We have a server that was hacked. I found a user logged in but disconnected. The user name was zhii. I was able to login as administrator and discovered that 4 user accounts were deleted. We discovered in the security event log that user zhii deleted them.
Can I restore the user accounts and only the user accounts from backup? I dont want to restore any data. The last successful backup was 2 days prior to this issue occurring.
If so, what do i restore? C drive and System State?