Solved

Restore Active Diectory Users

Posted on 2014-11-25
15
83 Views
Last Modified: 2014-12-04
Hello Experts,

Unfortunately I removed some mailboxes to allow the deletion of an Exchange 2013 database using the "remove-mailbox name" command. I didn’t appreciate that this would also remove the AD users account as well!! I have since been trying to recover the user accounts and I'm running out of ideas. Firstly the AD recycle bin wasn’t enabled, I have tried LDP.exe and ADrestore.net but no luck as the deleted items container is empty. I created and deleted a test account and it did populate the deleted container in ldp.exe so it’s working. I have tried looking up this issue but everything seems to be geared to recovering the mailbox not the AD user account.

Any ideas please on how to recover the user account, not the mailbox?
0
Comment
Question by:markfurey
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
15 Comments
 
LVL 7

Expert Comment

by:valmatic
ID: 40465039
Sounds like aside from having some sort of tape backup of AD, which you don't you tried most the ways i have ever seen. Good luck!
0
 

Author Comment

by:markfurey
ID: 40465052
Yep, I just don’t understand why the objects aren’t present when deleted from Exchange using the remove-mailbox command; does it delete the objects differently?
0
 
LVL 7

Expert Comment

by:valmatic
ID: 40465087
Disable mailbox in exchange removes the exchange attributes from the user and marks the box for deletion in exchange. Remove mailbox gets rid of the user and the mailbox, they changed this wording back in ex 2007 i believe.
0
SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40465095
I didn’t appreciate that this would also remove the AD users account as well!!

it is documented that that is the expected result

Use the Remove-Mailbox cmdlet to delete mailboxes and the associated user accounts.

Remove-Mailbox
http://technet.microsoft.com/en-us/library/aa995948(v=exchg.150).aspx

going forward, use disable-mailbox to only remove the mailbox

Disable-Mailbox
http://technet.microsoft.com/en-us/library/aa997210(v=exchg.150).aspx
0
 

Accepted Solution

by:
markfurey earned 0 total points
ID: 40472569
Couldn't restore the user accounts and no backups as Server was at an interim stage so I rebuilt a new domain/controller and migrated user profiles.
0
 

Author Comment

by:markfurey
ID: 40473642
I've requested that this question be closed as follows:

Accepted answer: 0 points for markfurey's comment #a40472569

for the following reason:

No one provided an answer started new AD domain from scratch.
0
 
LVL 7

Expert Comment

by:valmatic
ID: 40473643
No points, we provided you insight as to why you could not get these objects back. Just because you screwed up and there was no way to recover the object does not mean no one should get points for their effort.
0
 
LVL 2

Expert Comment

by:Rob Jurd (eenookami)
ID: 40474514
I've requested that this question be closed as follows:

Accepted answer: 0 points for markfurey's comment #a40472569

for the following reason:

As initially stated by the author
0
 
LVL 7

Expert Comment

by:valmatic
ID: 40474515
Umm, there is no way to resolve the issue since he did not make a backup..... He wanted to know why his boxes were gone and we explained he did not know the difference between remove and disable the boxes. Our effort is worth points.
0
 
LVL 7

Expert Comment

by:valmatic
ID: 40476170
eenookami - hahaha is somebody frustrated!
0
 

Author Comment

by:markfurey
ID: 40478072
IIts all done and dusted now and I have rebuilt a new AD domain, what I couldn’t understand was why I couldn’t recover AD objects, namely the user accounts in the normal way and wondered if removing user accounts by running the "remove-mailbox" command somehow permanently deleted the user objects.

Hopefully this will put an end to it, obviously some people have too much time on their hands!
0
 
LVL 7

Expert Comment

by:valmatic
ID: 40480486
The problem is that some people who have extra time come here to help out and you get these certain people who act like points are money out of their own pocket and instead of saying thanks you kick them in the.. and say no one deserves anything for their input.
If people did not have too much time on their hand EE would not exist right! Most people here make a point to try and answer questions as a way to give back for the help they get on theirs. But you are obviously a poc know it all.
0
 

Author Comment

by:markfurey
ID: 40481898
Have as many points as you want, I don't give a ****! I realise that I "screwed up" as you put it, and as soon as the command was run and the realisation that it also removed AD accounts was evident I then looked-up the commands for confirmation, I didn't need further confirmation. My issue was why I couldn't then restore the AD objects which as of yet no one has been able to answer. I'm sure this won't be the end of this dialogue and a sharp reply will be quickly returned, if nothing else it will go someway to show my previous observation regarding "time" is a least in someway correct.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question