The work would proceed from an authoritative restore for the root domain in the tree hierarchy. Once complete and replicated to the other DCs and Global Catalog Servers, you could then perform restores on other server in the downlevel domains. You might also consider simply rebuilding some of the servers -- it depends how maliciously trashed they were. If it were really bad, you might consider performing restores on the FSMO holders...
in the domains only. Then rebuild from scratch the other supporting DCs -- but that could be a lot of work if you have many domains and DCs.
Editor's Note: For more information on Active Directory backup and recovery, check out our Active Directory Administration and Maintenance Best Web Links.
Dig deeper on Microsoft Active Directory
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.