Restore AD user from Symantec Backupexec Full snapshot
Hello, as it seems one user has disappeared from the AD and we have a Symantec Backupexec solution including AD agents.
The question is whether it should be sufficient to simply restore the backupexec Domain controller System State and hence "backing" the AD prior to the disappearance and it is a safe operation? Thanks!
The question is whether it should be sufficient to simply restore the backupexec Domain controller System State and hence "backing" the AD prior to the disappearance and it is a safe operation? Thanks!
ASKER
Well, the user is connected to an Exchange 2007 server so we want to recover the mailgroup as well (included in the backup with agent) so I suppose a mailbox recovery only works flawlessly to the same user?
When you say it is a big job, do you mean that additional steps are required or just that it will affect other late changes as well? It is a really small AD with few users so we could live with that as long as the user is recovered.
So, would restore system state work without problems? Thanks!
When you say it is a big job, do you mean that additional steps are required or just that it will affect other late changes as well? It is a really small AD with few users so we could live with that as long as the user is recovered.
So, would restore system state work without problems? Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Try the adrestore utility.
But this will no get the group membership for a user.
http://blogs.technet.com/b/asiasupp/archive/2006/12/14/using-adrestore-tool-to-restore-deleted-objects.aspx
But this will no get the group membership for a user.
http://blogs.technet.com/b/asiasupp/archive/2006/12/14/using-adrestore-tool-to-restore-deleted-objects.aspx
If you are talking about the Backup Exec "Active Directory Recovery Agent" you will want to look at the backup exec docs for your specific version.
Here are two links from a community backupexec forum , seems like they maybe out of date.
http://www.backupexecfaq.com/articles/concepts/do-i-need-the-active-directory-recovery-agent.html
http://www.backupexecfaq.com/faq/using/when-to-perform-an-authoritative-restore.html
With a new user account on the mailbox you would get different user profiles (different sid).
You maybe able to restore user account then reconnect the maillbox to the user.
Just be aware that the system would be sending NDRs as the email addresses do not exist in the system.
Mark
Or you have to do a Authoritative Restore
http://technet.microsoft.com/en-us/library/cc779573(WS.10).aspx
http://technet.microsoft.com/en-us/library/cc779573(WS.10).aspx
If you are using the Backup Exec Active Directory Agent, I believe that it automates and simplifies much of the "Authoritative Restore" steps.
I would look at the Backup Exec steps, if you have phone support go ahead and call.
Mark
ASKER
For this purpose it worked fine to create a new user and then restore the old mailbox to it so the problem is solved thank you.
Is there a special reason why you wouldn't just recreate the user?