16.2. Restarting a Domain Controller in Directory Services Restore Mode

Problem

You want to restart a domain controller in DS Restore Mode.

Solution

To enter DS Restore Mode, you must reboot the server at the console. Press F8 after the power-on self test (POST), which will bring up a menu, as shown in Figure 16-1. From the menu, select Directory Services Restore Mode.

Boot options

Figure 16-1. Boot options

Discussion

The Active Directory database is live and locked by the system when a domain controller is booted into normal mode. If you want to perform integrity checks, manipulate the Active Directory database in some way or restore part of the database, you have to reboot into DS Restore Mode. In this mode, Active Directory does not start up and the database files ( ntds.dit ) are not locked.

It is not always practical to be logged into the console of the server when you need to reboot it into DS Restore Mode. You can work around this by modifying the boot.ini file for the server to automatically boot into DS Restore Mode after reboot. You can then use Terminal Services to log on to the machine remotely while it is in that mode. See MS KB 256588 for more information on how to enable this capability. Be careful if you try to access DS Restore Mode via Terminal Services. Unless you have configured everything properly, you may end up with the domain controller booted into DS Restore Mode and not be ...

Get Active Directory Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.