Solved

Recovering member of users in a group, Windows Active Directory 2012

Posted on 2014-10-22
3
455 Views
Last Modified: 2014-10-24
A question regarding how to recover configuration of an AD object.
Let's say I have 5000 users in one global group. There are multiple global groups like this having lots users as members. One day, some intern came in and started removing users from the groups. When I found some users are missing on those groups, I have to re-add users to the groups.
So, this situation is not as objects are deleted, but removed from another object. So, object attributes were changed.

I have multiple AD snapshots and system state backups. I can mount a snapshot and go through all that, but is there any way to recover object attributes like this situation? Only authoritative restore of the whole AD?
0
Comment
Question by:crcsupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 4

Assisted Solution

by:akalyan911
akalyan911 earned 500 total points
ID: 40397849
Windows Server 2012 Active Directory recycle bin allow administrators to restore active directory user objects natively. Previously this can only be done by 3rd party products. Note that Windows Server 2012 recycle bin only allow restores for objects in the domain partitions. This means Configuration objects such as Exchange servers are not allowed for restore. Luckily, AD user objects are allow for restore. Another down side to this recycle, it only restore single objects and sub level objects. For example, if you restore an organizational unit, it will not restore the Active Directory users under the organizational unit. Before we enable Widows Server 2012 Active Directory recycle bin, the forest must be in “Windows server 2008 R2” functional level.

How to configure Active Directory Recycle Bin in Windows Server 2012 (step by step)

1. Open Active Directory Administrator from Server Manager, Click on “Enable Recycle Bin” on the right pane. (Note that you can also run the Enable-ADoptionalFeature command from the commandline)
ConfigureActiveDirectoryRecycleBinConfigureActiveDirectoryRecycleBinii2. Once replication is completed, you will see “Deleted Objects” container.

ConfigureActiveDirectoryRecycleBin2
0
 
LVL 4

Accepted Solution

by:
akalyan911 earned 500 total points
ID: 40397850
or you can go through the below tech net article for more information ..

http://technet.microsoft.com/en-us/library/dd379509(v=ws.10).aspx
0
 
LVL 1

Author Comment

by:crcsupport
ID: 40398040
Recycle bin won't help. The situation is, 'users are removed from groups', not deleted
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question