Online PC Support

OPS Technical Solutions : +1 833-522-1003

Welcome

How to restore deleted user accounts and their group memberships in Active Directory

In order to restore the deleted computer accounts, user accounts and the security groups, there are three methods that can be followed. These objects are collectively called as the security principals. However, when restoring these deleted objects, it is essential that you restore the previous values of the “memberOf” and member attributes into the infected security principal.

  • Method1: Restoring the accounts and adding them back to their groups.
  • Method 2: Restoring the deleted user accounts and then adding them back into their respective groups using Ntdsutil.exe command line tool.
  • Method 3: Restoring these accounts along with the deleted security groups twice, using the help of the authority.

Usually, restoring certain deleted objects can be a really tiring job, especially the security principals which are the back links of certain attributes of a few other objects. ManagedBy and memberOf are the two attributes. When you add such security principals to a particular security group, you actually make changes in the Active Directory. Restoring such data from this active directory is a bit complex. So, let’s have a look at method 1 for restoring the deleted security principals.

Restoring the accounts and adding them back to their groups

  1. Check out if any global catalog within the user’s domain has not got replicated during the deletion. Stop the catalog from being replicated. In case the latent global catalog is absent, then try locating the latest system backup for the global catalog domain controller within the eliminated user’s home domain.
  2. Auth restore the eliminated user accounts to permit the end-to-end replication of the particular user accounts.
  3. Now add all the information about the restored users to the groups in the particular domains in which the users were members before being deleted.

In order to closely follow the method 2, perform the procedure mentioned here:

  1. Check into the deleted user’s home domain for any global catalog domain controller which has not replicated any deleted part. * Focus on the catalogs that have a more frequent replication format. If there are more than one such catalog, then use the Repadmin.exe command-line tool for disabling the inbound replications using the below mentioned steps:

a)      Click on Start and then on Run

b)      In the Open box, type cmd and then click on OK.

c)      In the command prompt, type the given command and click Enter:

repadmin /options <recovery dc name> +DISABLE_INBOUND_REPL

  1. The domain controller will hence be referred onto the recovery domain controller. Here, if there doesn’t exist such kind of global catalog, them directly go to step 2. Else, follow below.
  2. Take the decision for whether the deletions, additions or any other changes to the user accounts, security groups or computer accounts should be stopped temporarily until the recovery procedures are completed.

In order to maintain the recovery path, stop making all kinds of changes to the given items, temporarily. The changes include the password resets made by domain users, administrators in the domain wherein the particular deletion had occurred, help desk administrators, group membership alterations that are made in the user’s groups. Temporarily halt the additions, modification, deletions for the given items:

User accounts and the attributes onto the user accounts

a)      Service accounts

b)      Computer accounts along with the attributes on the computer accounts.

c)      Security groups

The best method is to completely stop making any kind of changes in the security groups, especially if all the statements hold true.

  • You are currently using the method for auth restoring the deleted users and computer accounts using the domain name (dn) path.
  • Except the concealed recovery domain controller, if the deletion has caused a replication to all the other domain controllers as well.
  • You aren’t an auth restoring security group or a part of their parent containers.
  1. Make an entirely new system backup within the domain where the particular deletion had occurred. You can always use the particular backup in order to roll back the changes.

In case if you have identified a recovery domain controller in the very step 1, take a backup for the system now.

  1. Well, if you are not able to find out the concealed global catalog controller within the domain where the deletion had occurred, then find the recent system backup for the catalog controller in the particular domain. Use the domain controller as the recovery domain controller.
  2. In the Dsrepair mode, start the given recovery domain controller if you are aware of the passwords for the administrator account. Reset the password, if you are not aware of it.
  3. During the startup procedure, click on F8 to initiate the particular recovery domain controller. Login with the administrator account using your password.
  4. Auth restoring all the deleted computer accounts, user accounts, security groups. This is performed with the help of the Ntdsutil command-line tool. Refer the domain name (dn) path for the deleted users or their containers which used to host the deleted users.
  5. If all the deleted objects are recovered using the system state restore then simply disjoint all the cables providing you connectivity.
  6. In the Active Directory mode, restart your recovery domain controller.
  7. In the recovery domain controller, type the given command for disabling the internal replication.

repadmin /options <recovery dc name> +DISABLE_INBOUND_REPL

  1. Now simply outbound-relpicate the auth-restored items into the domain controllers fro the recovery domain controller.
  2. Here, determine all the security groups in which the deleted users were basically a member of. Add them back to the groups.
  3. Disable the outbound replication using the command below and then click Enter:

repadmin /options +DISABLE_OUTBOUND_REPL

  1. Verify the membership in the specific recovery domain controller domains, global catalogs of other domains, etc.
  2. Create a new backup for the system in the recovery domain controller’s domain.
  3. Finally, notify all administrators about the restoration.

Read before you leap!!!

Anyone who has used a computer must have installed some kind of software or signed up for an online service. This may seem a pretty simple and breezy procedure many people don’t realise what they are signing up for when they go through all the steps involved. You may vaguely remember clicking on the Agree button without reading anything stated above it. Well people that is EULA.

EULA or End User License Agreement is mostly ignored but highly important piece of documentation for any software or online service. This seemingly innocuous document is main legalese of any software. By clicking on the Agree button you could as well be signing up for regular viruses from a software company or give up your life savings to a person from another continent. An EULA is a binding legal document on the part of the user of the software and is the basis for settling any dispute. Many EULA have clauses that bind and prevent you from utilising the software the way you want to. For example, the EULA of Windows 7 beta had placed restrictions on benchmarking the software in its EULA. Bloggers then came out with visual graphs and pie charts instead of actual numbers to compare it with Vista and XP. There are also other EULA which prohibit posting of critical or derogatory remarks about any software.

EULA may also contain details about how the user’s details can be collected and used. This may or may not include personally identifiable data which is sent back to the developers. Facebook too had irked many with its EULA or Terms of Service. The original statement of Facebook’s Terms of Service stated something like this: “You hereby grant Facebook an irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license (with the right to sublicense) to (a) use, copy, publish, stream, store, retain, publicly perform or display, transmit, scan reformat, modify, edit, frame, translate, excerpt, adapt, create derivative works and distribute (through multiple tiers), any user content you post on Facebook”. Simply stated it means Facebook could as well morph your photos and post them or publish them in your local newspaper a couple of years after you have closed your account. This virtually gave Facebook unlimited rights over any personal information you upload on its servers. After a nasty fight Facebook finally altered its Terms of Service to less provoking ones.

In other cases EULA may also state how much control a company may exert over its products after their sale. Take the case of Kindle, an e-book reader. When Amazon had got involved in some copyright issues over George Orwell’s 1984, it retracted copies of the book from all its Kindles without user knowledge. Many people had no clue that that company had included such functionality in its device. Thus Amazon had the final say on what books a user could keep on the device.

On the other hand many EULA also try to escape from the possible losses that could be incurred by the use of problematic or badly coded software. There have been cases where such EULA has been challenged.

All that the user needs to ensure safety from a legal tangle is a little alertness and patience. A thorough reading of the fine print will tell what you are signing up for so be careful and do not take the EULA lightly.

Call Now: +1 833-522-1003
Call Now: +1 833-522-1003
Call Now: +1 833-522-1003