Written by Liju Varghese, Premier Field Engineer.
On a domain controller running Windows Server 2008 R2, when performing a system state restore in Directory Services Restore Mode using Windows Server Backup, at the Select Location for System State Recovery step you have to decide whether or not to select the following option:
Perform an authoritative restore of Active Directory files.
This recovery option will reset all replicated content on this Domain Controller including SYSVOL. Other replicated folders on this server will also be affected by this recovery
A similar warning comes up when running the command WBAdmin Start SystemStateRecovery with the –authsysvol switch:
Note: The recovery operation will cause all replicated content on the local computer to resynchronize after recovery. This may cause potential latency or outage issues.
The recovery operation will reset all replicated content on this domain controller, including SYSVOL. If you have other replicated folders on this server and do not want them to be affected by the recovery, cancel this operation now.
Checking the box, just like the –authsysvol switch, only marks the contents of the SYSVOL folder authoritative and not objects within the active directory database, and is functionally equivalent to the When restoring replicated data sets, mark the restored data as the primary data for all replicas option in NTBackup.
To mark an Active Directory object authoritative you will still need to run NTDSUtil with the restore subtree subcommand. See Mark an Object or Objects as Authoritative and Performing Authoritative Restore of Active Directory Objects for more information.