Active directory restore

Hi All,

I have windows server 2008 active directory and exchange 2007.
After I moved all the mailboxes to exchange online, I was attempting to decommissioning exchange 2007.
along the way, I removed most mailboxes and deleted some domain corresponding to mailboxes.

I have tried to adrestore on all deleted users. however, all password and permission is gone.
there is any way that I can restore it.
I have backup but the image is no good.

Ryan LinAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AmitIT ArchitectCommented:
You should have enabled the Recycle feature. That might have helped you to recover back everything. In current situation you need to set the password and permission manually. I don't suggest to restore AD backup. That could create more issues.
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
Passwords and group membership will not be restored unless you do a non-authoritative restore.
AmitIT ArchitectCommented:
It need to be authoritative restore.
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
Sorry, meant authoritative.
Will SzymkowskiSenior Solution ArchitectCommented:
I removed most mailboxes and deleted some domain corresponding to mailboxes.

If you have deleted individual users then Recycle Bin would be helpful. However this ferature is NOT enabled by default. However you can still recover the individual AD Accounts using LDP.exe. This will not restore group memberships but it allows you to recover items without having to perform a complete Restore of AD.

See the HowTo I have created below and it outlines how to accomplish this.

Restore Active Directory Items without a backup

Ryan LinAuthor Commented:
I have tried to LDP.exe and it turns out not helping recover . I was able to extract NTDS folder and SYSVOL folder from the backup.
The twist was that the DC is a virtual machine. I shut down the DC and mount the vm disk to another virtual machine. Overwriting NTDS folder and SYSVOL folder on that disk did the trick. everything  was back to the way it was. The case solved. Thanks for the help. you guys were inspirational.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AmitIT ArchitectCommented:
Good it is solved for you. Watch out for USN rollback issue also.
Ryan LinAuthor Commented:
this did resolved the issue but this is the unconventional method. The potential issue could happen.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.