user no longer in ad

Tutorials Win: Microsoft Windows Forum

Hi Guys

Story goes user was able to logon this morning but when user was going
to updating his telephone in active directory user account is not in
there. (User is in the domain admin group)

So user logs off but user can no longer logon to the domain.

User still seen in the address book.

Checked ESM under "logon" user is listed.

Went through adsi - the user isnt listed there.

What would to be a way to recover user without doing a system restore?
How do we get user's SSID's back? Or recovering active-directory only
way to get user back to the way user was set up?

How to get user email account back? We are running on cached mode.

Systems in question: w2k3 AD, exchange/OS w2k3

Thanks
Joe
Top

Re: user no longer in ad by Ace

Ace
Tue Apr 29 17:43:54 PDT 2008

In news:b66d94b9-61ec-4bb0-a42e-88030454909a@34g2000hsh.googlegroups.com,
Joe <spaceyjoe2020@yahoo.com> typed:
> Hi Guys
>
> Story goes user was able to logon this morning but when user was going
> to updating his telephone in active directory user account is not in
> there. (User is in the domain admin group)
>
> So user logs off but user can no longer logon to the domain.
>
> User still seen in the address book.
>
> Checked ESM under "logon" user is listed.
>
> Went through adsi - the user isnt listed there.
>
> What would to be a way to recover user without doing a system restore?
> How do we get user's SSID's back? Or recovering active-directory only
> way to get user back to the way user was set up?
>
> How to get user email account back? We are running on cached mode.
>
> Systems in question: w2k3 AD, exchange/OS w2k3
>
> Thanks
> Joe

Try ADRestore:
AdRestore v1.1 - By Mark Russinovich
http://www.microsoft.com/technet/sysinternals/Networking/AdRestore.mspx

--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP Microsoft MVP - Directory Services
Microsoft Certified Trainer

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Infinite Diversities in Infinite Combinations


Top

Re: user no longer in ad by Joe

Joe
Thu May 01 04:33:46 PDT 2008

On Apr 29, 3:55=A0pm, Joe <spaceyjoe2...@yahoo.com> wrote:
> Hi Guys
>
> Story goes user was able to logon this morning but when user was going
> to updating his telephone in active directory user account is not in
> there. (User is in the domain admin group)
>
> So user logs off but user can no longer logon to the domain.
>
> User still seen in the address book.
>
> Checked ESM under "logon" user is listed.
>
> Went through adsi - the user isnt listed there.
>
> What would to be a way to recover user without doing a system restore?
> How do we get user's SSID's back? Or recovering active-directory only
> way to get user back to the way user was set up?
>
> How to get user email account back? We are running on cached mode.
>
> Systems in question: w2k3 AD, exchange/OS w2k3
>
> Thanks
> Joe

On 4/30 the users not listed in Ad was in ES unders mailboxes with X
-
Recreated users accounts in AD without mailbox and on the ESM
rightlick their X-ed emailbox and choose reconnect.

Enabled them to logon.

We have no idea what process/who did a delete on this users. Anyway to
do audit. Local system audit to track these types of changes?

Thanks
Joe
Top

Re: user no longer in ad by Ace

Ace
Thu May 01 13:50:13 PDT 2008

In news:673598df-2bc3-46d8-8f32-d82cab3f5679@r66g2000hsg.googlegroups.com,
Joe <spaceyjoe2020@yahoo.com> typed:

>
> On 4/30 the users not listed in Ad was in ES unders mailboxes with X
> -
> Recreated users accounts in AD without mailbox and on the ESM
> rightlick their X-ed emailbox and choose reconnect.
>
> Enabled them to logon.
>
> We have no idea what process/who did a delete on this users. Anyway to
> do audit. Local system audit to track these types of changes?
>
> Thanks
> Joe

Joe,

Did you try the ADRestore tool?

If you did, you wouldn't have had to re-create a new user. You could have
restored the user, which would have given them the ability to logon again
and retain their profile.

Obviously someone deleted the user.

You would have to enable auditing for AD access and changes. Provided each
administrator has their own administrative user account, you can catch
them, however if they all use the default Administrator account, then it is
guess work on who did it.

