Undelete an AD account & mailbox on SBS2008

Hi Everyone,

I have a level 1 tech that just was working on a user's exchange mailbox and they deleted the mailbox which also deleted the AD user

I think there is a way to recover this in AD because I think it does not delete it right away,

If not, I do have last nights server backup but I am not sure how to recover just the AD user, I do not care about the exchange mailbox as I have the OST file from the system anyway - just want to recover the AD user.

Can anyone advise the easiest way to do this?

Thanks,

Spencer
TheSonicGodAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
You are correct, if you have deleted a user account it becomes tombstoned for a period of 60 days by default. The easiest way to recover a delete AD object is using the AD Recycle Bin feature. This way you can restore the AD user without having to use AD Restore Mode, which requires to bring AD offline.

AD Recycle Bin requires a Forest/Domain Funcational Level of 2008R2 or higher.
Recover Deleted Items with AD Recycle Bin: http://technet.microsoft.com/en-us/library/dd392261(v=ws.10).aspx

There is also another tool called ADRestore.net which is a GUI based tool to allow you to recover deleted items from Active Directory...
http://4sysops.com/archives/free-adrestorenet-the-gui-version-of-adrestore/

If you also have a backup product like Backup Exec they have a technology called GRT (grandualr Recovery Technology). If you have this implemented in your environment you can restore individual objects as well...
http://www.symantec.com/business/support/index?page=content&id=TECH49602


Thanks


Will.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
TheSonicGodAuthor Commented:
Hi Will,

I just discovered that the user in trying to fix it added back a user with the same name and password as the old one.

Should I delete this before restoring the other one or did they just screw our ability to restore the user?

Thanks,

Spencer
0
Will SzymkowskiSenior Solution ArchitectCommented:
If the account has been created again it is going to have a different SID/GUID then the one that was deleted eariler. If you have used the exact same sAMAccountName to create the new account this is where you will run into issues. The sAMAccountName is unique across the Forest and cannot be used twice.

I would suggest removing the newly created account first, wait for replication and then restore the original account.
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Will SzymkowskiSenior Solution ArchitectCommented:
Another thing you are going to need to remember is that when you restore the original AD object you are going to have to add the Group Membership back to this account, as it will not have any groups associated with it anymore.
0
TheSonicGodAuthor Commented:
ok - I just renamed the account - is there a way to check if the samaccountname is not the same?
0
Will SzymkowskiSenior Solution ArchitectCommented:
When you go to the properties of the account click the "Account" tab and you will see "Pre Windows 2000 Login Name" this is the sAMAccountName. It needs to be changed.

So if you have a naming convention like "John Downs" and sAMAccountName = jdowns you cannot use this name again in the forest so you could change it so johnd insted.

Simply changing the display name will still cause you issues if the sAMAccountName is the same. This need to be changed.
0
TheSonicGodAuthor Commented:
Excellent - it worked - thanks Will for all your help.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.