Ahhhh.... Right, right. I forgot the increase of 100000 in the USN. This would effectively insure that the newly authed object would not be overwritten by the object on the DC yanked from the network.
So, Guido is right (as always). Rebuilding the DC is not even remotely the issue - and is not even necessary once the USN is increased. Got it. Thanks for the clarification, all! Rick _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Thursday, August 11, 2005 3:34 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] A bad bad thing...Manual push of AD? You are both correct... However, what Brett says (and what I thought) is use another DC will the use still in full detail. Boot into DSRM Use NTDSUTIL and an AUTH restore so that the version of the object is increased (by 100000) Because the version of the user has been increased the deleted version of the user will be undone. Only after restoring he should bring back the DC online. The deletion will replicate out and the undeletion (the object with a higher version) will replicate in. If he brings the DC back online before doing an auth restore of the object, the deletion will replicate to ther other DCs and then he will, as Brett said, need do do a system state restore. The procedure Brett described below and I above looks like the lag site structure and in this with only one DC and someone who can run really fast... ;-))) Jorge _____ From: [EMAIL PROTECTED] on behalf of Rick Kingslan Sent: Thu 8/11/2005 9:10 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] A bad bad thing...Manual push of AD? Brett, How is this going to help him get the DC back online that he yanked the cable on? As soon as that system is plugged back in, it's going to repl out the change, no? Rick -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Thursday, August 11, 2005 1:54 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] A bad bad thing...Manual push of AD? Well you're lucky that you yanked the network cable in time, now you don't have to do a system state restore to get the user back ... Find a DC where the user still exists in a pristine condition, all the mailbox details, etc. Reboot the DC in DS Restore mode(DSRM). Use ntdsutil.exe to auth restore just that user's object. You may (probably will) also have to restore links to that user, at this point it'd be nice if you were running on Win2k3 SP1, but if not it is still accomplishable. For Win2k3 Sp1, after auth restoring the user, there should be some ldf file(s) that will allow you to restore the links. Simply use ldifde, to apply these files to the appropriate DCs (up to one ldf per domain). For pre this latest generation (which is more likely, because you could yank the net cable in time), you may have to find the objects that are linked to the user, and restore them yourself. You can do this by performing an LDAP operation that deletes and re-sets the links to that user. BTW, there is a more extensive KB article you might find useful: http://support.microsoft.com/?kbid=840001 Cheers, BrettSh This posting is provided "AS IS" with no warranties, and confers no rights. On Thu, 11 Aug 2005, Shadow Roldan wrote: > So I did a bad thing, I deleted a user at a different site and marked > his mailbox for deletion > > Immediately recognizing my mistake I *ran* to the server room and yanked > the network cable of the dc I was connected to. > > For now, none of the changes have replicated. > > I want to bring this machine back online, but I don't want those changes > to go through > > How would you make this happen? > > Thanks guys > > > > S > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
<<attachment: winmail.dat>>