HayesJupe's Blog

November 16, 2011

AD restores

Filed under: Active Directory — hayesjupe @ 10:10 am

So i got an email from a client this morning saying “dont ask – but i have lost all of our staff users in AD – Help”

to cut a long story short, the guys had gone into exchange 2010 EMC – and tried to remove staff mailboxes (for another reason i wont go into) and actually removed everything, including the AD account. They claim the exchange right-click isnt clear – and i agree to an extent…. instead of “disable” and “remove” – which need to be interpreted…. how about “remove mailbox” and “remove user + mailbox” – much clearer…. anyhoo – thats off topic – and its not going to change anyway.

On to AD…. so these guys had done most of the right things – they had located a system state restore for a DC from the night before – a DC that wasn’t a CA or anything else that might be intefered with from a restore – and they had run a restore – but had no success.

Anyhoo – here is an official MS article that helps you out – http://support.microsoft.com/kb/840001

For the abridged version specifically for this client (they asked for this blog post)

First – Try ADRestore.Net and/or ADRestore…… nice article about those here…. – http://www.petri.co.il/recovering-deleted-items-active-directory.htm

At this client site – we found that using either of these tools bought the object back – but no group memerbships, or other details such as department, address etc. So that was really no good…. next option, an auth restore….

Restart your DC of choice in directory services restore mode (press F8 on boot up to see this option)

Run windows server backup…..select as appropriate…. now this screen is the one that got these guys confused

For some reason “perform an authortive restore of active directory files” does not perform an auth restore…. hey, maybe were doing something wrong – or maybe its just bad terminology again by MS and it means something else….. but i dont really care in this situation – so lets move on…

once the restore is complete – do not reboot

Open a command prompt and use ntdsutil….


activate server ntds

authoritative restore

if its a specific object you want to restore: restore object <object DN path>

if its an entire OU you want tro restore: restore object <OU DN path>

Reboot – done.


Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Blog at WordPress.com.

%d bloggers like this: