> BTW, Win2003 SP1 has updated some
search flags, so as to add the SIDhistory and Password attributes to the
tombstone (I believe this
> is only valid for new installation
of AD).
Actually, not quite. For sidHistory, the
SP1 change in behavior works for existing installations juts as well as
existing ones. However, to be safe, we didn’t actually modify
searchFlags. Instead, we added sidHistory to the list of attributes we always
preserve on tombstones no matter what the schema tells us we should (there is a
list so that you can’t subvert replication and strip off more than should
be allowed). This was deemed safer than modifying your schema out from under
you on SP upgrade. I tend to agree.
This of course leads to the fact that
non-SP1 DCs will strip sidHistory where SP1 will keep it. This was well
understood, but we did not want a schema change for SP1. So we figured, it was this
or wait for Longhorn. We went with this as being better than nothing.
~Eric
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido
Sent: Monday, July 11, 2005 7:08
AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Keep
existing attributes from users restored.
realize that this search-flag can't be
applied to all attributes (e.g. linked attributes such as member/memberOf)
=> as such you will always require a combination of actions to successfully
recover users to a previous state. If you do want to leverage the
tombstone reanimation feature of 2003 (such as leveraged by SysInternal's
adrestore), you'll have to have mechanisms in place to recover attributes which
you can't contain in the tombstone object.
BTW, Win2003 SP1 has updated some search
flags, so as to add the SIDhistory and Password attributes to the tombstone (I
believe this is only valid for new installation of AD). These are the ones that
other third-party tools which help with re-populating the missing attributes
can't rewrite after tombstone revival occures => as such I would certainly
consider changing these search flags in other AD implementations, which
leverage restore tools that also use the tombstone reanimation method.
/Guido
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN
Sent: Samstag, 9. Juli 2005 00:03
To: ActiveDir@mail.activedir.org
Subject: RE : [ActiveDir]
Keep existing attributes from users restored.
De:
[EMAIL PROTECTED] de la part de Dean Wells
Date: ven. 08/07/2005 18:29
À: Send - AD mailing list
Objet : RE: [ActiveDir] Keep
existing attributes from users restored.
<Resent
for clarity, odd formatting in previous post ... at least on my end>
... modify the searchFlags property of the attributeSchema class that
represents the attribute you'd like preserved during logical deletion.
1. Run ADSIEDIT.MSC (Support Tools) (Requires Schema Admins)
2. Expand the Schema NC (Naming Context)
3. Locate "cn=<attribute>"
4. Right click it and select Properties
5. Locate and edit the "searchFlags" property
6. Perform a bitwise-or of bit 3 (the 8)
7. Click OK
8. Right click the node in the left pane labeled "Schema [your DC's
FQDN]",
select "Update Schema Now"
To make my reason for asking clear, I don't think modifying an enterprise
property for the sake of recovering slightly more quickly from occasional
deletions is particularly good practice ... but that's just me :o)
--
Dean Wells
MSEtechnology
* Email: [EMAIL PROTECTED]
http://msetechnology.com
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, July 08, 2005 11:30 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Keep existing attributes from users restored.
Out of curiosity Dean, what schema mod is this?
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Dean Wells
Sent: Friday, July 08, 2005 11:20 AM
To: Send - AD mailing list
Subject: RE: [ActiveDir] Keep existing attributes from users restored.
To do that, you need to modify the schema. The schema modification must
be
in place before the deletion occurs, are you prepared to modify the schema
for such a rare occurrence (at least I hope this is rare)?
--
Dean Wells
MSEtechnology
* Email: [EMAIL PROTECTED]
http://msetechnology.com
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of TIROA YANN
Sent: Friday, July 08, 2005 11:05 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Keep existing attributes from users restored.
Hello all :)
I recovered deleted users from deletion succesfully by either the following
method http://support.microsoft.com/kb/840001/en-us
or the excellent
adrestore tool from sysinternals.
But when i restore deleted users, all their existing attributes (such as
telephone, fax dispalyname, sn, givenname,etc..) are not kept after
restoration.
The account is only disabled.
Only their sids are kept. I'd like to find a way to recover all their
attributes too that is to say the state they were before deletion.
Any ideas ?
Thanks in advance.
Cheers,
Yann TIROA
Centre de Ressources Informatique.
Campus Scientifique de la DOUA.
Bât. Gabriel Lippmann - 2 ème étage - salle 238.
43, Bd du 11 Novembre 1918.
69622 Villeurbanne
Cedex.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
