Restoration

There are two types of restoration: 
1)Non-authoritative restore
2)Authoritative restore

Restoration of system state data can be done either authoritative or non authoritative
Non-authoritative restore is a normal restore useful when we have only one DC in the network. It does not increment the USN values of the objects after restoration. It uses older USN values only.

1. Authoritative restore: 

This is useful when we want to restore a specific object or specific object by incrementing the USN value.
Useful when we have multiple DCs in the N/W.
i.e. one Dc and multiple ADCsUSN Numbers: (Update Sequence Number): 

It is a number assigned to the object and gets modify according to the changes made on the object.Checking USN values: 

Open ADUCclick on view
Advance features
Go to user properties
Object

When we want to perform authoritative restore, we have to restart the system in directory services restore mode (DSRM) by pressing F8. While booting and selecting DSRM.
Going to backup utility we can restore system state data on completion of the restoration system prompt us to restart the system. “DO NOT RESTART THE SYSTEM”
If we are not restarting it becomes authoritative restoring, if we are restarting it becomes non-authoritative restore.

Tombstone: 

It is an object deleted from AD but not removed. It remains in the AD for 90 days.

Practice: 

On DC
Open ADUC
Create OU & users
Back up SSDcheck the USN values of user
Delete the user1
Restart the system in DSRM mode
By pressing F8
Open backup utility
Restore SSD
Do not restart
Start> run >ntdsutil
Authoritative restore
Restore subtree cn=u1,ou=India,dc=zoom,dc=com
Yes (or)
Restore database
Q
Q
Exit