it'll try - but as the version of the tombstone object will then be lower than that of the auth. restored object, the local change on the deleted object itself will simply be disregarded and the object + attributes restored (read: they will be overwritten by the auth. restored object which have a higher version number).
but the main point Brett is also making seems to be ignored in the rest of this thread => although we still don't know Shadow Roldan's OS version, the probability is somewhat high that he's not using Win2003 SP1 (maybe not even any non-SP1 Win2003), which means that he has to take special care of the links that the deleted object was linked to (read: mainly the group-memberships he had). Depending on the version of the DC OS, these won't be restored on the unplugged DC (Win2000 won't help you at all, Win2003 would revive the links if they were LVR links, Win2003 SP1 will also get the non-LVR links back and write them to an ldif file so that you can restore the links by importing the ldif file). /Guido -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Donnerstag, 11. August 2005 22:10 To: [email protected] Subject: RE: [ActiveDir] A bad bad thing...Manual push of AD? Brett, How is this going to help him get the DC back online that he yanked the cable on? As soon as that system is plugged back in, it's going to repl out the change, no? Rick -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Thursday, August 11, 2005 1:54 PM To: [email protected] Subject: Re: [ActiveDir] A bad bad thing...Manual push of AD? Well you're lucky that you yanked the network cable in time, now you don't have to do a system state restore to get the user back ... Find a DC where the user still exists in a pristine condition, all the mailbox details, etc. Reboot the DC in DS Restore mode(DSRM). Use ntdsutil.exe to auth restore just that user's object. You may (probably will) also have to restore links to that user, at this point it'd be nice if you were running on Win2k3 SP1, but if not it is still accomplishable. For Win2k3 Sp1, after auth restoring the user, there should be some ldf file(s) that will allow you to restore the links. Simply use ldifde, to apply these files to the appropriate DCs (up to one ldf per domain). For pre this latest generation (which is more likely, because you could yank the net cable in time), you may have to find the objects that are linked to the user, and restore them yourself. You can do this by performing an LDAP operation that deletes and re-sets the links to that user. BTW, there is a more extensive KB article you might find useful: http://support.microsoft.com/?kbid=840001 Cheers, BrettSh This posting is provided "AS IS" with no warranties, and confers no rights. On Thu, 11 Aug 2005, Shadow Roldan wrote: > So I did a bad thing, I deleted a user at a different site and marked > his mailbox for deletion > > Immediately recognizing my mistake I *ran* to the server room and yanked > the network cable of the dc I was connected to. > > For now, none of the changes have replicated. > > I want to bring this machine back online, but I don't want those changes > to go through > > How would you make this happen? > > Thanks guys > > > > S > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
