tombstone reanimation is not dependend on any DFL or FFL -
but it does require a Win2k3 DC. So if you have at least one in your domain
(even if all others are still Win2k), you can leverage tombstone reanimation on
that DC. But you must obviously repopulate all attributes, incl. group
memberships.
You might be better off doing an authoritative restore in
your case (from your questioning, it doesn't sound like you've prepared a backup
for all the attribute/group data etc.). In this case you'll still need to fix
the group membership, but if you only have a single domain, you'll at least see
all the group-memberships of the recovered user object on the recovery DC (but
they won't replicate out...). You'll have to re-add the user to the groups to
ensure successful recovery. Win2k3 SP1 has some nice enhancements in this space
to help out.
Gil and I have written a whitepaper with most nitty gritty
details about all this stuff - you might want to check it
out:
/Guido
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern
Sent: Dienstag, 10. Januar 2006 17:34
To: [email protected]
Subject: Re: [ActiveDir] Strange deleted object issue
Oh yeah, can you reanimate an object from Deleted Objects in win2k or is
that only a win2k3 DFL feature?
What are my options for restoring the account?
Just backup and repopulate group membership/acl's?
Thanks again
On 1/10/06, Tom Kern
<[EMAIL PROTECTED]> wrote:
Thanks.That worked.Now my question is, why didn't LDP show that?is it because i'm running the win2k3 verison against a win2k forest?what am i doing wrong with ldp?Thanks again
On 1/10/06, Coleman, Hunter <[EMAIL PROTECTED]> wrote:Try adfind with the -showdel flag
From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Tom Kern
Sent: Tuesday, January 10, 2006 8:11 AM
To: activedirectory
Subject: [ActiveDir] Strange deleted object issue
I have this weird issue-A user object is missing from my win2k native mode domain.I know because this user has complained that he can't log in and i can't find the object anywhere in AD.I've checked the deleted objects container in AD with ldp and he is not in there as well.He's not in the Lost and Found container either.His exchange mailbox is oprhaned in ESM.Sometime last nite this user was deleted but i have no way of finding him. we don't have auditing turned on for that but i figured if an object was deleted it would definetely be in the deleted objects container.is there anyway to bypass that?where else can i look?Any help would be great because this is just plain bizzare.Thanks
