press Enter

Confirm that authoritative restore should increase  version numbers when prompted and exit ntdsutil by typing quit two times. After that reboot server into normal mode.

If you think that your active directory can be corrupted you should perform integrity check. To do that you must boot your Windows server 2003 into Directory Services Restore Mode. How to do that you can can check in article named “Windows server 2003 – How to access Active Directory services restore mode remotely”. After login open command line ant type:

Ntdsutil and press Enter
Files and press Enter
Integrity and press Enter

I think all you know that in order to access active directory services restore mode you must press F8 when booting your server and then select Directory Services restore mode from boot options menu. But how to do that if your server is at remote location and you can reach it only via Remote Dektop connection (Start>Run mstsc /console). Nope, no ILO too…

There is a way! Connect to that Windows server 2003 via rdp and open boot.ini file in notepad. Then add following text to the end of the boot.ini file:

/SAFEBOOT:DSREPAIR

Save boot.ini file and reboot server. After reboot connect with RDC (Start>Run mstsc /console) and login using Local Administrators account.

After you will finish your work with server in Directory Services Restore Mode dont forget to delete that extra line you added to boot.ini.