One of the most typical problem, for AD administrators are deleted objects (tombstoned).
Let’s see one typical case, you have an executive user, say Bill Gates, with logon name bgates in the OU La Habana:
You delete accidentally this user (this is also valid for other AD objects, group, computer, etc). Normally, you should restore the AD completely from system state back up or other restore form with third party tools with all the risks, that the BKP is not functional, or you don´t have the BKP tape near you, etc. But, sysinternals has a good alternative, adrestore.
Download this tool:
http://technet.microsoft.com/en-us/sysinternals/bb963906.aspx
and copy it to the windows\...\system32 path in the DC where you are restoring the object.
Now let’s DELETE this user Bill Gates. Inmediatley afther that, go to your DC, open a command prompt and type the following:
With these tool the deleted user, appears again in the original OU but the user account is disabled. Be sure to analyze other properties for these user account, sometimes you don´t become a fully restore, I mean, maybe you have to add the user to the respective AD groups and check for other account settings.
If you want to restore a specific user, group, computer, etc, type:
c:\> adrestore –r bgates
Have fun !!
Posts
No comments:
Post a Comment