The Active Directory database can be restored via System State Restore of on a server with the Windows Active Directory Domain Controller role allows restoration of the Active Directory Database. However, it this process requires special procedures which are different from a standard System State restore.
Active Directory restore can not be performed if the backup archive is is older than the tombstone lifetime set in Active Directory. This is a Microsoft limitation. See the following article for more information: Useful shelf life of a system-state backup of Active Directory
Restoration can begin once the server is requirements are met. As shown above, the server must be in DSRM mode and the services reconfigured.
The restoration process, shown below, depends on where your backups are stored.
- Ensure that the local administrator user account on the domain controller can access the network device using the dsrm-password password.
- Map the share using “different credentials”different credentials.
- Test and ensure correct security permissions to the network share before the restore begins.
- If you are not able to access the network share in DSRM mode, reboot to normal mode and copy the backup data from the network share to the local drive.
- Then use the "Restore Catalog from Local Directory" option in ZCB (Tools menu > Restore Catalog) to restore the backup set.
Authoritative restore is a process of marking AD objects in the restored database as the authority for other domain controllers. After an authoritative restore, the synchronization process will propagate the changes to other domain controllers.