RE: [ActiveDir] HELP I just deleted an OU

[Steve Shaff]

It's not that simple. To perform an authoritative restore of an OU full of users, here's a rough step by step: 1) System state restore of a DC; mark OU full of users authoritative (IE mark the subtree authoritative) 2) Boot DC on to private network 3) Disable inbound replication on the DC (repadmin can do this for you) 4) put DC back on to production network; let users replicate out 5) Identify groups that the users affected are a member of 6) Boot DC in to ds restore mode; mark affected groups from step 5 as authoritative 7) Boot DC back to normal mode 8) enable inbound replication The other option is to repopulate the groups with the affected users rather than marking the groups authoritative. This approach is particularly advantageous if you have groups that span the domain boundary. If you want to repopulate the groups rather than restore them send me a note offline and I can help you with that. The same procedure would be followed for computers should the computer accounts be members of groups above and beyond their primary group membership. If they are just in the primary group they just need to restore the computer account. Group restores don't need anything like this either (except for nested group memberships). Steve   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grantham, Caron Sent: Monday, May 03, 2004 10:05 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] HELP I just deleted an OU         How can I get the OU with all objectes restored immediately