?
Solved

Active directory

Posted on 2007-11-26
6
Medium Priority
?
363 Views
Last Modified: 2010-04-21
Hi,

I got a call today saying that some users could not logon, i checked active directory and all users have dissappeared. can anybody help as nobody can log onto the network, with out recreating all users again and configuring emails etc

any help would be appriciated

ggntt
0
Comment
Question by:ggntt
  • 3
  • 2
6 Comments
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 20349847
Are you saying that you are able to open ADUC, but your user objects are no longer present?  Or are you receiving an error when you try to open ADUC.  If the latter and some or all of your user objects were deleted, you will need to perform an authoritative restore, as described here:

http://technet2.microsoft.com/WindowsServer/en/library/690730c7-83ce-4475-b9b4-46f76c9c7c901033.mspx

0
 
LVL 11

Accepted Solution

by:
bsharath earned 2000 total points
ID: 20349896
You can use these tools to restore.
Quest Object Restore for Active Directory
or
Adrestore
0
 

Author Comment

by:ggntt
ID: 20351302
Hi there,

We recreated a few of the users and attached thier mailboxes again.
Later the same thing happened, the users disappeared from AD
Tried adrestore but that just launced what looked like a batch file then closed, nothing happend.
Anyone any ideas ?

Thanks
0
Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 20351325
If you have not enabled auditing on your domain controllers, now would be a good time to do so.  It is unclear from your description whether the accounts are being deleted or if there is something else at work.  You should also install the Windows Support Tools on each DC (from the Windows Server media) and run dcdiag.exe from the command prompt.
0
 

Author Closing Comment

by:ggntt
ID: 31410969
Not sure why the user objects disappeared.
We ran Quest Object Restore (simple to use, excellent product) and we managed to get them back.
Had to reconnect to their mailboxes after we did that.
All looks fine now.
Anyone know why this might have happened?  We are very concerned that the problem might return.
(We think its associated with Tombstone but not sure)

Any feedback appreciated.

Thanks
ggntt
0
 

Author Comment

by:ggntt
ID: 20351976
Just to let you know that we ran quest object restore (simple and very effective)
it restored the users in ad.
We had to reconnect their mailboxes via exchange sys manager.
All looks fine now.
Really concerned as to why this happened and concerned that it will happen again.
Anyone ever see this before ?
We feel it could be associated with tombstone but not sure, any feedback welcomed

Thanks
ggntt
0

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Native ability to set a user account password via AD GPO was removed because the passwords can be easily decrypted by any authenticated user in the domain. Microsoft recommends LAPS as a replacement and I have written an article that does something …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

568 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question