RE: [ActiveDir] Recreate BUILTIN\Incoming Forest Trust Builders

[Eric Fleischman]

I haven’t read the entire thread which has happened, but IF you managed to delete it, ping me offline and I can help you recreate it. But I would be totally sure it is gone first….a database dump sounds like a fine way to confirm.   ~Eric     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matheesha Weerasinghe Sent: Monday, August 14, 2006 8:56 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Recreate BUILTIN\Incoming Forest Trust Builders   I also meant to view as Administrator. Not an account with domain admin rights. There are subtle differences in certain scenarios. I was assuming the ACLs on the object or the parent are possibly preventing you from viewing the object. But I doubt its the case.   You arent using the list object (LO) right are you?   M@   On 8/14/06, Matheesha Weerasinghe <[EMAIL PROTECTED]> wrote: By the way you are looking for this on the forest root right?   M@   On 8/14/06, Han Valk <[EMAIL PROTECTED] > wrote: Yep logged in as Domain Admin. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of > Matheesha Weerasinghe > Sent: Monday, August 14, 2006 13:00 > To: ActiveDir@mail.activedir.org > Subject: Re: [ActiveDir] Recreate BUILTIN\Incoming Forest > Trust Builders > > I am wondering if there are ACLs defined on the group itself > or the OU above to prevent you from seen it. Do you see it as > the Administrator account of the domain? > > M@ > > > On 8/14/06, Han Valk < [EMAIL PROTECTED]> wrote: > >       Problem is I don't see it anymore in the BUILTIN > container. Strange thing is >       that if I look at the security of the domain object in > ADUC Incoming Forest >       Trust Builders is there. > >       > -----Original Message----- >       > From: [EMAIL PROTECTED] >       > [mailto: [EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]> ] On Behalf Of >       > Matheesha Weerasinghe >       > Sent: Monday, August 14, 2006 10:22 >       > To: ActiveDir@mail.activedir.org >       > Subject: Re: [ActiveDir] Recreate BUILTIN\Incoming Forest >       > Trust Builders >       > >       > I dont think so. objectsid attribute is a systemonly >       > attribute. Personally I am impressed of that "smart >       > co-worker" that managed to delete it. According to the AD >       > Delegation appendices >       > > http://www.microsoft.com/downloads/details.aspx?FamilyID=29dba >       e88-a216-45f9-9739-cb1fb22a0642&DisplayLang=en > >       < http://www.microsoft.com/downloads/details.aspx?FamilyID=29db >       ae88-a216-45f9-9739-cb1fb22a0642&DisplayLang=en>  its > not > possible to move >       delete rename this group. >       > >       > May be he exploited the dynamic objects feature in Windows >       > 2003 RTM? >       > > http://blogs.dirteam.com/blogs/tomek/archive/2006/06/23/1175.aspx >       > >       > >       > M@ >       > >       > >       > >       > On 8/14/06, Han Valk < [EMAIL PROTECTED]> wrote: >       > >       >       Hi, >       > >       >       A smart co-worker deleted the BUILTIN\Incoming Forest >       > Trust Builders group. >       >       Is it possible to recreate this group with the same >       > well known SID? >       >       Authoritative restore is out of the question, >       > deletetion is too long ago. >       > >       >       Han Valk. >       >       List info   : http://www.activedir.org/List.aspx >       >       List FAQ    : http://www.activedir.org/ListFAQ.aspx >       >       List archive: http://www.activedir.org/ml/threads.aspx >       > >       > >       > >       > >       List info   : http://www.activedir.org/List.aspx > <http://www.activedir.org/List.aspx> >       List FAQ    : http://www.activedir.org/ListFAQ.aspx >       List archive: http://www.activedir.org/ml/threads.aspx > > > > List info   : http://www.activedir.org/List.aspx List FAQ    : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx