Re-creatin Active Directory User Account

Posted on 2014-08-03
Last Modified: 2014-08-03
I wonder if deleting AD user account, that had access to resources, then having Second-Thought and recreating the same user account with the same name, whether the new account will have the same access rights just like the one that was deleted ?

Thank you
Question by:jskfan
    LVL 56

    Assisted Solution

    by:Cliff Galiher
    It will not. Windows handles permissions internally by a unique identifier called an SID. Each time an account is created, a new SID is generated. Even if you create an account with the same name as an old account, the generated SID will be different and therefore will not match the permissions given to resources.
    LVL 34

    Assisted Solution

    You need to remap the new account again in all groups as previous account and also need to reacl all permissions set on resources including profiles
    To map old account user profile to new identical account you can use Profwiz tool

    Author Comment

    Does Forensit do the remap as well re-ACL permissions ? or just one of them ?

    I believe that we can do Authoritative restore with NTDSUTIL, but it I a long way process..
    we'll have to use the back up
    LVL 34

    Expert Comment

    Forensit will do both for existing old user profile on desktop \ laptop

    But it cannot translate user data stored on file server in shared folders
    You have to do that manually

    AD authoritative restore is one option, however you can use AD Restore freeware utility \ Quest Free Utility to recover object without restoring AD system state backup

    Note that above utilities will restore original object from AD tombstone with SID and user logon name, however user group membership and most of other attributes will get lost that info you need to configure manually again.

    Author Comment

    There is a feature called AD Recycle Bin..
    Won't this be the easiest way ?
    LVL 34

    Accepted Solution

    You cannot use that feature unless you have 2008 R2 active directory forest and domain functional levels
    Also now if you have all of your DCs 2008 R2 and above and if you activated that feature now, it won't recover object for you, it can restore objects with all attributes which are deleted after you activate the feature
    The feature is by default disabled on 2008 R2 and above DCs
    U need to explicitly enable it.

    Author Comment

    Thanks Mahesh...
    That should be a cool feature...
    will save Admins a lot of pain

    Author Closing Comment


    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    To effectively work with Diskpart on a Server Core, it is necessary to write some small batch script's, because you can't execute diskpart in a remote powershell session. To get startet, place the Diskpart batch script's into a share on your loca…
    I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
    This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
    This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now