hopefully you have another Win2003 DC with SP1 => a non-SP1 2003 DC would require you to perform more manual steps during the restore. As you're still in mixed mode, none of your links are LVR (which means they won't be revived on a non-SP1 DC and ofcourse not on a Win2000 DC)
1. so boot another SP1 DC into DS Restore mode 2. use ntdsutil.exe to auth restore that user's object => with SP1, this step will create an LDIF file that will allow to restore the groups etc. it will be called "ar_<date>-<time>_links_<fully.qualified.domain.name>.ldf" (e.g. ar_20050725-145850_links_child1.root.net.ldf) and contain something similar to this: dn: CN=Child1-UG1,OU=Groups,OU=MyChild1OU1,DC=child1,DC=root,DC=net changetype: modify delete: member member: CN=Root-User1,OU=Accounts,OU=MyRootOU1,OU=Externals,DC=root,DC=net - dn: CN=Child1-UG1,OU=Groups,OU=MyChild1OU1,DC=child1,DC=root,DC=net changetype: modify add: member member: CN=Root-User1,OU=Accounts,OU=MyRootOU1,OU=Externals,DC=root,DC=net - dn: CN=Child1-User2,OU=Accounts,OU=MyChild1OU1,DC=child1,DC=root,DC=net changetype: modify delete: manager manager: CN=Root-User1,OU=Accounts,OU=MyRootOU1,OU=Externals,DC=root,DC=net - dn: CN=Child1-User2,OU=Accounts,OU=MyChild1OU1,DC=child1,DC=root,DC=net changetype: modify add: manager manager: CN=Root-User1,OU=Accounts,OU=MyRootOU1,OU=Externals,DC=root,DC=net - If you have multiple domain, you may get more than one file (depends on group-memberships of user and if you are doing the auth restore on a DC or GC - you should choose a GC if you have more than one domain). All you need to do after reboot is take that file and execute an LDIF import command (on a DC that corresponds to the file's domain): Ldifde -i -k -f ar_<date>-<time>_links_<fully.qualified.domain.name>.ldf e.g. Ldifde -i -k -f ar_20050725-145850_links_child1.root.net.ldf /Guido -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shadow Roldan Sent: Freitag, 12. August 2005 01:35 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] A bad bad thing...Manual push of AD? OK This is what I was looking for, this site didn't actually have a chance to repl out the delete so I just push back the 'good' state? So, if I understand I am supposed to: 1. reboot a good DC into DS Restore mode 2. use ntdsutil.exe to auth restore that user's object. 3. use ldifde to restore the links (not sure about this step...any more info?) Bring my mistake DC back online, it tries to replicate, hits the Auth Restore, and the delete gets tossed, my mistake is rectified, and no one is the wiser... Yes? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Thursday, August 11, 2005 2:56 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] A bad bad thing...Manual push of AD? I agree completely - that is the attraction of the lag sites - I have something in which I can push a change back out from a time delayed replica to where the object sill exists. And I agree as well - if there is a DC that has the object required - by all means, repl it back out authoritatively. Rick -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Thursday, August 11, 2005 3:31 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] A bad bad thing...Manual push of AD? Hmmm, maybe I misunderstoood ... I understood he has a user deleted on some DCs, but not on others. He doesn't want the user deleted. He can then just take a DC with the user, auth restore the user, let that replicate out. Yes, the delete change will try to replicate out, but when it hits the auth restore the delete operation will essentially be tossed. I mean this is the whole attraction to hot sites is it not? Am I missing something? Cheers, BrettSh On Thu, 11 Aug 2005, Rick Kingslan wrote: > Brett, > > How is this going to help him get the DC back online that he yanked > the cable on? As soon as that system is plugged back in, it's going > to repl out > the change, no? > > Rick > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley > Sent: Thursday, August 11, 2005 1:54 PM > To: ActiveDir@mail.activedir.org > Subject: Re: [ActiveDir] A bad bad thing...Manual push of AD? > > > Well you're lucky that you yanked the network cable in time, now you > don't have to do a system state restore to get the user back ... > > Find a DC where the user still exists in a pristine condition, all the > mailbox details, etc. Reboot the DC in DS Restore mode(DSRM). Use > ntdsutil.exe to auth restore just that user's object. > > You may (probably will) also have to restore links to that user, at > this point it'd be nice if you were running on Win2k3 SP1, but if not > it is still accomplishable. > > For Win2k3 Sp1, after auth restoring the user, there should be some > ldf > file(s) that will allow you to restore the links. Simply use ldifde, > to apply these files to the appropriate DCs (up to one ldf per domain). > > For pre this latest generation (which is more likely, because you > could yank the net cable in time), you may have to find the objects > that are linked to the user, and restore them yourself. You can do > this by performing an LDAP operation that deletes and re-sets the > links to that user. > > BTW, there is a more extensive KB article you might find useful: > http://support.microsoft.com/?kbid=840001 > > Cheers, > BrettSh > > This posting is provided "AS IS" with no warranties, and confers no > rights. > > On Thu, 11 Aug 2005, Shadow Roldan wrote: > > > So I did a bad thing, I deleted a user at a different site and > > marked his mailbox for deletion > > > > Immediately recognizing my mistake I *ran* to the server room and > > yanked the network cable of the dc I was connected to. > > > > For now, none of the changes have replicated. > > > > I want to bring this machine back online, but I don't want those > > changes to go through > > > > How would you make this happen? > > > > Thanks guys > > > > > > > > S > > > > > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
