| Author | Messages | |
Aseem
Posts:4
 | | 07/16/2008 9:18 PM |
| I was asked this question:
There is a big domain with many DCs in it.
Day 1 : System state backup is taken.
Day 2: Some objects like users are created in the domain.
Day 2: Many of the objects in the domain are deleted (OUs, computers, Users)
randomly. So there is no listing of what all objects in which containers
were deleted. This deletion comprises of the objects that were existing
before the backup was taken and also some from the newly created objects.
Day3: The admin gets to know that a large number of objects has been
deleted, but he doesnot know exactly how many and which ones.
What should be done to recover the deleted objects that were there when the
backup was taken? Also for those objects that were created after backup, is
there anyway to restore them, any trick as i believe that going thru any
normal way those objects cannot be recovered.
Regards
Aseem
--
Love enables you to put your deepest feelings and fears in the palm of your
partner's hand, knowing they will be handled with care.
| | | |
| listmail
Posts:463
| | 07/16/2008 9:22 PM |
| You can use AdFind or a similar tool to dump a listing of the deleted
objects.
Log in as an admin and do something like
adfind -showdel -default -rb "cn=deleted objects" -f * objectclass
whenchanged -csv > deleted.csv
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
_____
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Aseem Kumar
Sent: Saturday, June 21, 2008 12:36 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Recovering randomly deleted objects in Active
Directory
Thanks for the prompt reply
But as there is no list of what all objects have been deleted, then how do i
have to proceed.
Should i restore the whole database, or someother option
On 6/21/08, Jorge de Almeida Pinto
<Jorge.deAlmeidaPinto@oxfordcomputergroup.com> wrote:
Forgot to mention:
Undelete is only available in w2k3 and higher
Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Consultant
MVP Identity & Access - Directory Services
Oxford Computer Group Benelux | (: +31 (0)6 26.26.62.80
<http://26.26.62.80/> | (: +31 (0)33 454.69.50 | 7: +31 (0)33 454.66.66 |
-: Hardwareweg 4, 3821BM Amersfoort, The Netherlands
www.oxfordcomputergroup.com | Expertise in Identity & Access Management
________________________________________________________________
MVP Profile א https://mvp.support.microsoft.com/profile/jorge1
MVP Home Site א https://mvp.support.microsoft.com/
MVP Overview א https://mvp.support.microsoft.com/mvpexecsum
BLOG א http://blogs.dirteam.com/blogs/jorge/default.aspx
________________________________________________________________
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Jorge de Almeida
Pinto
Sent: Saturday, June 21, 2008 17:28
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Recovering randomly deleted objects in Active
Directory
Deleted objects that are in the system state backup א auth restore (all info
restored)
Deleted objects that are NOT in the system state backup א auth restore
(partial info restored and partial info lost)
Have look at mskbq840001
Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Consultant
MVP Identity & Access - Directory Services
Oxford Computer Group Benelux | (: +31 (0)6 26.26.62.80
<http://26.26.62.80/> | (: +31 (0)33 454.69.50 | 7: +31 (0)33 454.66.66 |
-: Hardwareweg 4, 3821BM Amersfoort, The Netherlands
www.oxfordcomputergroup.com | Expertise in Identity & Access Management
________________________________________________________________
MVP Profile א https://mvp.support.microsoft.com/profile/jorge1
MVP Home Site א https://mvp.support.microsoft.com/
MVP Overview א https://mvp.support.microsoft.com/mvpexecsum
BLOG א http://blogs.dirteam.com/blogs/jorge/default.aspx
________________________________________________________________
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Aseem Kumar
Sent: Saturday, June 21, 2008 15:15
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Recovering randomly deleted objects in Active Directory
I was asked this question:
There is a big domain with many DCs in it.
Day 1 : System state backup is taken.
Day 2: Some objects like users are created in the domain.
Day 2: Many of the objects in the domain are deleted (OUs, computers, Users)
randomly. So there is no listing of what all objects in which containers
were deleted. This deletion comprises of the objects that were existing
before the backup was taken and also some from the newly created objects.
Day3: The admin gets to know that a large number of objects has been
deleted, but he doesnot know exactly how many and which ones.
What should be done to recover the deleted objects that were there when the
backup was taken? Also for those objects that were created after backup, is
there anyway to restore them, any trick as i believe that going thru any
normal way those objects cannot be recovered.
Regards
Aseem
--
Love enables you to put your deepest feelings and fears in the palm of your
partner's hand, knowing they will be handled with care.
--
Love enables you to put your deepest feelings and fears in the palm of your
partner's hand, knowing they will be handled with care.
| | | |
| nicolasblank
Posts:14
| | 07/16/2008 9:22 PM |
| would finding an object in the deleted items container not work here?
I don't know if this was available pre win23k ? When an object is deleted it
really is tombstoned and still available, albeit in a stripped down state,
and therefore still recoverable. I've been doing object level restore via
GUI (and third party utils - Aelita and similar) for both win2k and 2k3.
