Solved

Recovering member of users in a group, Windows Active Directory 2012

Posted on 2014-10-22
3
517 Views
Last Modified: 2014-10-24
A question regarding how to recover configuration of an AD object.
Let's say I have 5000 users in one global group. There are multiple global groups like this having lots users as members. One day, some intern came in and started removing users from the groups. When I found some users are missing on those groups, I have to re-add users to the groups.
So, this situation is not as objects are deleted, but removed from another object. So, object attributes were changed.

I have multiple AD snapshots and system state backups. I can mount a snapshot and go through all that, but is there any way to recover object attributes like this situation? Only authoritative restore of the whole AD?
0
Comment
Question by:crcsupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 4

Assisted Solution

by:akalyan911
akalyan911 earned 500 total points
ID: 40397849
Windows Server 2012 Active Directory recycle bin allow administrators to restore active directory user objects natively. Previously this can only be done by 3rd party products. Note that Windows Server 2012 recycle bin only allow restores for objects in the domain partitions. This means Configuration objects such as Exchange servers are not allowed for restore. Luckily, AD user objects are allow for restore. Another down side to this recycle, it only restore single objects and sub level objects. For example, if you restore an organizational unit, it will not restore the Active Directory users under the organizational unit. Before we enable Widows Server 2012 Active Directory recycle bin, the forest must be in “Windows server 2008 R2” functional level.

How to configure Active Directory Recycle Bin in Windows Server 2012 (step by step)

1. Open Active Directory Administrator from Server Manager, Click on “Enable Recycle Bin” on the right pane. (Note that you can also run the Enable-ADoptionalFeature command from the commandline)
ConfigureActiveDirectoryRecycleBinConfigureActiveDirectoryRecycleBinii2. Once replication is completed, you will see “Deleted Objects” container.

ConfigureActiveDirectoryRecycleBin2
0
 
LVL 4

Accepted Solution

by:
akalyan911 earned 500 total points
ID: 40397850
or you can go through the below tech net article for more information ..

http://technet.microsoft.com/en-us/library/dd379509(v=ws.10).aspx
0
 
LVL 1

Author Comment

by:crcsupport
ID: 40398040
Recycle bin won't help. The situation is, 'users are removed from groups', not deleted
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question