Solved

EMERGENCY

Posted on 2009-07-10
6
283 Views
Last Modified: 2012-05-07
I've lost my user's on my domain.  I have a backup how can I restore.
0
Comment
Question by:tbonehwd
  • 3
  • 2
6 Comments
 
LVL 3

Expert Comment

by:rmconard
Comment Utility
This is very vague.

Are you using a Microsoft Active Directory? If so, have you logged into the AD to see if the user accounts are still there?

Also... when you attempt to use a domain username to log into something, what error do you get? If it's saying the account is locked, you may have a virus on your AD server.

-Ryan
0
 
LVL 18

Assisted Solution

by:hopeleonie
hopeleonie earned 200 total points
Comment Utility
if you using AD look at this link: http://support.microsoft.com/kb/840001/en-us
0
 

Author Comment

by:tbonehwd
Comment Utility
We are using AD server 2003 and I have a backup of the system state. Will this restore my users and system accounts?
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 3

Accepted Solution

by:
rmconard earned 300 total points
Comment Utility
Let me know if this helps you.


In the Windows Server 2003 family, you can restore the Active Directory database if it becomes corrupted or is destroyed because of hardware or software failures. You must restore the Active Directory database when objects in Active Directory are changed or deleted.

You can use one of the three methods to restore Active Directory from backup media: Primary Restore, Normal Restore (i.e. Non Authoritative), and Authoritative Restore.

- Primary Restore: This method rebuilds the first domain controller in a domain when there is no other way to rebuild the domain. Perform a primary restore only when all the domain controllers in the domain are lost, and you want to rebuild the domain from the backup. Members of the Administrators group can perform the primary restore on local computer. On a domain controller, only members of the Domain Admins group can perform this restore.

- Normal Restore: This method reinstates the Active Directory data to the state before the backup, and then updates the data through the normal replication process. Perform a normal restore for a single domain controller to a previously known good state.

- Authoritative Restore: You perform this method in tandem with a normal restore. An authoritative restore marks specific data as current and prevents the replication from overwriting that data. The authoritative data is then replicated through the domain. Perform an authoritative restore for individual object in a domain that has multiple domain controllers. When you perform an authoritative restore, you lose all changes to the restore object that occurred after the backup. You need to use the NTDSUTIL command line utility to perform an authoritative restore. You need to use it in order to mark Active Directory objects as authoritative, so that they receive a higher version recently changed data on other domain controllers does not overwrite System State data during replication.

For example, if you inadvertently delete or modify objects in Active Directory, and those objects were thereafter replicated to other DCs, you will need to authoritatively restore those objects so they are replicated or distributed to the other servers. If you do not authoritatively restore the objects, they will never get replicated or distributed to your other servers because they will appear to be older than the objects currently on your other DCs. Using the NTDSUTIL utility to mark objects for authoritative restore ensures that the data you want to restore gets replicated or distributed throughout your organization.

On the other hand, if your system disk has failed or the Active Directory database is corrupted, then you can simply restore the data normally without using NTDSUTIL. After rebooting the DC, it will receive newer updates from other DCs.
0
 

Author Comment

by:tbonehwd
Comment Utility
Thanks for this.  I wound up calling microsoft.  I restored the system state from a backup after I booted into recovery safe mode.  We ran NTDSUTIL  I demoted my 2nd dc down to a server right after I lost the user accounts so there was only one DC to restore.  We did the following:

2. Authoritative (Rare): Restoring "Authoritatively" will require the use of the Microsoft utility, "Ntdsutil.exe." Visit the Microsoft Knowledge Base for details on how to run Ntdsutil.exe. This option should only be used when all DCs need to be restored back to a certain time. The Ntdsutil is needed to change the type of restore to Authoritative. In general, the Ntdsutil will add a value (10,000 is default) to all USNs to ensure they will be higher than any other current DCs. Once the restore is done and the Ntdsutil utility is run, replication will occur and the entire active directory will be pushed to the other DCs upon reboot. This effectively overwrites any changes made from the time of backup to the current time. An example of this can be seen in TechNote 236363.

I also did this:

How to restore deleted user accounts and their group memberships in Active Directory http://support.microsoft.com/kb/840001
How to perform an authoritative restore to a domain controller in Windows 2000 http://support.microsoft.com/kb/241594
How to remove data in Active Directory after an unsuccessful domain controller demotion http://support.microsoft.com/kb/216498
Using the BurFlags registry key to reinitialize File Replication Service replica sets http://support.microsoft.com/kb/290762
How To Use Netdom.exe to Reset Machine Account Passwords of a Windows 2000 Domain Controller http://support.microsoft.com/kb/260575
How to use Netdom.exe to reset machine account passwords of a Windows Server 2003 domain controller http://support.microsoft.com/kb/325850

I'm happy to say that I got it all back with the Help Of Microsoft Tech Support - it was well worth the $260.00l
0
 

Author Closing Comment

by:tbonehwd
Comment Utility
i actually called Microsoft and wrote the solution
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Many admins will agree: WSUS is is a nice invention but using it on the client side when updating a newly installed computer is still time consuming as you have to do several reboots and furthermore, the procedure of installing updates, rebooting an…
INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now