Solved

Restore Active Diectory Users

Posted on 2014-11-25
15
77 Views
Last Modified: 2014-12-04
Hello Experts,

Unfortunately I removed some mailboxes to allow the deletion of an Exchange 2013 database using the "remove-mailbox name" command. I didn’t appreciate that this would also remove the AD users account as well!! I have since been trying to recover the user accounts and I'm running out of ideas. Firstly the AD recycle bin wasn’t enabled, I have tried LDP.exe and ADrestore.net but no luck as the deleted items container is empty. I created and deleted a test account and it did populate the deleted container in ldp.exe so it’s working. I have tried looking up this issue but everything seems to be geared to recovering the mailbox not the AD user account.

Any ideas please on how to recover the user account, not the mailbox?
0
Comment
Question by:markfurey
15 Comments
 
LVL 7

Expert Comment

by:valmatic
Comment Utility
Sounds like aside from having some sort of tape backup of AD, which you don't you tried most the ways i have ever seen. Good luck!
0
 

Author Comment

by:markfurey
Comment Utility
Yep, I just don’t understand why the objects aren’t present when deleted from Exchange using the remove-mailbox command; does it delete the objects differently?
0
 
LVL 7

Expert Comment

by:valmatic
Comment Utility
Disable mailbox in exchange removes the exchange attributes from the user and marks the box for deletion in exchange. Remove mailbox gets rid of the user and the mailbox, they changed this wording back in ex 2007 i believe.
0
 
LVL 34

Expert Comment

by:Seth Simmons
Comment Utility
I didn’t appreciate that this would also remove the AD users account as well!!

it is documented that that is the expected result

Use the Remove-Mailbox cmdlet to delete mailboxes and the associated user accounts.

Remove-Mailbox
http://technet.microsoft.com/en-us/library/aa995948(v=exchg.150).aspx

going forward, use disable-mailbox to only remove the mailbox

Disable-Mailbox
http://technet.microsoft.com/en-us/library/aa997210(v=exchg.150).aspx
0
 

Accepted Solution

by:
markfurey earned 0 total points
Comment Utility
Couldn't restore the user accounts and no backups as Server was at an interim stage so I rebuilt a new domain/controller and migrated user profiles.
0
 

Author Comment

by:markfurey
Comment Utility
I've requested that this question be closed as follows:

Accepted answer: 0 points for markfurey's comment #a40472569

for the following reason:

No one provided an answer started new AD domain from scratch.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 7

Expert Comment

by:valmatic
Comment Utility
No points, we provided you insight as to why you could not get these objects back. Just because you screwed up and there was no way to recover the object does not mean no one should get points for their effort.
0
 
LVL 2

Expert Comment

by:eenookami
Comment Utility
I've requested that this question be closed as follows:

Accepted answer: 0 points for markfurey's comment #a40472569

for the following reason:

As initially stated by the author
0
 
LVL 7

Expert Comment

by:valmatic
Comment Utility
Umm, there is no way to resolve the issue since he did not make a backup..... He wanted to know why his boxes were gone and we explained he did not know the difference between remove and disable the boxes. Our effort is worth points.
0
 
LVL 7

Expert Comment

by:valmatic
Comment Utility
eenookami - hahaha is somebody frustrated!
0
 

Author Comment

by:markfurey
Comment Utility
IIts all done and dusted now and I have rebuilt a new AD domain, what I couldn’t understand was why I couldn’t recover AD objects, namely the user accounts in the normal way and wondered if removing user accounts by running the "remove-mailbox" command somehow permanently deleted the user objects.

Hopefully this will put an end to it, obviously some people have too much time on their hands!
0
 
LVL 7

Expert Comment

by:valmatic
Comment Utility
The problem is that some people who have extra time come here to help out and you get these certain people who act like points are money out of their own pocket and instead of saying thanks you kick them in the.. and say no one deserves anything for their input.
If people did not have too much time on their hand EE would not exist right! Most people here make a point to try and answer questions as a way to give back for the help they get on theirs. But you are obviously a poc know it all.
0
 

Author Comment

by:markfurey
Comment Utility
Have as many points as you want, I don't give a ****! I realise that I "screwed up" as you put it, and as soon as the command was run and the realisation that it also removed AD accounts was evident I then looked-up the commands for confirmation, I didn't need further confirmation. My issue was why I couldn't then restore the AD objects which as of yet no one has been able to answer. I'm sure this won't be the end of this dialogue and a sharp reply will be quickly returned, if nothing else it will go someway to show my previous observation regarding "time" is a least in someway correct.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now