What utility do you use to mark specific Active Directory objects as authoritative
Ntdsutil.exe
To mark specific Active Directory objects as authoritative, you can use the utility called Ntdsutil.exe. This utility is a command-line tool that is included with Windows Server and is specifically designed for managing Active Directory databases.
Here's how you can use Ntdsutil.exe to mark specific Active Directory objects as authoritative:
1. Open a Command Prompt with administrative privileges on the domain controller where the Active Directory objects are located.
2. Type "ntdsutil" and press Enter to launch the Ntdsutil.exe utility.
3. Once you are in the Ntdsutil prompt, type "activate instance ntds" and press Enter. This will activate the Active Directory instance in which you want to mark the objects as authoritative.
4. Next, type "authoritative restore" and press Enter. This command will initiate the authoritative restore process.
5. You will be prompted with the "authoritative restore:" prompt. Here, you can specify the object or objects that you want to mark as authoritative. You can use various LDAP filters or Distinguished Names (DNs) to specify the objects. For example, if you want to mark an entire OU (Organizational Unit) as authoritative, you can use a DN like "OU=Finance,DC=example,DC=com".
6. After specifying the object or objects, press Enter to execute the command.
7. Ntdsutil.exe will then perform the authoritative restore process on the specified objects, making them the authoritative copies of those objects within the Active Directory database.
It's important to note that the authoritative restore process should be used with caution, as it can have significant implications on the Active Directory database and replication. It is recommended to have a full backup of the Active Directory database before performing an authoritative restore.
Additionally, it's advisable to consult Microsoft documentation or seek assistance from a qualified Active Directory administrator before using Ntdsutil.exe or performing any advanced operations on Active Directory databases.