hi, please ignore my question above, i studied more about authoritative restore,
i just tried authoritative restore in a single AD (only 1 AD in domain)
i deleted a set of old CA service objects(1 standalon root ca, 1 ent ca, 1 web enrollemnt) in site and services, and leave another set of working CA service objects
- i tried to recover 1 old CA object(authoritative), and because of it is just 1 AD, other objects leave (non-authoritative), the service has error
- i tried to receover with "perform an authoritative restoer of AD files", it works
i wonder is there a different between authoritative and non-authoritative even in 1 AD envirment, i know that is for replication , but 1 AD no replicateion need
i also wonder it need gpupdate /force in all server or not? i trying 1 without gpupdate, but trying 2 with gpupdate