?
Solved

Restore AD user from Symantec Backupexec Full snapshot

Posted on 2010-11-29
8
Medium Priority
?
1,495 Views
Last Modified: 2012-05-10
Hello, as it seems one user has disappeared from the AD and we have a Symantec Backupexec solution including AD agents.
The question is whether it should be sufficient to simply restore the backupexec Domain controller System State and hence "backing" the AD prior to the disappearance and it is a safe operation? Thanks!
0
Comment
Question by:AndersBiro
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
8 Comments
 
LVL 30

Expert Comment

by:Britt Thompson
ID: 34229053
That's a big job to restore a single user and an even bigger job if you have more than one domain controller. Personally, for a single user I would just re-create the user and then get down to the reason as to why the user disappeared. Most likely it was deleted unless you're having some other flaky problems with your DC.

Is there a special reason why you wouldn't just recreate the user?
0
 

Author Comment

by:AndersBiro
ID: 34229098
Well, the user is connected to an Exchange 2007 server so we want to recover the mailgroup as well (included in the backup with agent) so I suppose a mailbox recovery only works flawlessly to the same user?

When you say it is a big job, do you mean that additional steps are required or just that it will affect other late changes as well? It is a really small AD with few users so we could live with that as long as the user is recovered.

So, would restore system state work without problems? Thanks!
0
 
LVL 30

Accepted Solution

by:
Britt Thompson earned 2000 total points
ID: 34229163
There's always risk when restoring AD and it's a time consuming process and there's definitely additional steps and it requires your server to be down during the restore. You can easily redirect a mailbox restore to a newly created user with any name in Active Directory and there's little or no risk involved in doing so.

If you want to see the process for restoring the system state in 2003 with backup exec here's a thread : http://www.experts-exchange.com/Storage/Misc/Q_21570191.html
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 19

Expert Comment

by:R--R
ID: 34229387
Try the adrestore utility.
But this will no get the group membership for a user.

http://blogs.technet.com/b/asiasupp/archive/2006/12/14/using-adrestore-tool-to-restore-deleted-objects.aspx
0
 
LVL 15

Expert Comment

by:markpalinux
ID: 34229391

If you are talking about the Backup Exec "Active Directory Recovery Agent" you will want to look at the backup exec docs for your specific version.

Here are two links from a community backupexec forum , seems like they maybe out of date.

http://www.backupexecfaq.com/articles/concepts/do-i-need-the-active-directory-recovery-agent.html
http://www.backupexecfaq.com/faq/using/when-to-perform-an-authoritative-restore.html

With a new user account on the mailbox you would get different user profiles (different sid).
You maybe able to restore user account then reconnect the maillbox to the user.

Just be aware that the system would be sending NDRs as the email addresses do not exist in the system.

Mark
0
 
LVL 19

Expert Comment

by:R--R
ID: 34229401
Or you have to do a Authoritative Restore
http://technet.microsoft.com/en-us/library/cc779573(WS.10).aspx
0
 
LVL 15

Expert Comment

by:markpalinux
ID: 34229468

If you are using the Backup Exec Active Directory Agent, I believe that it automates and simplifies much of the "Authoritative Restore" steps.

I would look at the Backup Exec steps, if you have phone support go ahead and call.

Mark
0
 

Author Comment

by:AndersBiro
ID: 34229503
For this purpose it worked fine to create a new user and then restore the old mailbox to it so the problem is solved thank you.
0

Featured Post

Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question