Re: 1500 Active Directory Users lost.....Mailboxes intact
- From: "Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx>
- Date: Sun, 28 Aug 2005 12:24:44 -0400
From an AD perspective, someone, somehow, deleted all of those users, deleting the "folder" that the users was in is the most likely cause. I can visualize any scenario in which a spam filter would delete a user, let alone 1500. Someone did it, plain and simple.
This is one of the huge reasons to not use the GUI when managing environments over say 10 users. Custom scripts and provisioning systems can have rules built in to prevent this sort of thing.
A month old AD backup is an old backup. Assuming you have a 91 day password policy with a good average spread for password changes you will be looking at around 500 users (about 1/3) whose passwords will be out of sync. After you recovered you would have to identify which ones and somehow notify them. Alternatively you can bounce all user passwords and let everyone know, but tough to do either in a secure manner.
Any mailbox changes in that period will be lost, so if mailboxes got moved etc, Exchange would get confused because AD would say one thing and Exchange would have something else. New mailboxes created in that period would obviously not reconnect. You would have to do that manually.
Another option, depending on how much info you store in your directory is to recreate all of the users and use mbconn to connect them to the mailboxes. Actually mbconn I believe can actually create the accounts based on what is in the store as well. Search MSKB for mbconn.
If you want to go forward with the restore, you want what is called an authoritative restore, this process is fully documented on the MS site. Note that any users you deleted in that container in the month you don't have backups for will be reanimated.
-- Joe Richards Microsoft MVP Windows Server Directory Services www.joeware.net
Angie wrote:
I have been working with Exchange Servers for 8 years. Currently I was deleting a user (note: have all permissions as administrator). Upon doing so selected ONE user, deleted it as I always have in the past. I am positive nothing else was highlighted. I then noticed all users were gone 1500 of them, but all mailboxes were still there. Is there any other scenarios that could have caused this other than the actual user folder being selected and deleted. I AM POSITIVE THIS DIDN'T OCCUR.
Another situation happened just the day before, and I was wondering if this could have had any bearing on what happened with the users. Barracuda Spam filtering was put on the exchange server not the proper way. In fact, we currently have Pure Message Spam filtering on the exchange server and this person never turned pure message off. Soooooooooooooo, two filtering systems were on without the proper config. to allow it, thus the exchange server went down. Immediately barracuda was disconnected (note: the IP number of the server was put on barracuda). The server was rebooted and it seemed people were getting email.
But, I was the next person in to actually work on the Active Directory. Could two spam filters not properly installed cause pure message to grab all of the users and no matter what the first person did on active directory could delete all of the users?
One last question....Backup is a month old....Seeing I have all of the Mailboxes can I restore the users?
Please HELP!!!!!!!!!!!!!!!!!!!!!!!! EVERYONE!!!!!!!!!!!!!!!!!
I need to know:
1. Steps on how all users could be deleted
2. Could two Spam Filtering cause an extreme crisis to Exchange when not installed properly.
3. How to restore users in Active Directory seeing I have the mailboxes... Don't want to use old backup.
I THANK YOU ALL HELP
.
- References:
- Prev by Date: 1500 Active Directory Users lost.....Mailboxes intact
- Next by Date: cached mode and offline address book
- Previous by thread: 1500 Active Directory Users lost.....Mailboxes intact
- Next by thread: cached mode and offline address book
- Index(es):
Relevant Pages
|
Loading
