Re: 2008 AD restore
- From: "Jorge de Almeida Pinto [MVP - DS]" <SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx>
- Date: Fri, 6 Feb 2009 21:39:28 +0100
that's why with LAG sites it is not enough to disable replication.....
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Paul Bergson [MVP-DS]" <pbbergs@xxxxxxxxxxxxxxx> wrote in message news:2F2B8A1B-2812-4964-8420-1C2D75AEE061@xxxxxxxxxxxxxxxx
Really, didn't know that. Usually only force via gui, but I will remember to only use gui in future if I want to protect lag site..
--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.
"Jorge de Almeida Pinto [MVP - DS]" <SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx> wrote in message news:ejZIsE$hJHA.500@xxxxxxxxxxxxxxxxxxxxxxxeven if replication is disabled, you can still FORCE it!
REPADMIN /SYNCALL
REPADMIN /REPLICATE
will do it, even if it is disabled
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Paul Bergson [MVP-DS]" <pbbergs@xxxxxxxxxxxxxxx> wrote in message news:13BB55BC-3733-475E-AE8B-27C6B8FE823C@xxxxxxxxxxxxxxxxOn our lag site, to prevent manual replication requests, we only open up replication during the allowed automated replication stage. Otherwise someone can simply do a manual request and bye, bye lag site protection. So we use repadmin (As Jorge is desribing) to prevent this.
--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.
"Jorge de Almeida Pinto [MVP - DS]" <SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx> wrote in message news:OzqMTX9hJHA.3444@xxxxxxxxxxxxxxxxxxxxxxxwhen a user is deleted it is tombstoned. that tombstone replicates to all other DCs in questions. if you at any point in time are able to DISABLE inbound AD replication on a DC BEFORE the tombstone reaches that DC, then you can do an auth restore without the non-auth restore
disabling/enabling AD replication can be done with REPADMIN /OPTIONS
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"skip" <shofmann@xxxxxxx> wrote in message news:835848DB-7FDD-45FA-82A5-1C68E4403388@xxxxxxxxxxxxxxxxhow long does it take before the DC completely deletes the object or process the deletion? Is this setting determined by the Tombstone lifetime set on the object? If the object gets delted from AD using ADUC is the object still stored in the AD database but the object now is marked as hidden, and now requires a system restore in order to restore the object?
"Jorge de Almeida Pinto [MVP - DS]" <SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx> wrote in message news:e7gMKvkhJHA.3812@xxxxxxxxxxxxxxxxxxxxxxxthat is sufficient if that particular DC has not yet processed the deletion. If it already has processed the deletion you still need to non-auth restore the AD DB. To do that you need to boot into DSRM. Stopping the service and restoring the AD DB is not supported.
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx> wrote in message news:731E4747-E522-4A28-AA5C-D9646DFD2FEE@xxxxxxxxxxxxxxxxHi
The restore is needed in 2003 or 2000 DCs. In 2008 DCs you only need to right-click Active Directory Domain Services and then click Stop to stop the service and do the Authoritative restore.
For more details check:
http://technet.microsoft.com/en-us/library/cc732211.aspx
--
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE, MVP Directory Services
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"skip" <shofmann@xxxxxxx> wrote in message news:EDB3EF5D-BB60-48BB-AE6D-17AA6D01A5B7@xxxxxxxxxxxxxxxxI'm a little confused on the correct procedure for doing an athoritative restore when the DC is running windows 2008.
I have a system state backup of the DC, in order to restore a deleted object do i need to reboot the DC into DSRM then restore of the system state backup? At what point in the processdo i mark the deleted item as "authoritative"?
Thanks
- Follow-Ups:
- Re: 2008 AD restore
- From: Paul Bergson [MVP-DS]
- Re: 2008 AD restore
- References:
- 2008 AD restore
- From: skip
- Re: 2008 AD restore
- From: Jorge Silva
- Re: 2008 AD restore
- From: Jorge de Almeida Pinto [MVP - DS]
- Re: 2008 AD restore
- From: skip
- Re: 2008 AD restore
- From: Jorge de Almeida Pinto [MVP - DS]
- Re: 2008 AD restore
- From: Paul Bergson [MVP-DS]
- Re: 2008 AD restore
- From: Jorge de Almeida Pinto [MVP - DS]
- Re: 2008 AD restore
- From: Paul Bergson [MVP-DS]
- 2008 AD restore
- Prev by Date: Re: User auditing
- Next by Date: Re: How can users update their own personal info in Active Directo
- Previous by thread: Re: 2008 AD restore
- Next by thread: Re: 2008 AD restore
- Index(es):
Relevant Pages
|
Loading