I you have the budget I would strongly suggest you go for a supported third
party util that will give you a list of deleted objects and allow recovery
from a known good backup. At worst you should be able to retrieve a list of
deleted items from any version of AD, purely due to the fact that items
aren't deleted from the directory until tombstone expiry has been reached.
Any other takers on this one ?
_____
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Aseem Kumar
Sent: 21 June 2008 06:36 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Recovering randomly deleted objects in Active
Directory
Thanks for the prompt reply
But as there is no list of what all objects have been deleted, then how do i
have to proceed.
Should i restore the whole database, or someother option
On 6/21/08, Jorge de Almeida Pinto
<Jorge.deAlmeidaPinto@oxfordcomputergroup.com> wrote:
Forgot to mention:
Undelete is only available in w2k3 and higher
Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Consultant
MVP Identity & Access - Directory Services
Oxford Computer Group Benelux | (: +31 (0)6 26.26.62.80
<http://26.26.62.80/> | (: +31 (0)33 454.69.50 | 7: +31 (0)33 454.66.66 |
-: Hardwareweg 4, 3821BM Amersfoort, The Netherlands
www.oxfordcomputergroup.com | Expertise in Identity & Access Management
________________________________________________________________
MVP Profile א https://mvp.support.microsoft.com/profile/jorge1
MVP Home Site א https://mvp.support.microsoft.com/
MVP Overview א https://mvp.support.microsoft.com/mvpexecsum
BLOG א http://blogs.dirteam.com/blogs/jorge/default.aspx
________________________________________________________________
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Jorge de Almeida
Pinto
Sent: Saturday, June 21, 2008 17:28
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Recovering randomly deleted objects in Active
Directory
Deleted objects that are in the system state backup א auth restore (all info
restored)
Deleted objects that are NOT in the system state backup א auth restore
(partial info restored and partial info lost)
Have look at mskbq840001
Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Consultant
MVP Identity & Access - Directory Services
Oxford Computer Group Benelux | (: +31 (0)6 26.26.62.80
<http://26.26.62.80/> | (: +31 (0)33 454.69.50 | 7: +31 (0)33 454.66.66 |
-: Hardwareweg 4, 3821BM Amersfoort, The Netherlands
www.oxfordcomputergroup.com | Expertise in Identity & Access Management
________________________________________________________________
MVP Profile א https://mvp.support.microsoft.com/profile/jorge1
MVP Home Site א https://mvp.support.microsoft.com/
MVP Overview א https://mvp.support.microsoft.com/mvpexecsum
BLOG א http://blogs.dirteam.com/blogs/jorge/default.aspx
________________________________________________________________
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Aseem Kumar
Sent: Saturday, June 21, 2008 15:15
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Recovering randomly deleted objects in Active Directory
I was asked this question:
There is a big domain with many DCs in it.
Day 1 : System state backup is taken.
Day 2: Some objects like users are created in the domain.
Day 2: Many of the objects in the domain are deleted (OUs, computers, Users)
randomly. So there is no listing of what all objects in which containers
were deleted. This deletion comprises of the objects that were existing
before the backup was taken and also some from the newly created objects.
Day3: The admin gets to know that a large number of objects has been
deleted, but he doesnot know exactly how many and which ones.
What should be done to recover the deleted objects that were there when the
backup was taken? Also for those objects that were created after backup, is
there anyway to restore them, any trick as i believe that going thru any
normal way those objects cannot be recovered.
Regards
Aseem
--
Love enables you to put your deepest feelings and fears in the palm of your
partner's hand, knowing they will be handled with care.
--
Love enables you to put your deepest feelings and fears in the palm of your
partner's hand, knowing they will be handled with care.
| | | |
| bsonposh
Posts:171
| | 07/16/2008 9:22 PM |
| | Perhaps some CMDLets from Darren
http://www.sdmsoftware.com/freeware.php
Example of use Here
http://sdmsoftware.com/blog/2008/06/powershell_script_to_leverage.html
2008/6/21 Nicolas Blank <nicolas.blank@gmail.com>:
> would finding an object in the deleted items container not work here?
> I don't know if this was available pre win23k ? When an object is deleted
> it really is tombstoned and still available, albeit in a stripped down
> state, and therefore still recoverable. I've been doing object level restore
> via GUI (and third party utils - Aelita and similar) for both win2k and
> 2k3.
> I you have the budget I would strongly suggest you go for a supported third
> party util that will give you a list of deleted objects and allow recovery
> from a known good backup. At worst you should be able to retrieve a list of
> deleted items from any version of AD, purely due to the fact that items
> aren't deleted from the directory until tombstone expiry has been reached.
>
> Any other takers on this one ?
