AwinishNaitik's Technical Blog

Lets continue the journey of learn & Share..

Active Directory Users and Groups Restore

Posted by Awinish on October 8, 2011

With windows 2008 R2, you can use AD Recycle bin feature to restore object and its group membership without need of system state backup and booting the DC into DSRM mode. This saves lot of time as well as hardwork required to restore the object and group membership, but organization having large number of domain controller running on windows 2003 will take time to upgrade the DC OS to windows 2008 R2. Windows 2008 R2 is only available in x64 bit, so hardware have to be supportive before you can install x64 bit OS. Due to this constraint it is difficult to upgrade all the DC to 2008 R2 to take benefit of windows 2008 R2 AD Recycle bin feature.

The AD Recycle Bin: Understanding, Implementing, Best Practices, and Troubleshooting

http://blogs.technet.com/b/askds/archive/2009/08/27/the-ad-recycle-bin-understanding-implementing-best-practices-and-troubleshooting.aspx

Active Directory Recycle Bin Step-by-Step Guide

http://technet.microsoft.com/en-us/library/dd392261%28WS.10%29.aspx

Restoring group and its membership in windows 2003 is complex and require deeper understanding of AD concepts, so its difficult to say whether to perform authoritative restore in first attempt in the production will be successful or not. The viable approach is to first try in a lab and then into production environment to achieve desired results in without hiccups.

The approach and best practices are outlined in below article to perform authoritative restore of AD objects and its membership.

Disaster Recovery: Active Directory Users and Groups

http://technet.microsoft.com/en-us/magazine/2007.04.adrecovery.aspx

Best practices around Active Directory Authoritative Restores in Windows Server 2003 and 2008

http://blogs.technet.com/b/askds/archive/2010/03/30/best-practices-around-active-directory-authoritative-restores-in-windows-server-2003-and-2008.aspx

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s