>> Best of all for one
object it would be free.
Huh. Nice to know. Thanks, Bob.
Rick
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Bobel
Sent: Thursday, August 11, 2005
4:34 PM
To: ActiveDir@mail.activedir.org;
ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] A bad bad
thing...Manual push of AD?
Ok, so sorry in advance for the
product plug...
Quest has two products called Recovery Manager for both
AD and for Exchange you could download them and recover the user with the demo
license. You would only need to do a Windows backup on a DC where delete has
not yet been replicated. This will recover the group memberships etc...
Best of all for one object it would be free.
From:
[EMAIL PROTECTED] on behalf of Grillenmeier, Guido
Sent: Thu 8/11/2005 4:50 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] A bad bad
thing...Manual push of AD?
it'll try
- but as the version of the tombstone object will then be
lower than that of the auth. restored object, the local change on the
deleted object itself will simply be disregarded and the object +
attributes restored (read: they will be overwritten by the auth.
restored object which have a higher version number).
but the main point Brett is also making seems to be ignored in the rest
of this thread => although we still don't know Shadow Roldan's OS
version, the probability is somewhat high that he's not using Win2003
SP1 (maybe not even any non-SP1 Win2003), which means that he has to
take special care of the links that the deleted object was linked to
(read: mainly the group-memberships he had).
Depending on the version of the DC OS, these won't be restored on the
unplugged DC (Win2000 won't help you at all, Win2003 would revive the
links if they were LVR links, Win2003 SP1 will also get the non-LVR
links back and write them to an ldif file so that you can restore the
links by importing the ldif file).
/Guido
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Rick Kingslan
Sent: Donnerstag, 11. August 2005 22:10
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] A bad bad thing...Manual push of AD?
Brett,
How is this going to help him get the DC back online that he yanked the
cable on? As soon as that system is plugged back in, it's going to repl
out
the change, no?
Rick
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Brett Shirley
Sent: Thursday, August 11, 2005 1:54 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] A bad bad thing...Manual push of AD?
Well you're lucky that you yanked the network cable in time, now you
don't
have to do a system state restore to get the user back ...
Find a DC where the user still exists in a pristine condition, all the
mailbox details, etc. Reboot the DC in DS Restore mode(DSRM). Use
ntdsutil.exe to auth restore just that user's object.
You may (probably will) also have to restore links to that user, at this
point it'd be nice if you were running on Win2k3 SP1, but if not it is
still accomplishable.
For Win2k3 Sp1, after auth restoring the user, there should be some ldf
file(s) that will allow you to restore the links. Simply use ldifde, to
apply these files to the appropriate DCs (up to one ldf per domain).
For pre this latest generation (which is more likely, because you could
yank the net cable in time), you may have to find the objects that are
linked to the user, and restore them yourself. You can do this by
performing an LDAP operation that deletes and re-sets the links to that
user.
BTW, there is a more extensive KB article you might find useful:
http://support.microsoft.com/?kbid=840001
Cheers,
BrettSh
This posting is provided "AS IS" with no warranties, and confers no
rights.
On Thu, 11 Aug 2005, Shadow Roldan wrote:
> So I did a bad thing, I deleted a user at a different site and marked
> his mailbox for deletion
>
> Immediately recognizing my mistake I *ran* to the server room and
yanked
> the network cable of the dc I was connected to.
>
> For now, none of the changes have replicated.
>
> I want to bring this machine back online, but I don't want those
changes
> to go through
>
> How would you make this happen?
>
> Thanks guys
>
>
>
> S
>
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
|
