Solved

Active Directory object recovery

Posted on 2013-12-17
8
410 Views
Last Modified: 2013-12-19
I had a question about Active Directory object recovery. I have an AD where two problems arose. The first was after clicking "enable inheritance" on a couple of users. It changed a list of known accounts to unknown. The second is one of the unknown accounts was accidentally removed. Being unknown, I don't know what it was to add it back.

I am somewhat familiar with AD Restore, but not sure if this will work since the changes would have replicated to all of the other DC's in the area. The box where the changes were made was an exchange server with ADUC installed and it would have replicated (from my understanding) to the DC's.

The exchange box is a 2012 server with exchange 2013 on it. The other DC's are 2008R2 I believe.

Can someone point in me the right direction of what I need to do to rollback the changes (if possible)

If more information is needed, I will provide as I can.

Thanks in advanced
0
Comment
Question by:camstutz
  • 4
  • 2
  • 2
8 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39724350
you mentioned 2008 R2...are you in 2008 F2 forest functional level.

The reason I ask is because if you have the AD recycle bin feature enabled that makes recovery much easier.

Do you have a good backup of your system state on the DC?  May need too which is why I'm asking.

Thanks

Mike
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 150 total points
ID: 39724404
As Mike has already asked the question, if you have a 2008 R2 Forest you can recover items with powershell or using ldp.exe.

Below are a couple of links which should be able to assist with your restore process.

Powershell/LDP.exe Restore - http://technet.microsoft.com/en-us/library/dd379509(v=ws.10).aspx

Free AD Restore Tools - (try ADRestore.net) http://social.technet.microsoft.com/wiki/contents/articles/5035.free-ad-objects-recovery-tools.aspx

Will.
0
 

Author Comment

by:camstutz
ID: 39724484
I apologize, we are are in a 2003 forest and domain functional level.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:camstutz
ID: 39724500
I'm sorry for leaving this out in the first post, but the user wasn't deleted, just a security principal/group was removed and how to change the account unknowns back to known (this happened after clicking "enable inheritance" on an already existing user account.

Again, I apologize that it wasn't clear in the first post.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39724503
The Restore Tools should work for you. ADRestore.net is compatible with 2003 Forest/Domain FL.

Will.
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 350 total points
ID: 39724525
Once you are done with this fire, consider taking regular AD snapshots, you can search for more info on them   http://blogs.technet.com/b/niraj_kumar/archive/2009/02/05/active-directory-snapshot-new-feature-in-windows-2008.aspx

If you had one you could just mount the snapshot and see what groups the user used to be a part of.  Some folks take daily and/or weekly snapshots.

Thanks

Mike
0
 

Author Comment

by:camstutz
ID: 39730397
Hello Mike and Will.

I apologize for not getting back sooner. After looking into this problem first, I am changing my mind that the known accounts changed to unknown. I looked at the security principals on the OU itself and it had a list of unknown accounts. I think that the user object picked up the "Account Unknown" entries from the OU itself. (after clicking 'enable inheritance').  I am decently certain that an "Account Unknown" entry was one that was accidentally removed.

Additionally, the servers have DPM backups with system state that include Active Directory. Using a method that was suggested, I was able to restore the system state to an alternative directory. I then mounted the vhd and then mounted and browsed the ntds.dit file using ADUC (using change domain controller:port) I did this on a test system.
0
 

Author Closing Comment

by:camstutz
ID: 39730405
I am accepting Mike's solution as it led me to the answer to view. But I am also awarding some points to Will as he introduced me to great software as well.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question