BTW: my note assumes there is more than one DC in the environment. Is that correct? If this is a single dc environment you'll just need to system state restore the DC, but unfortunately that will roll the entire directory back to the state from last night. Since there are no replicas that is unfortunately the way it is I'm afraid.
~Eric -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Tuesday, March 23, 2004 10:46 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Accidentally deleted OU with lots of users It's not that simple. To perform an authoritative restore of an OU full of users, here's a rough step by step: 1) System state restore of a DC; mark OU full of users authoritative (IE mark the subtree authoritative) 2) Boot DC on to private network 3) Disable inbound replication on the DC (repadmin can do this for you) 4) put DC back on to production network; let users replicate out 5) Identify groups that the users affected are a member of 6) Boot DC in to ds restore mode; mark affected groups from step 5 as authoritative 7) Boot DC back to normal mode 8) enable inbound replication The other option is to repopulate the groups with the affected users rather than marking the groups authoritative. This approach is particularly advantageous if you have groups that span the domain boundary. If you want to repopulate the groups rather than restore them send me a note offline and I can help you with that. The same procedure would be followed for computers should the computer accounts be members of groups above and beyond their primary group membership. If they are just in the primary group they just need to restore the computer account. Group restores don't need anything like this either (except for nested group memberships). If anyone is unclear as to why you need the double auth restore or auth restore + repopulation just holler. ~Eric -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Santhosh Sivarajan Sent: Tuesday, March 23, 2004 7:40 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Accidentally deleted OU with lots of users Yep. Try to do an Authoritative Restore of the OU -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 6:28 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Accidentally deleted OU with lots of users This is not really terrible. Especially since you have a good backup. http://support.microsoft.com/default.aspx?scid=kb;EN-US;q241594 pay close attention to the "Restore a Subtree" part. If you don't understand any part of it, ask here again. Sincerely, D�j� Ak�m�l�f�, MCSE MCSA MCP+I Microsoft MVP - Active Directory www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of David Wentworth Sent: Tue 3/23/2004 4:08 PM To: [EMAIL PROTECTED] Cc: David Wentworth Subject: [ActiveDir] Accidentally deleted OU with lots of users Folks, I really screwed up this time. I meant to delete a user object but accidentally deleted the OU and all the users. How can I get it all back? The backup ran last night and I think I can restore all of the Active Directory, but I really don't want to roll back everything to where it was last night. I just want the OU back. Please help. Dave List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
