Authoritative vs. Non-Authoritative Restoration of Active Directory
It is the absolute worst case scenario possible; your domain controller has crashed. So what type of restore do you do?
It is any network administrator’s worst nightmare; your domain controller has crashed. So where do you go from here? Well, hopefully you have been doing your backups properly. If that is the case you shouldn’t have too much to worry about. However, during the restoration process you have to make the decision on whether to do an authoritative or non-authoritative restoration. The clock is ticking, which one do you choose?
Used most commonly in cases when a DC because of a hardware or software related reasons, this is the default directory services restore mode selection. In this mode, the operating system restores the domain controller’s contents from the backup. After this, the domain controller then through replication receives all directory changes that have been made since the backup from the other domain controllers in the network.
An authoritative restore is most commonly used in cases in which a change was made within the directory that must be reversed, such as deleting an organization unit by mistake. This process restores the DC from the backup and then replicates to and overwrites all other domain controllers in the network to match the restored DC. The especially valuable thing about this is that you can choose to only make certain objects within the directory authoritative. For example, if you delete an OU by mistake you can choose to make it authoritative. This will replicate the deleted OU back to all of the other DC’s in the network and then use all of the other information from these other DC’s to update the newly restored server back up to date.