Active Directory Restore Mode Trick
How does Ntdsutil.exe know it’s in Directory Restore mode?
NTDSUTIL is a tool used for many Active Directory database maintenance tasks, such as defragmenting the DB, moving the DB and/or log files to a different place, cleaning the DB and more.
NTDSUTIL will allow you to perform many of it’s functions while the DC is up and running. However some of the maintenance tasks (such as performing an offline defragmentation of the DB and moving the files to a different location, along with the Authoritive restore commands) require that you start the DC in Directory Restore mode, found when you access the boot menu by pressing F8 before the server starts it’s startup sequence.
When you start the domain controller in Directory Restore mode, the DC sets the environment variable safeboot_option to “dsrepair.”
If, for some reason, you want to access the “protected” features of NTDSUTIL while it is NOT in the Directory Restore mode, you will receive an error similar to this:
C:\WINDOWS>ntdsutil ntdsutil: files *** Error: Operation only allowed when booted in DS restore mode "set SAFEBOOT_OPTION=DSREPAIR" to override - NOT RECOMMENDED! ntdsutil:
If you want to check something in NTDSUTIL that is allowed only in Directory Restore mode, you can “trick” the program by typing the following statement at a command prompt:
Lamer Note: Type the above command into a different CMD window, NOT the one that NTDSUTIL is running in.
Don’t use this approach on a live or important machine because it could result in system damage if you try to perform system modifications when the system isn’t in Directory Restore mode.
More in Active Directory
How to Fix the "An Active Directory Domain Controller for the Domain Could Not Be Contacted" Error
Jun 20, 2022 | Michael Reinders
How to Delete a Protected OU in Active Directory
Jun 8, 2022 | Michael Reinders
Learn How Organizations Are Using Semperis Purple Knight to Secure Active Directory
Jun 7, 2022 | Russell Smith
Microsoft Announces Entra, A New Identity and Access Management Suite
May 31, 2022 | Rabia Noureen
Microsoft Releases Out-Of-Band Patches to Fix Windows AD Authentication Issues
May 20, 2022 | Rabia Noureen
Cloud Conversations – Ståle Hansen on Digital Wellbeing and Viva Explorers
May 19, 2022 | Laurent Giret
Most popular on petri