Windows2000 in the course of use, we will encounter ad due to accidental damage, then we use what method to restore it? Here we'll discuss Active Directory repair and recovery.
First, use Ntdsutil to repair active Directory
Depending on the system's error message, the system log, or the application's error, you suspect that the reason for the error is active Directory on the domain controller, which may be the first thought of using Ntdsutil to fix it. I suggest, however, that he should be the last and most useful option. If you have a system backup, it is best to use Backup to restore the system, you should always use Backup recovery as your preferred option.
Using the Repair feature on the directory services database does not always achieve the expected results. For example, if a real database file is corrupted, there is no way to recover all objects and their properties even with Ntdsutil. In fact, using the repair tool in some cases results in more data loss, so be careful to isolate the service from the network before attempting to use the repair tool to avoid affecting Active Directory replication for other domain controllers. Connect to the network after you confirm that the restored server is OK.
Use Ntdsutil to repair the ad database.
(1) Open the command Line Prompt window and enter the following command: Ntdsutil
(2) After the appearance of Ntdsutil, enter the following command: Repair
Ii. Recovery of Active Directory
When all else fails, you may find it most effective to recover a Win2000 DC (domain controller) from a backup of AD. Although it is not difficult to restore Active Directory from one backup to a domain controller, you need to think carefully about your network system and logic before you make any recovery. You should consider the following questions:
Whether the local active Directory database is corrupted and other replicated domain controllers are damaged.
A domain controller recovers from your backup and whether you want to overwrite the Active Directory database information for other domain controllers. If you want to overwrite, the previously modified information will be lost (for example, modified accounts and properties, etc.).
Or the Active Directory you're about to fix, to copy the original information (such as accounts and attributes, and so on) from other domain controllers.
Because the problem is choosing which recovery mode to use. There are two types of Active directory recovery models: Non-authorization (No authoritative) and authorization (authoritative).
Non-authorization (No authoritative) mode: Most recovery operations are in this mode. To restore this domain controller for Active Directory to replicate information from other domain controllers, it relies on a parameter called version number (USN). Active directory in the same domain, is through this parameter to update the replication, whose version number is high, to find who to copy.
Authorization (authoritative) mode: When other domain controllers contain invalid information, or if we have specific requirements for replication with a certain domain controller, the licensing recovery replication mode can be used at this time. In this case, you can manually specify the database of the entire Active Directory that you want to restore. Specifies that the locally restored database is authoritative (that is, when replicating with other domain controllers, the version number of the local recovery is the same). The version number of Active Directory is modified so that his version number is higher than the version number of the Active Directory database for the other domain controllers, thereby replicating the contents of the local database primarily.
If you are using the Windows 2000 Backup tool (Ntbackup.exe), you must have the following characteristics to successfully restore the system state (including active Directory):
The server must have the same name.
The drive that contains the "%systemroot%" folder must have the same characters as the drive characters for the backup server.
The directory for the "%systemroot%" folder must be the same directory as the backup server. (for example, under the "C:winnt" directory).