user no longer in ad

  • Thread starter Thread starter Joe
  • Start date Start date
J

Joe

Hi Guys

Story goes user was able to logon this morning but when user was going
to updating his telephone in active directory user account is not in
there. (User is in the domain admin group)

So user logs off but user can no longer logon to the domain.

User still seen in the address book.

Checked ESM under "logon" user is listed.

Went through adsi - the user isnt listed there.

What would to be a way to recover user without doing a system restore?
How do we get user's SSID's back? Or recovering active-directory only
way to get user back to the way user was set up?

How to get user email account back? We are running on cached mode.

Systems in question: w2k3 AD, exchange/OS w2k3

Thanks
Joe
 
In
Joe said:
Hi Guys

Story goes user was able to logon this morning but when user was going
to updating his telephone in active directory user account is not in
there. (User is in the domain admin group)

So user logs off but user can no longer logon to the domain.

User still seen in the address book.

Checked ESM under "logon" user is listed.

Went through adsi - the user isnt listed there.

What would to be a way to recover user without doing a system restore?
How do we get user's SSID's back? Or recovering active-directory only
way to get user back to the way user was set up?

How to get user email account back? We are running on cached mode.

Systems in question: w2k3 AD, exchange/OS w2k3

Thanks
Joe
Click to expand...

Try ADRestore:
AdRestore v1.1 - By Mark Russinovich
http://www.microsoft.com/technet/sysinternals/Networking/AdRestore.mspx

--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP Microsoft MVP - Directory Services
Microsoft Certified Trainer

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Infinite Diversities in Infinite Combinations
 
Hi Guys

Story goes user was able to logon this morning but when user was going
to updating his telephone in active directory user account is not in
there. (User is in the domain admin group)

So user logs off but user can no longer logon to the domain.

User still seen in the address book.

Checked ESM under "logon" user is listed.

Went through adsi - the user isnt listed there.

What would to be a way to recover user without doing a system restore?
How do we get user's SSID's back? Or recovering active-directory only
way to get user back to the way user was set up?

How to get user email account back? We are running on cached mode.

Systems in question: w2k3 AD, exchange/OS w2k3

Thanks
Joe
Click to expand...

On 4/30 the users not listed in Ad was in ES unders mailboxes with X
-
Recreated users accounts in AD without mailbox and on the ESM
rightlick their X-ed emailbox and choose reconnect.

Enabled them to logon.

We have no idea what process/who did a delete on this users. Anyway to
do audit. Local system audit to track these types of changes?

Thanks
Joe
 
In
Joe said:
On 4/30 the users not listed in Ad was in ES unders mailboxes with X
-
Recreated users accounts in AD without mailbox and on the ESM
rightlick their X-ed emailbox and choose reconnect.

Enabled them to logon.

We have no idea what process/who did a delete on this users. Anyway to
do audit. Local system audit to track these types of changes?

Thanks
Joe
Click to expand...

Joe,

Did you try the ADRestore tool?

If you did, you wouldn't have had to re-create a new user. You could have
restored the user, which would have given them the ability to logon again
and retain their profile.

Obviously someone deleted the user.

You would have to enable auditing for AD access and changes. Provided each
administrator has their own administrative user account, you can catch
them, however if they all use the default Administrator account, then it is
guess work on who did it.

Here is how to do it:

Windows & Active Directory Auditing
http://www.windowsecurity.com/articles/Windows-Active-Directory-Auditing.html

How to enable Active Directory access auditing in Windows 2000
http://support.microsoft.com/kb/314977

HOW TO: Audit Active Directory Objects in Windows Server 2003
http://support.microsoft.com/kb/814595

Ace
 
InJoe <[email protected]> typed:







Joe,

Did you try the ADRestore tool?

If you did, you wouldn't have had to re-create a new user. You could have
restored the user, which would have given them the ability to logon again
and retain their profile.

Obviously someone deleted the user.

You would have to enable auditing for AD access and changes. Provided each
administrator  has their own administrative user account, you can catch
them, however if they all use the default Administrator account, then it is
guess work on who did it.

Here is how to do it:

Windows & Active Directory Auditinghttp://www.windowsecurity.com/articles/Windows-Active-Directory-Audit...

How to enable Active Directory access auditing in Windows 2000http://support.microsoft.com/kb/314977

HOW TO: Audit Active Directory Objects in Windows Server 2003http://support.microsoft.com/kb/814595

Ace
Click to expand...

Hi Ace

I did the go throught adrestore tool since I wasnt seeing the results
that I was looking for - I had the microsoft support do it too..
Though it said successfull nothing was shown on ADUC. That is why I
did what I did..

Any screenshots what should've happened - after seeing "successfull"

Thanks
Joe
 
In
Joe said:
Hi Ace

I did the go throught adrestore tool since I wasnt seeing the results
that I was looking for - I had the microsoft support do it too..
Though it said successfull nothing was shown on ADUC. That is why I
did what I did..

Any screenshots what should've happened - after seeing "successfull"

Thanks
Joe
Click to expand...

That's strange. Under the 60 day TTL it would still sit until scavenged with
the garbage collection process. I would be curious to know if you ever find
out what happened.

Ace
 
In




That's strange. Under the 60 day TTL it would still sit until scavenged with
the garbage collection process. I would be curious to know if you ever find
out what happened.

Ace
Click to expand...

No I didnt find out what had happened.
Maybe someone accidently deleted from AD -(you know right click name
and delete)
The way I delete is right click name and select exchange tasks and
delete the mailbox and delete the acct.

And the ESM has it set to purge accts deleted.

Joe
 
In
Joe said:
No I didnt find out what had happened.
Maybe someone accidently deleted from AD -(you know right click name
and delete)
The way I delete is right click name and select exchange tasks and
delete the mailbox and delete the acct.

And the ESM has it set to purge accts deleted.

Joe
Click to expand...

Again, that is strange, especially if still under 60 days. I would think
there would be replication problems or other errors, unless the default TTL
was altered.

Ace
 
Back
Top