Maintaining the Active Directory Environment
BackBy — December 27, 2007
These questions are based on 70-648 – TS: Upgrading Your MCSA on Windows Server 2003 to Windows Server 2008, Technology Specialist.
Objective: Maintaining the Active Directory Environment
Sub-Objective: Configure backup and recovery
Single Answer, Multiple Choice
You are the systems administrator of Verigon Corporation. The company has a main office and 10 branch offices. Each office has its own Active Directory site in a single forest. A domain controller running Windows Server 2008 in each site contains user accounts in an Organizational Unit (OU) for that site.
An administrator from one of the branch offices reports that the OU containing the branch office user accounts has been accidentally deleted. You perform an authoritative restore of the OU. Next, you want to synchronize replication with all replication partners to ensure that the restored OU is replicated to all domain controllers in the forest.
Which command should you run?
- Run the Repadmin /syncall command with the /e parameter.
- Run the Repadmin /syncall command with the /d parameter.
- Run the Repadmin /syncall command with the /A parameter.
- Run the Repadmin /syncall command with the /P parameter.
Answer:
A. Run the Repadmin /syncall command with the /e parameter.
Tutorial:
You should run the Repadmin /syncall command with the /e parameter. An authoritative restore process returns a designated object or container of objects to its state at the time of the backup. When you restore a domain controller from backup, the normal or nonauthoritative restore process will not restore the deleted OU, because after the restore process, the restored domain controller is updated to the current status of its replication partners, which deleted the OU. Therefore, recovering the deleted OU requires an authoritative restore. An authoritative restore marks the OU as authoritative and causes the replication process to restore it to all domain controllers in the domain. To perform an authoritative restore of Active Directory Domain Services (AD DS), you must complete a nonauthoritative restore and ensure that replication does not occur after the nonauthoritative restore. To prevent the replication from occurring after the nonauthoritative restore, and to perform the authoritative restore portion of the operation, you must restart the domain controller in Directory Services Restore Mode or disconnect the network cable and perform the authoritative restore at the domain controller that you are restoring. After performing the authoritative restore of AD DS, you should start the domain controller normally and synchronize replication with all replication partners. To synchronize replication, run the Repadmin /syncall DCName command, where DCName is the Domain Name System (DNS) name of the domain controller on which you want to synchronize replication with all partners. The /e parameter ensures that replication partners in all sites are included in the replication synchronization.
You should not run the Repadmin /syncall command with the /d parameter. The /d parameter is used to identify servers by distinguished name in messages. Using the /d parameter in the Repadmin /syncall command will not ensure that the restored OU is replicated to all domain controllers in the forest.
You should not run the Repadmin /syncall command with the /A parameter. The /A parameter specifies that all directory partitions that are held on the home server should be synchronized. Using the /A parameter in the Repadmin /syncall command will not ensure that the restored OU is replicated to all domain controllers in the forest.
You should not run the Repadmin /syncall command with the /P parameter. The /P parameter is used to push changes outward from the home server. Using the /P parameter in the Repadmin /syncall command will not ensure that the restored OU is replicated to all domain controllers in the forest.
