Re-creatin Active Directory User Account

I wonder if deleting AD user account, that had access to resources, then having Second-Thought and recreating the same user account with the same name, whether the new account will have the same access rights just like the one that was deleted ?

Thank you
jskfanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
It will not. Windows handles permissions internally by a unique identifier called an SID. Each time an account is created, a new SID is generated. Even if you create an account with the same name as an old account, the generated SID will be different and therefore will not match the permissions given to resources.
0
MaheshArchitectCommented:
You need to remap the new account again in all groups as previous account and also need to reacl all permissions set on resources including profiles
To map old account user profile to new identical account you can use Profwiz tool
http://www.forensit.com/downloads.html
0
jskfanAuthor Commented:
Does Forensit do the remap as well re-ACL permissions ? or just one of them ?

I believe that we can do Authoritative restore with NTDSUTIL, but it I a long way process..
we'll have to use the back up
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

MaheshArchitectCommented:
Forensit will do both for existing old user profile on desktop \ laptop

But it cannot translate user data stored on file server in shared folders
You have to do that manually

AD authoritative restore is one option, however you can use AD Restore freeware utility \ Quest Free Utility to recover object without restoring AD system state backup
http://blogs.technet.com/b/asiasupp/archive/2006/12/14/using-adrestore-tool-to-restore-deleted-objects.aspx

Note that above utilities will restore original object from AD tombstone with SID and user logon name, however user group membership and most of other attributes will get lost that info you need to configure manually again.
0
jskfanAuthor Commented:
There is a feature called AD Recycle Bin..
Won't this be the easiest way ?
0
MaheshArchitectCommented:
You cannot use that feature unless you have 2008 R2 active directory forest and domain functional levels
Also now if you have all of your DCs 2008 R2 and above and if you activated that feature now, it won't recover object for you, it can restore objects with all attributes which are deleted after you activate the feature
The feature is by default disabled on 2008 R2 and above DCs
U need to explicitly enable it.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jskfanAuthor Commented:
Thanks Mahesh...
That should be a cool feature...
will save Admins a lot of pain
0
jskfanAuthor Commented:
Thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.