Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Recovering member of users in a group, Windows Active Directory 2012

Posted on 2014-10-22
3
435 Views
Last Modified: 2014-10-24
A question regarding how to recover configuration of an AD object.
Let's say I have 5000 users in one global group. There are multiple global groups like this having lots users as members. One day, some intern came in and started removing users from the groups. When I found some users are missing on those groups, I have to re-add users to the groups.
So, this situation is not as objects are deleted, but removed from another object. So, object attributes were changed.

I have multiple AD snapshots and system state backups. I can mount a snapshot and go through all that, but is there any way to recover object attributes like this situation? Only authoritative restore of the whole AD?
0
Comment
Question by:crcsupport
  • 2
3 Comments
 
LVL 4

Assisted Solution

by:akalyan911
akalyan911 earned 500 total points
ID: 40397849
Windows Server 2012 Active Directory recycle bin allow administrators to restore active directory user objects natively. Previously this can only be done by 3rd party products. Note that Windows Server 2012 recycle bin only allow restores for objects in the domain partitions. This means Configuration objects such as Exchange servers are not allowed for restore. Luckily, AD user objects are allow for restore. Another down side to this recycle, it only restore single objects and sub level objects. For example, if you restore an organizational unit, it will not restore the Active Directory users under the organizational unit. Before we enable Widows Server 2012 Active Directory recycle bin, the forest must be in “Windows server 2008 R2” functional level.

How to configure Active Directory Recycle Bin in Windows Server 2012 (step by step)

1. Open Active Directory Administrator from Server Manager, Click on “Enable Recycle Bin” on the right pane. (Note that you can also run the Enable-ADoptionalFeature command from the commandline)
ConfigureActiveDirectoryRecycleBinConfigureActiveDirectoryRecycleBinii2. Once replication is completed, you will see “Deleted Objects” container.

ConfigureActiveDirectoryRecycleBin2
0
 
LVL 4

Accepted Solution

by:
akalyan911 earned 500 total points
ID: 40397850
or you can go through the below tech net article for more information ..

http://technet.microsoft.com/en-us/library/dd379509(v=ws.10).aspx
0
 
LVL 1

Author Comment

by:crcsupport
ID: 40398040
Recycle bin won't help. The situation is, 'users are removed from groups', not deleted
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question