Here is how to do it:

Windows & Active Directory Auditing
http://www.windowsecurity.com/articles/Windows-Active-Directory-Auditing.html

How to enable Active Directory access auditing in Windows 2000
http://support.microsoft.com/kb/314977

HOW TO: Audit Active Directory Objects in Windows Server 2003
http://support.microsoft.com/kb/814595

Ace








Top

Re: user no longer in ad by Joe

Joe
Fri May 09 08:54:46 PDT 2008

On May 1, 4:50=A0pm, "Ace Fekay [MVP]" <PleaseAs...@SomeDomain.com>
wrote:
> Innews:673598df-2bc3-46d8-8f32-d82cab3f5679@r66g2000hsg.googlegroups.com,
> Joe <spaceyjoe2...@yahoo.com> typed:
>
>
>
> > On 4/30 the users not listed in Ad was in ES unders mailboxes with X
> > -
> > Recreated users accounts in AD without mailbox and on the ESM
> > rightlick their X-ed emailbox and choose reconnect.
>
> > Enabled them to logon.
>
> > We have no idea what process/who did a delete on this users. Anyway to
> > do audit. Local system audit to track these types of changes?
>
> > Thanks
> > Joe
>
> Joe,
>
> Did you try the ADRestore tool?
>
> If you did, you wouldn't have had to re-create a new user. You could have
> restored the user, which would have given them the ability to logon again
> and retain their profile.
>
> Obviously someone deleted the user.
>
> You would have to enable auditing for AD access and changes. Provided each=

> administrator =A0has their own administrative user account, you can catch
> them, however if they all use the default Administrator account, then it i=
s
> guess work on who did it.
>
> Here is how to do it:
>
> Windows & Active Directory Auditinghttp://www.windowsecurity.com/articles/=
Windows-Active-Directory-Audit...
>
> How to enable Active Directory access auditing in Windows 2000http://suppo=
rt.microsoft.com/kb/314977
>
> HOW TO: Audit Active Directory Objects in Windows Server 2003http://suppor=
t.microsoft.com/kb/814595
>
> Ace

Hi Ace

I did the go throught adrestore tool since I wasnt seeing the results
that I was looking for - I had the microsoft support do it too..
Though it said successfull nothing was shown on ADUC. That is why I
did what I did..

Any screenshots what should've happened - after seeing "successfull"

Thanks
Joe
Top

Re: user no longer in ad by Ace

Ace
Sat May 10 17:56:22 PDT 2008

In news:f204ed97-94f0-460b-b53e-d4fb917fbf5c@a1g2000hsb.googlegroups.com,
Joe <spaceyjoe2020@yahoo.com> typed:

> Hi Ace
>
> I did the go throught adrestore tool since I wasnt seeing the results
> that I was looking for - I had the microsoft support do it too..
> Though it said successfull nothing was shown on ADUC. That is why I
> did what I did..
>
> Any screenshots what should've happened - after seeing "successfull"
>
> Thanks
> Joe

That's strange. Under the 60 day TTL it would still sit until scavenged with
the garbage collection process. I would be curious to know if you ever find
out what happened.

Ace




Top

Re: user no longer in ad by Joe

Joe
Thu May 15 08:48:40 PDT 2008

On May 10, 8:56=A0pm, "Ace Fekay [MVP]" <PleaseAs...@SomeDomain.com>
wrote:
> Innews:f204ed97-94f0-460b-b53e-d4fb917fbf5c@a1g2000hsb.googlegroups.com,
> Joe <spaceyjoe2...@yahoo.com> typed:
>
> > Hi Ace
>
> > I did the go throught adrestore tool since I wasnt seeing the results
> > that I was looking for - =A0I had the microsoft support do it too..
> > Though it said successfull nothing was shown on ADUC. That is why I
> > did what I did..
>
> > Any screenshots what should've happened - after seeing "successfull"
>
> > Thanks
> > Joe
>
> That's strange. Under the 60 day TTL it would still sit until scavenged wi=
th
> the garbage collection process. I would be curious to know if you ever fin=
d
> out what happened.
>
> Ace

No I didnt find out what had happened.
Maybe someone accidently deleted from AD -(you know right click name
and delete)
The way I delete is right click name and select exchange tasks and
delete the mailbox and delete the acct.

And the ESM has it set to purge accts deleted.

Joe
Top

Re: user no longer in ad by Ace

Ace
Thu May 15 20:01:49 PDT 2008

In news:791f4832-879c-4a54-a29d-b6f936b1a9a6@y38g2000hsy.googlegroups.com,
Joe <spaceyjoe2020@yahoo.com> typed:

> No I didnt find out what had happened.
> Maybe someone accidently deleted from AD -(you know right click name
> and delete)
> The way I delete is right click name and select exchange tasks and
> delete the mailbox and delete the acct.
>
> And the ESM has it set to purge accts deleted.
>
> Joe

Again, that is strange, especially if still under 60 days. I would think
there would be replication problems or other errors, unless the default TTL
was altered.

Ace




Top