Ntdsutil in Windows Server 2003 Service Pack 1 (SP1) provides new functionality for performing authoritative restore of objects that have back-links.
The output of the authoritative restore procedure includes the name of an LDAP Data Interchange Format (LDIF) (.ldf) file that contains the forward-links that are required so that the group memberships (back-links) of any restored user, group, or computer objects can be recovered. For each object or subtree that you restore, you must run the LDIF file on a domain controller in each domain that might have group objects that are required to recover back-links on the restored objects.
.gif) Note |
|
This procedure is critical for recovering group memberships for deleted users, groups, or computers, but it applies to any restored objects that have back-link attributes. |
Administrative credentials
To perform this procedure, you must be a member of the Domain Admins group in the domain of the domain controller on which you run the command.
To run an LDIF file to recover back-links following authoritative restore
-
Open a command prompt and change directories, if necessary, to the directory of the .ldf file and its respective log files.
-
At the command prompt, type the following command, and then press ENTER:
ldifde -i -k -f
FileName
-
FileName
-
The name of the .ldf file that you want to run, for example, ar_20050609-174604_links_corp.contoso.com.ldf
See Also