[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 272
  • Last Modified:

If I restore computers container in to AD from backup will it replicate to all other DC's ?

We currently have the AD installed on several servers across multiple sites.  Last week one of our administrators ran a script to change the local admin password on all member workstations.  The script went wrong and it changed the password of the workstation's in the computers container, meaning none of our workstation in the COMPUTERS conatiner could authenticate to the domain.

We decided the quickest way to rectify the problem was to re-joint the for domain each PC (a big job).

I am currently backing up one DC with Veritas BE 9.1.   If I had restored the computers container from a recent backup, would the restored data have replicated to all other DCs or would they have sent an over-write to the data I restored as they would consider them seleves to have more recent data ?
0
stemc
Asked:
stemc
  • 2
  • 2
1 Solution
 
Toni UranjekConsultant/TrainerCommented:
Hi!

Post the contents of the script. If you changed workstation passwords with netdom I don't believe that restoring AD would help, you have to reset workstations passwords.

Toni
0
 
stemcAuthor Commented:
Hi Toni,

The script was as below, but was ran on every item in the computers container :

--------
For Each objComputer in colComputers
          strComputer = objComputer.CN
                if objComputer.Name = "CN=IS-PC" then
                  Wscript.Echo strComputer
                  wscript.Echo objComputer.Name
                  objComputer.SetPassword strPassword
                  objComputer.SetInfo      
                  Else
                  Wscript.Echo "nada"
      
      end if
---------------  
Next


Many thanks
0
 
Toni UranjekConsultant/TrainerCommented:
I'm not sure that authoritative restore of AD would help in your case, but I believe that before you start rejoining computers to domain that you try to reset machine account with netdom:

netdom resetpwd /server:<servername> /userd:<username>\Administrator /passwordd:*

You need to run this Netdom command on the machine for which you want to change the password. The server must be a domain controller in the domain, and the user must have a domain account with administrative privileges over the machine account whose password youre changing.

You need to restart the machine for the password change to take effect. Simultaneously resetting the password on the local machine and a domain controller ensures that the two computers involved in the operation are synchronized, and starts AD replication so that other domain controllers receive the change.
0
 
stemcAuthor Commented:
Thanks for the prompt response Toni,

We have already re-joined the domain on the PC's and we will be sure never to run that particular script again !  So in theory I will never get chance to use the Netdom command.

The main thing I needed to know, you have answered !  That is ....... A restore of the computers container would not have worked.

Thanks again,

Ste
0

Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now