Solved

Restore AD user from Symantec Backupexec Full snapshot

Posted on 2010-11-29
8
1,464 Views
Last Modified: 2012-05-10
Hello, as it seems one user has disappeared from the AD and we have a Symantec Backupexec solution including AD agents.
The question is whether it should be sufficient to simply restore the backupexec Domain controller System State and hence "backing" the AD prior to the disappearance and it is a safe operation? Thanks!
0
Comment
Question by:AndersBiro
  • 2
  • 2
  • 2
  • +1
8 Comments
 
LVL 30

Expert Comment

by:Britt Thompson
ID: 34229053
That's a big job to restore a single user and an even bigger job if you have more than one domain controller. Personally, for a single user I would just re-create the user and then get down to the reason as to why the user disappeared. Most likely it was deleted unless you're having some other flaky problems with your DC.

Is there a special reason why you wouldn't just recreate the user?
0
 

Author Comment

by:AndersBiro
ID: 34229098
Well, the user is connected to an Exchange 2007 server so we want to recover the mailgroup as well (included in the backup with agent) so I suppose a mailbox recovery only works flawlessly to the same user?

When you say it is a big job, do you mean that additional steps are required or just that it will affect other late changes as well? It is a really small AD with few users so we could live with that as long as the user is recovered.

So, would restore system state work without problems? Thanks!
0
 
LVL 30

Accepted Solution

by:
Britt Thompson earned 500 total points
ID: 34229163
There's always risk when restoring AD and it's a time consuming process and there's definitely additional steps and it requires your server to be down during the restore. You can easily redirect a mailbox restore to a newly created user with any name in Active Directory and there's little or no risk involved in doing so.

If you want to see the process for restoring the system state in 2003 with backup exec here's a thread : http://www.experts-exchange.com/Storage/Misc/Q_21570191.html
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 19

Expert Comment

by:R--R
ID: 34229387
Try the adrestore utility.
But this will no get the group membership for a user.

http://blogs.technet.com/b/asiasupp/archive/2006/12/14/using-adrestore-tool-to-restore-deleted-objects.aspx
0
 
LVL 15

Expert Comment

by:markpalinux
ID: 34229391

If you are talking about the Backup Exec "Active Directory Recovery Agent" you will want to look at the backup exec docs for your specific version.

Here are two links from a community backupexec forum , seems like they maybe out of date.

http://www.backupexecfaq.com/articles/concepts/do-i-need-the-active-directory-recovery-agent.html
http://www.backupexecfaq.com/faq/using/when-to-perform-an-authoritative-restore.html

With a new user account on the mailbox you would get different user profiles (different sid).
You maybe able to restore user account then reconnect the maillbox to the user.

Just be aware that the system would be sending NDRs as the email addresses do not exist in the system.

Mark
0
 
LVL 19

Expert Comment

by:R--R
ID: 34229401
Or you have to do a Authoritative Restore
http://technet.microsoft.com/en-us/library/cc779573(WS.10).aspx
0
 
LVL 15

Expert Comment

by:markpalinux
ID: 34229468

If you are using the Backup Exec Active Directory Agent, I believe that it automates and simplifies much of the "Authoritative Restore" steps.

I would look at the Backup Exec steps, if you have phone support go ahead and call.

Mark
0
 

Author Comment

by:AndersBiro
ID: 34229503
For this purpose it worked fine to create a new user and then restore the old mailbox to it so the problem is solved thank you.
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question