?
Solved

Recovering member of users in a group, Windows Active Directory 2012

Posted on 2014-10-22
3
Medium Priority
?
589 Views
Last Modified: 2014-10-24
A question regarding how to recover configuration of an AD object.
Let's say I have 5000 users in one global group. There are multiple global groups like this having lots users as members. One day, some intern came in and started removing users from the groups. When I found some users are missing on those groups, I have to re-add users to the groups.
So, this situation is not as objects are deleted, but removed from another object. So, object attributes were changed.

I have multiple AD snapshots and system state backups. I can mount a snapshot and go through all that, but is there any way to recover object attributes like this situation? Only authoritative restore of the whole AD?
0
Comment
Question by:crcsupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 4

Assisted Solution

by:akalyan911
akalyan911 earned 2000 total points
ID: 40397849
Windows Server 2012 Active Directory recycle bin allow administrators to restore active directory user objects natively. Previously this can only be done by 3rd party products. Note that Windows Server 2012 recycle bin only allow restores for objects in the domain partitions. This means Configuration objects such as Exchange servers are not allowed for restore. Luckily, AD user objects are allow for restore. Another down side to this recycle, it only restore single objects and sub level objects. For example, if you restore an organizational unit, it will not restore the Active Directory users under the organizational unit. Before we enable Widows Server 2012 Active Directory recycle bin, the forest must be in “Windows server 2008 R2” functional level.

How to configure Active Directory Recycle Bin in Windows Server 2012 (step by step)

1. Open Active Directory Administrator from Server Manager, Click on “Enable Recycle Bin” on the right pane. (Note that you can also run the Enable-ADoptionalFeature command from the commandline)
ConfigureActiveDirectoryRecycleBinConfigureActiveDirectoryRecycleBinii2. Once replication is completed, you will see “Deleted Objects” container.

ConfigureActiveDirectoryRecycleBin2
0
 
LVL 4

Accepted Solution

by:
akalyan911 earned 2000 total points
ID: 40397850
or you can go through the below tech net article for more information ..

http://technet.microsoft.com/en-us/library/dd379509(v=ws.10).aspx
0
 
LVL 1

Author Comment

by:crcsupport
ID: 40398040
Recycle bin won't help. The situation is, 'users are removed from groups', not deleted
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question