" NOT the USN. Everyone makes that mistake ... why can no one keep the version and the USN straight?"
:o) You know - I really don't know why. I know the difference, and I continually make that mistake. I can bet, too, that if I go back through any number of books, news posts, documents written by other folks - I'm fairly certain that I can find the mistake made again and again. In fact - I have to go take a look at MOC. I THINK that they have it wrong as well. I'll point it out to Internal if that, is in fact, the case. Rick -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley Sent: Thursday, August 11, 2005 5:22 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] A bad bad thing...Manual push of AD? NOT the USN. Everyone makes that mistake ... why can no one keep the version and the USN straight? The USN never resolves replication conflicts, only tells us WHAT to replicate, never WHAT should win. The version is the opposite, it never tells us what we need to replicate, only who should win in case of a conflict ... During auth restore the version is incremented by 100000 (per day old the backup is), and the USN is simply allocated from the next available USN (i.e. it is only guaranteed to be at least 1 higher than the last USN, but more likely there is just some random number of USNs in between, so it jumps by "some amount" ...). Cheers, -BrettSh On Thu, 11 Aug 2005, Rick Kingslan wrote: > Ahhhh.... Right, right. I forgot the increase of 100000 in the USN. This > would effectively insure that the newly authed object would not be > overwritten by the object on the DC yanked from the network. > > So, Guido is right (as always). Rebuilding the DC is not even remotely the > issue - and is not even necessary once the USN is increased. > > Got it. Thanks for the clarification, all! > > Rick > > _____ > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, > Jorge de > Sent: Thursday, August 11, 2005 3:34 PM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] A bad bad thing...Manual push of AD? > > > > You are both correct... > > > > However, what Brett says (and what I thought) is use another DC will the use > still in full detail. Boot into DSRM Use NTDSUTIL and an AUTH restore so > that the version of the object is increased (by 100000) Because the version > of the user has been increased the deleted version of the user will be > undone. Only after restoring he should bring back the DC online. The > deletion will replicate out and the undeletion (the object with a higher > version) will replicate in. > > > > If he brings the DC back online before doing an auth restore of the object, > the deletion will replicate to ther other DCs and then he will, as Brett > said, need do do a system state restore. > > > > The procedure Brett described below and I above looks like the lag site > structure and in this with only one DC and someone who can run really > fast... ;-))) > > > > Jorge > > > > _____ > > From: [EMAIL PROTECTED] on behalf of Rick Kingslan > Sent: Thu 8/11/2005 9:10 PM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] A bad bad thing...Manual push of AD? > > Brett, > > How is this going to help him get the DC back online that he yanked the > cable on? As soon as that system is plugged back in, it's going to repl out > > the change, no? > > Rick > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Brett Shirley > Sent: Thursday, August 11, 2005 1:54 PM > To: ActiveDir@mail.activedir.org > Subject: Re: [ActiveDir] A bad bad thing...Manual push of AD? > > > > Well you're lucky that you yanked the network cable in time, now you don't > have to do a system state restore to get the user back ... > > Find a DC where the user still exists in a pristine condition, all the > mailbox details, etc. Reboot the DC in DS Restore mode(DSRM). Use > ntdsutil.exe to auth restore just that user's object. > > You may (probably will) also have to restore links to that user, at this > point it'd be nice if you were running on Win2k3 SP1, but if not it is > still accomplishable. > > For Win2k3 Sp1, after auth restoring the user, there should be some ldf > file(s) that will allow you to restore the links. Simply use ldifde, to > apply these files to the appropriate DCs (up to one ldf per domain). > > For pre this latest generation (which is more likely, because you could > yank the net cable in time), you may have to find the objects that are > linked to the user, and restore them yourself. You can do this by > performing an LDAP operation that deletes and re-sets the links to that > user. > > BTW, there is a more extensive KB article you might find useful: > http://support.microsoft.com/?kbid=840001 > > Cheers, > BrettSh > > This posting is provided "AS IS" with no warranties, and confers no > rights. > > On Thu, 11 Aug 2005, Shadow Roldan wrote: > > > So I did a bad thing, I deleted a user at a different site and marked > > his mailbox for deletion > > > > Immediately recognizing my mistake I *ran* to the server room and yanked > > the network cable of the dc I was connected to. > > > > For now, none of the changes have replicated. > > > > I want to bring this machine back online, but I don't want those changes > > to go through > > > > How would you make this happen? > > > > Thanks guys > > > > > > > > S > > > > > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > This e-mail and any attachment is for authorised use by the intended > recipient(s) only. It may contain proprietary material, confidential > information and/or be subject to legal privilege. It should not be copied, > disclosed to, retained or used by, any other party. If you are not an > intended recipient then please promptly delete this e-mail and any > attachment and all copies and inform the sender. Thank you. > > > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
