fredag 10 februari 2012

Restoring a deleted user in AD

There’s some lack of information regarding how to restore a user account / user object in Active Directory if it’s been accidently deleted.

In Windows Server 2008 R2 you have the paper basket function that allows you to “restore” deleted objects within the tombstone time interval.

If you would like to restore the User account from a System State backup you must do this in two steps.

1. Restore the System State information with DPM and wbadmin

2. Use NTDSUTIL to restore an object from the System state backup previously restored.

Let’s have a look at these two steps in a more detailed view.

When you restore the System State you’ll have to ways of doing this. From the DPM server, restore the System State to a Domain Controller OR restore the System State locally to a shared folder on the DPM server. In this example I will restore the system state locally on the DPM server.

Part 1
Restore the System State to the local catalogue in the DPM server and share the underlying catalogue named DPM_Recovered_AT_* with read rights with the shareame systemstate.

Part 2

Now you must put the domain controller into a Directory Service Restore Mode. To do this, go to the domain controller and open a command prompt.
Type bcdedit /set safeboot dsrepair and then restart your server. Now your domain controller will start in a safe mode and you must log on locally to the Domain Controller.

It’s now time to restore the systemstate file that resides on the DPM server, we will use wbadmin to achieve this. The first thing you must do is to verify the version of the systemstate backup.

Open a command prompt and type the following syntax:
Wbadmin get versions –backuptarget:\\[DPMSERVERNAME]\systemstate

Mark the version identifiers output and copy that. Now you will start the systemstate recovery operation using Wbadmin.
In my example I will type: Wbadmin start systemstaterecovery –version:01/11/2012-13:00 -backuptarget:\\dpm1\systemstate

You’ll get at question regarding if you want to start the system state recovery, type Y and press enter.

You’ll get a second question regarding if you’re sure to use a network folder, type Y and press enter.

You’ll get a third question regarding replicated content to be resynchronized, type Y and press enter.

Now the restore operation begins.

Several files will be restored.

The writers will recovery those files and report back to wbadmin.

The System Writer will restore the data.

After the System Writer has finished it will give you an output regarding the result of the restore operation. Don’t type y yet.

Open another command prompt and we will restore the deleted account using ntdsutil.exe. In the command prompt type ntdsutil and press enter.

Now you must set the instance. Type activate instance NTDS and press enter.

Now you must define which type of restore you will perform. In this example we will use a authoritative restore. Type authoritative restore and press enter.

Now you type in the distinguished name (DN) for the user you want to restore, in my case the user name is Adam Svensson.
Restore object ” CN=Adam Svensson,CN=Users,DC=contoso,DC=com” and press enter.

You’ll get a question if you want to perform this Authoritative Restore, click on Yes.

The restore of the user object will now start to restore.

When the restore is done type quit two times to exit the ntdsutil tool.

Now type bcdedit /deletevalue safeboot and restart the server.


Inga kommentarer:

Skicka en kommentar