Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Restore AD user from Symantec Backupexec Full snapshot

Posted on 2010-11-29
8
1,447 Views
Last Modified: 2012-05-10
Hello, as it seems one user has disappeared from the AD and we have a Symantec Backupexec solution including AD agents.
The question is whether it should be sufficient to simply restore the backupexec Domain controller System State and hence "backing" the AD prior to the disappearance and it is a safe operation? Thanks!
0
Comment
Question by:AndersBiro
  • 2
  • 2
  • 2
  • +1
8 Comments
 
LVL 30

Expert Comment

by:Britt Thompson
ID: 34229053
That's a big job to restore a single user and an even bigger job if you have more than one domain controller. Personally, for a single user I would just re-create the user and then get down to the reason as to why the user disappeared. Most likely it was deleted unless you're having some other flaky problems with your DC.

Is there a special reason why you wouldn't just recreate the user?
0
 

Author Comment

by:AndersBiro
ID: 34229098
Well, the user is connected to an Exchange 2007 server so we want to recover the mailgroup as well (included in the backup with agent) so I suppose a mailbox recovery only works flawlessly to the same user?

When you say it is a big job, do you mean that additional steps are required or just that it will affect other late changes as well? It is a really small AD with few users so we could live with that as long as the user is recovered.

So, would restore system state work without problems? Thanks!
0
 
LVL 30

Accepted Solution

by:
Britt Thompson earned 500 total points
ID: 34229163
There's always risk when restoring AD and it's a time consuming process and there's definitely additional steps and it requires your server to be down during the restore. You can easily redirect a mailbox restore to a newly created user with any name in Active Directory and there's little or no risk involved in doing so.

If you want to see the process for restoring the system state in 2003 with backup exec here's a thread : http://www.experts-exchange.com/Storage/Misc/Q_21570191.html
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 19

Expert Comment

by:R--R
ID: 34229387
Try the adrestore utility.
But this will no get the group membership for a user.

http://blogs.technet.com/b/asiasupp/archive/2006/12/14/using-adrestore-tool-to-restore-deleted-objects.aspx
0
 
LVL 15

Expert Comment

by:markpalinux
ID: 34229391

If you are talking about the Backup Exec "Active Directory Recovery Agent" you will want to look at the backup exec docs for your specific version.

Here are two links from a community backupexec forum , seems like they maybe out of date.

http://www.backupexecfaq.com/articles/concepts/do-i-need-the-active-directory-recovery-agent.html
http://www.backupexecfaq.com/faq/using/when-to-perform-an-authoritative-restore.html

With a new user account on the mailbox you would get different user profiles (different sid).
You maybe able to restore user account then reconnect the maillbox to the user.

Just be aware that the system would be sending NDRs as the email addresses do not exist in the system.

Mark
0
 
LVL 19

Expert Comment

by:R--R
ID: 34229401
Or you have to do a Authoritative Restore
http://technet.microsoft.com/en-us/library/cc779573(WS.10).aspx
0
 
LVL 15

Expert Comment

by:markpalinux
ID: 34229468

If you are using the Backup Exec Active Directory Agent, I believe that it automates and simplifies much of the "Authoritative Restore" steps.

I would look at the Backup Exec steps, if you have phone support go ahead and call.

Mark
0
 

Author Comment

by:AndersBiro
ID: 34229503
For this purpose it worked fine to create a new user and then restore the old mailbox to it so the problem is solved thank you.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you ever consider purchasing any Daossoft Software Products, DON'T expect any meaningful support - This article should convince you why!
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question