> BTW, Win2003 SP1 has updated some
search flags, so as to add the SIDhistory and Password attributes to the
tombstone (I believe this > is only valid for new installation
of AD). Actually, not quite. For sidHistory, the
SP1 change in behavior works for existing installations juts as well as
existing ones. However, to be safe, we didn’t actually modify
searchFlags. Instead, we added sidHistory to the list of attributes we always
preserve on tombstones no matter what the schema tells us we should (there is a
list so that you can’t subvert replication and strip off more than should
be allowed). This was deemed safer than modifying your schema out from under
you on SP upgrade. I tend to agree. This of course leads to the fact that
non-SP1 DCs will strip sidHistory where SP1 will keep it. This was well
understood, but we did not want a schema change for SP1. So we figured, it was this
or wait for Longhorn. We went with this as being better than nothing. ~Eric From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido realize that this search-flag can't be
applied to all attributes (e.g. linked attributes such as member/memberOf)
=> as such you will always require a combination of actions to successfully
recover users to a previous state. If you do want to leverage the
tombstone reanimation feature of 2003 (such as leveraged by SysInternal's
adrestore), you'll have to have mechanisms in place to recover attributes which
you can't contain in the tombstone object. BTW, Win2003 SP1 has updated some search
flags, so as to add the SIDhistory and Password attributes to the tombstone (I
believe this is only valid for new installation of AD). These are the ones that
other third-party tools which help with re-populating the missing attributes
can't rewrite after tombstone revival occures => as such I would certainly
consider changing these search flags in other AD implementations, which
leverage restore tools that also use the tombstone reanimation method. /Guido From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN Thanks Dean, I will test it. Cheers, Yann De:
[EMAIL PROTECTED] de la part de Dean Wells <Resent
for clarity, odd formatting in previous post ... at least on my end> |
Title: RE: [ActiveDir] Keep existing attributes from users restored.
- RE: [ActiveDir] Keep existing attributes from users re... Eric Fleischman
- RE: [ActiveDir] Keep existing attributes from use... Grillenmeier, Guido
- RE: [ActiveDir] Keep existing attributes from use... Eric Fleischman
- RE: [ActiveDir] Keep existing attributes from use... Al Mulnick
- RE: [ActiveDir] Keep existing attributes from use... Dan Holme
- RE: [ActiveDir] Keep existing attributes from use... Grillenmeier, Guido