Dennis found an article explaining the use of a tool called LDP.exe.
An excerpt from the article:
Worked like a charm to re-activate the tombstoned entry. Unfortunately, it was for the account I created after the problem was discovered in an attempt to get things going again. I suspect I overwrote the original AD object in the deleted objects folder! :(When an object is deleted in Active Directory, it is really just "tombstoned." That is, the object and its mandatory attributes are moved to the Deleted Objects folder -- a sort of death row for objects. Every 15 minutes, the Garbage Collector (or Executioner) comes along and checks to see if the object's Tombstone Lifetime has expired. The Tombstone Lifetime is the period of time the object can remain in the Deleted Objects folder before it is purged from the database. This is 60 days by default, although Microsoft now recommends 120 days. If the Tombstone Lifetime has expired, it purges the object from AD.
So, I had all the users log out, moved the server into a workgroup and then re-joined the domain. The existing profiles survived this process as well.
1 comment:
Thanks for the tip, Jim.
In my practice for such purposes I frequently use active administrator that is a great solution for active directory management including powerful objects recovery capabilities.
The tool can easily recover active directory objects even without rebooting into directory services restore mode while keeping everything online.
Objects security can be restored separately from objects.
Group policy objects can be backed up and restored separately from active directory objects as well and all restores can be redirected to alternate domains.
Post a Comment