Solved

Restore AD user from Symantec Backupexec Full snapshot

Posted on 2010-11-29
8
1,484 Views
Last Modified: 2012-05-10
Hello, as it seems one user has disappeared from the AD and we have a Symantec Backupexec solution including AD agents.
The question is whether it should be sufficient to simply restore the backupexec Domain controller System State and hence "backing" the AD prior to the disappearance and it is a safe operation? Thanks!
0
Comment
Question by:AndersBiro
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
8 Comments
 
LVL 30

Expert Comment

by:Britt Thompson
ID: 34229053
That's a big job to restore a single user and an even bigger job if you have more than one domain controller. Personally, for a single user I would just re-create the user and then get down to the reason as to why the user disappeared. Most likely it was deleted unless you're having some other flaky problems with your DC.

Is there a special reason why you wouldn't just recreate the user?
0
 

Author Comment

by:AndersBiro
ID: 34229098
Well, the user is connected to an Exchange 2007 server so we want to recover the mailgroup as well (included in the backup with agent) so I suppose a mailbox recovery only works flawlessly to the same user?

When you say it is a big job, do you mean that additional steps are required or just that it will affect other late changes as well? It is a really small AD with few users so we could live with that as long as the user is recovered.

So, would restore system state work without problems? Thanks!
0
 
LVL 30

Accepted Solution

by:
Britt Thompson earned 500 total points
ID: 34229163
There's always risk when restoring AD and it's a time consuming process and there's definitely additional steps and it requires your server to be down during the restore. You can easily redirect a mailbox restore to a newly created user with any name in Active Directory and there's little or no risk involved in doing so.

If you want to see the process for restoring the system state in 2003 with backup exec here's a thread : http://www.experts-exchange.com/Storage/Misc/Q_21570191.html
0
The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

 
LVL 19

Expert Comment

by:R--R
ID: 34229387
Try the adrestore utility.
But this will no get the group membership for a user.

http://blogs.technet.com/b/asiasupp/archive/2006/12/14/using-adrestore-tool-to-restore-deleted-objects.aspx
0
 
LVL 15

Expert Comment

by:markpalinux
ID: 34229391

If you are talking about the Backup Exec "Active Directory Recovery Agent" you will want to look at the backup exec docs for your specific version.

Here are two links from a community backupexec forum , seems like they maybe out of date.

http://www.backupexecfaq.com/articles/concepts/do-i-need-the-active-directory-recovery-agent.html
http://www.backupexecfaq.com/faq/using/when-to-perform-an-authoritative-restore.html

With a new user account on the mailbox you would get different user profiles (different sid).
You maybe able to restore user account then reconnect the maillbox to the user.

Just be aware that the system would be sending NDRs as the email addresses do not exist in the system.

Mark
0
 
LVL 19

Expert Comment

by:R--R
ID: 34229401
Or you have to do a Authoritative Restore
http://technet.microsoft.com/en-us/library/cc779573(WS.10).aspx
0
 
LVL 15

Expert Comment

by:markpalinux
ID: 34229468

If you are using the Backup Exec Active Directory Agent, I believe that it automates and simplifies much of the "Authoritative Restore" steps.

I would look at the Backup Exec steps, if you have phone support go ahead and call.

Mark
0
 

Author Comment

by:AndersBiro
ID: 34229503
For this purpose it worked fine to create a new user and then restore the old mailbox to it so the problem is solved thank you.
0

Featured Post

Turn Insights Into Action

You’ve already invested in ITSM tools, chat applications, automation utilities, and more. Fortify these solutions with intelligent communications so you can drive business processes forward.

With xMatters, you'll never miss a beat.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question