>
> ------------------------------
> *From:* ActiveDir-owner@mail.activedir.org [mailto:
> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Aseem Kumar
> *Sent:* 21 June 2008 06:36 PM
> *To:* ActiveDir@mail.activedir.org
> *Subject:* Re: [ActiveDir] Recovering randomly deleted objects in Active
> Directory
>
> Thanks for the prompt reply
>
> But as there is no list of what all objects have been deleted, then how do
> i have to proceed.
> Should i restore the whole database, or someother option
>
>
> On 6/21/08, Jorge de Almeida Pinto <
> Jorge.deAlmeidaPinto@oxfordcomputergroup.com> wrote:
>>
>> Forgot to mention:
>>
>> Undelete is only available in w2k3 and higher
>>
>>
>>
>> *Met vriendelijke groeten / Kind regards,***
>>
>> **
>>
>> *Ing. Jorge de Almeida Pinto*
>>
>> *Senior Consultant*
>>
>> *MVP Identity & Access - Directory Services*
>>
>> **
>>
>> Oxford Computer Group Benelux | (: +31 (0)6 26.26.62.80 | (: +31 (0)33
>> 454.69.50 | 7: +31 (0)33 454.66.66 | *-*: Hardwareweg 4, 3821BM
>> Amersfoort, The Netherlands
>> www.oxfordcomputergroup.com | Expertise in Identity & Access Management
>>
>> *________________________________________________________________*
>>
>> *MVP Profile** **א** **https://mvp.support.microsoft.com/profile/jorge1*
>>
>> *MVP Home Site** **א** **https://mvp.support.microsoft.com/*
>>
>> *MVP Overview** **א** **https://mvp.support.microsoft.com/mvpexecsum*
>>
>> *BLOG** **א** **http://blogs.dirteam.com/blogs/jorge/default.aspx***
>>
>> *________________________________________________________________***
>>
>>
>>
>> *From:* ActiveDir-owner@mail.activedir.org [mailto:
>> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Jorge de Almeida Pinto
>> *Sent:* Saturday, June 21, 2008 17:28
>> *To:* ActiveDir@mail.activedir.org
>> *Subject:* RE: [ActiveDir] Recovering randomly deleted objects in Active
>> Directory
>>
>>
>>
>> Deleted objects that are in the system state backup א auth restore (all
>> info restored)
>>
>> Deleted objects that are NOT in the system state backup א auth restore
>> (partial info restored and partial info lost)
>>
>>
>>
>> Have look at mskbq840001
>>
>>
>>
>> *Met vriendelijke groeten / Kind regards,*
>>
>> **
>>
>> *Ing. Jorge de Almeida Pinto*
>>
>> *Senior Consultant*
>>
>> *MVP Identity & Access - Directory Services*
>>
>> **
>>
>> Oxford Computer Group Benelux | (: +31 (0)6 26.26.62.80 | (: +31 (0)33
>> 454.69.50 | 7: +31 (0)33 454.66.66 | *-*: Hardwareweg 4, 3821BM
>> Amersfoort, The Netherlands
>> www.oxfordcomputergroup.com | Expertise in Identity & Access Management
>>
>> *________________________________________________________________*
>>
>> *MVP Profile** **א** **https://mvp.support.microsoft.com/profile/jorge1*
>>
>> *MVP Home Site** **א** **https://mvp.support.microsoft.com/*
>>
>> *MVP Overview** **א** **https://mvp.support.microsoft.com/mvpexecsum*
>>
>> *BLOG** **א** **http://blogs.dirteam.com/blogs/jorge/default.aspx***
>>
>> *________________________________________________________________***
>>
>>
>>
>> *From:* ActiveDir-owner@mail.activedir.org [mailto:
>> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Aseem Kumar
>> *Sent:* Saturday, June 21, 2008 15:15
>> *To:* ActiveDir@mail.activedir.org
>> *Subject:* [ActiveDir] Recovering randomly deleted objects in Active
>> Directory
>>
>>
>>
>> I was asked this question:
>>
>> There is a big domain with many DCs in it.
>> Day 1 : System state backup is taken.
>>
>> Day 2: Some objects like users are created in the domain.
>> Day 2: Many of the objects in the domain are deleted (OUs, computers,
>> Users) randomly. So there is no listing of what all objects in which
>> containers were deleted. This deletion comprises of the objects that were
>> existing before the backup was taken and also some from the newly created
>> objects.
>>
>> Day3: The admin gets to know that a large number of objects has been
>> deleted, but he doesnot know exactly how many and which ones.
>>
>> What should be done to recover the deleted objects that were there when
>> the backup was taken? Also for those objects that were created after backup,
>> is there anyway to restore them, any trick as i believe that going thru any
>> normal way those objects cannot be recovered.
>>
>>
>>
>> Regards
>>
>> Aseem
>>
>> --
>> Love enables you to put your deepest feelings and fears in the palm of
>> your partner's hand, knowing they will be handled with care.
>>
>
>
>
> --
> Love enables you to put your deepest feelings and fears in the palm of your
> partner's hand, knowing they will be handled with care.
>
| | | |
|
|