As Christoffer Andersson, a fellow Directory Services MVP explained in the 4th post of his Inside NTDS.dit series, some deletions do not end up in the Active Directory Recycle Bin and as an Active Directory admin you might still need to perform restores using Directory Services Restore Mode (DSRM).
The Directory Services Restore Mode isn’t new. It has been around since Windows 2000 Server, where you would press F8 during boot to enter the Advanced Boot Options screen. Throughout versions of Windows Server the way to reboot into the Directory Services Restore Mode has changed. For instance, last year I blogged on how to add a DSRM startup option to the Advanced Boot Options screen in Windows Server 2008 and Windows Server 2008 R2, because by default it’s not present.
Today, in Windows Server 2012, Microsoft has changed rebooting into Directory Services Restore Mode from within Windows and has made it far easier.
When Windows detects a problem and needs to reboot, it will automatically display the Advanced Boot Options screen.
The following two ways now exist to reboot into Directory Services Restore Mode from within Windows:
- Type shutdown –o –r
After a couple of seconds the system will display a ribbon:
Quickly thereafter, the system will reboot.
This method works on both Full Installations and Server Core installations.
- On a Full installation of Windows Server 2012 open the Charms Bar with Win+C, then click the cog representing Settings, left-click on Power and press and hold down the Shift key while you click Restart.
Select one of the two Operating System: Recovery options as they seem to be the reasons that best describe why you want to restart. Then click Continue.
After the system has rebooted, it will display the following screen, instead of the normal boot screen:
Choose Troubleshoot – Refresh or reset your PC, or use advanced tools.
The Advanced options screen will appear:
Choose Startup Settings – Change Windows startup behavior.
The Startup Settings screen will appear:
The server will restart a second time. This time it will display the Advanced Boot Options screen:
On this screen, select Directory Services Repair Mode.
When confronted with the Windows Server 2012 logon screen, determine the appropriate set of logon credentials, depending on your DSRM Admin Logon Behavior settings and remaining Domain Controllers within your environment. Logon and perform the appropriate actions.
Today, in Windows Server 2012, Microsoft has changed rebooting into Directory Services Restore Mode and has made it far easier. Note, however, that easier in this case does not mean more straightforward.
Restartable AD DS Step-by-Step Guide
Securing the Directory Services Restore Mode Account
What Username and Password Do I Need to Use for Directory Services Restore Mode
Directory Services Restore to Virtual from Physical