The major use of Microsoft’s Ntdsutil.exe is to help administrators in performing authoritative restoration of  domain controllers but there are a handful of  limitations to this  tool.

This post will highlight the shortcomings of Ntdsutil and show you how RecoveryManager Plus can help you overcome those limitations.

Inability to backup just the AD

Ntdsutil does not allow administrators the flexibility to back up just their AD data. To backup AD data, they must always back up their entire system state, which increases the amount of storage space used and also the time taken to complete each backup.

RecoveryManager Plus allows you to granularly backup just specific object types such as users, groups, OUs, contacts, etc., while also allowing you to periodically back up the system state.

Absence of incremental backups

Ntdsutil does not allow you to incrementally back up just the changes made after the last backup. Each backup must be a full system backup and puts a large strain on your storage.

RecoveryManager Plus allows you to backup just the changes made after the last backup as separate versions. 

Attribute level restoration

Ntdsutil allows you to restore individual objects from backups, but does not allow you to granularly restore just specific attributes of AD objects.

RecoveryManager Plus allows you to restore individual attributes of AD objects to any of their past values owing to its ability to take incremental backups and to store multiple backup versions of the same object.

Linked attributes restoration

When restoring AD using Ntdsutil, it does not restore linked attributes such as memberOf, manager and direct reports attributes are not restored.

Restoring AD with RecoveryManager Plus ensures that all such linked attributes of an object are restored. 

Restorations limited to the same DC

Ntdsutil backups of one DC cannot be used to restore another DC in the same domain, making it necessary to back up each DC in the domain individually.

RecoveryManager Plus allows you to restore objects from a backup of one DC to another DC in the same domain.

Restart free recovery

When performing a restoration with Ntdsutil, it is mandatory to restart your domain controllers. Until the restart completes, your domain remains offline.

RecoveryManager Plus allows you to restore AD objects without having to restart your domain controllers.

