Restore AD user from Symantec Backupexec Full snapshot

Hello, as it seems one user has disappeared from the AD and we have a Symantec Backupexec solution including AD agents.
The question is whether it should be sufficient to simply restore the backupexec Domain controller System State and hence "backing" the AD prior to the disappearance and it is a safe operation? Thanks!
AndersBiroAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Britt ThompsonConnect With a Mentor Sr. Systems EngineerCommented:
There's always risk when restoring AD and it's a time consuming process and there's definitely additional steps and it requires your server to be down during the restore. You can easily redirect a mailbox restore to a newly created user with any name in Active Directory and there's little or no risk involved in doing so.

If you want to see the process for restoring the system state in 2003 with backup exec here's a thread : http://www.experts-exchange.com/Storage/Misc/Q_21570191.html
0
 
Britt ThompsonSr. Systems EngineerCommented:
That's a big job to restore a single user and an even bigger job if you have more than one domain controller. Personally, for a single user I would just re-create the user and then get down to the reason as to why the user disappeared. Most likely it was deleted unless you're having some other flaky problems with your DC.

Is there a special reason why you wouldn't just recreate the user?
0
 
AndersBiroAuthor Commented:
Well, the user is connected to an Exchange 2007 server so we want to recover the mailgroup as well (included in the backup with agent) so I suppose a mailbox recovery only works flawlessly to the same user?

When you say it is a big job, do you mean that additional steps are required or just that it will affect other late changes as well? It is a really small AD with few users so we could live with that as long as the user is recovered.

So, would restore system state work without problems? Thanks!
0
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

 
R--RCommented:
Try the adrestore utility.
But this will no get the group membership for a user.

http://blogs.technet.com/b/asiasupp/archive/2006/12/14/using-adrestore-tool-to-restore-deleted-objects.aspx
0
 
markpalinuxCommented:

If you are talking about the Backup Exec "Active Directory Recovery Agent" you will want to look at the backup exec docs for your specific version.

Here are two links from a community backupexec forum , seems like they maybe out of date.

http://www.backupexecfaq.com/articles/concepts/do-i-need-the-active-directory-recovery-agent.html
http://www.backupexecfaq.com/faq/using/when-to-perform-an-authoritative-restore.html

With a new user account on the mailbox you would get different user profiles (different sid).
You maybe able to restore user account then reconnect the maillbox to the user.

Just be aware that the system would be sending NDRs as the email addresses do not exist in the system.

Mark
0
 
R--RCommented:
Or you have to do a Authoritative Restore
http://technet.microsoft.com/en-us/library/cc779573(WS.10).aspx
0
 
markpalinuxCommented:

If you are using the Backup Exec Active Directory Agent, I believe that it automates and simplifies much of the "Authoritative Restore" steps.

I would look at the Backup Exec steps, if you have phone support go ahead and call.

Mark
0
 
AndersBiroAuthor Commented:
For this purpose it worked fine to create a new user and then restore the old mailbox to it so the problem is solved thank you.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.