You want to perform a complete authoritative restore of the Active Directory database because something very bad has happened.

Follow the same steps as Recipe 16.4, except after the restore has completed, do not restart the computer.

Run the following command to restore the entire database:

> ntdsutil "auth restore" "restore database" q

Restart the computer.

In a production environment, you should never have to perform a complete authoritative restore. It is a drastic measure and you will inevitably lose data as a result. Before you even attempt such a restore, you may want to contact Microsoft Support to make sure all options have been exhausted. That said, you should test the authoritative restore process in a lab environment, and make sure you have the steps properly documented in case you ever do need to use it.

Recipe 16.2 for getting into Directory Services Restore Mode, MB KB 216243 (Authoritative Restore of Active Directory and Impact on Trusts and Computer Accounts), MS KB 241594 (HOW TO: Perform an Authoritative Restore to a Domain Controller in Windows 2000), and MS KB 280079 (Authoritative Restore of Groups Can Result in Inconsistent Membership Information Across Domain Controllers)