GPO deleted accidentally

Posted on 2010-01-05
Last Modified: 2012-05-08
I need help on where and how to restore OU that was accidentally deleted from a windows 2003 server enterprise DC.  I previously created an OU and moved several users in that group.  However, the OU is now no longer exist in our DC due to accidently deleted and Shadow Copies weren't turned on.  We do have the DC nightly backup just not sure which file to backup.  Our org. currently have two DCs running and both are replicating.  Please advise how to accomplish this task.

Thank you so much!
Question by:pawanopensource
    LVL 57

    Accepted Solution

    Your nightly backup should include the system state (hopefully)
    So what you will need to do now is what is called an "authoritative restore" for that OU
    Take a look at this question I helped with last year
    LVL 10

    Assisted Solution

    Yes, you will need to do an "authoritative restore" for that OU.

    Check the below link to Performing an Authoritative Restore of Active Directory Objects:

    LVL 7

    Assisted Solution


    In case you have the system state backup, follow the article listed by abhijit. But please remember to run the authoritative restore command twice (after a reboot back to DSRM mode). This will retore the group memberships as well.

    If you do not have the system state backup, then the only way which is left is to undelete the users that got deleted. This is a time consuming process and needs usage of tools like ldp.exe.

    Refer this:

    Hope this works for you because by default the tombstone life time is 180 days so there is hope :-)



    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    More or less everybody in the IT market understands the basics of Networking, however when we start talking about Storage Networks, things get a bit dizzier, and this is where I would like to help.
    Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now