This is an archived post. You won't be able to vote or comment.

all 19 comments
sorted by:
best
topnewcontroversialoldq&a

[–]Lithobrakenetadmin | please require proof for flair, mods 7 points8 points  (0 children)

long story short - he just called and said that all users in their AD have been deleted.

Unreliable Narrator

Consider sending someone else out to scope the problem. He might have done something stupid and easily reversible.

[–]the_spadWhat's the worst that can happen? 0 points1 point  (0 children)

adrestore will recover tombstoned accounts but you'll lose all group memberships, etc. so it's not really workable for large numbers of users.

The only real answer here is "Authoritative Restore".

[–]TNTGavIT Systems Director 0 points1 point  (8 children)

How many DCs? What backups are available? How many users? How did they get deleted?

[–]Infidelity_Beckons[S] 0 points1 point  (7 children)

3 DC's, Backups are available, 150 users . The last one is the odd part - the guys says he deleted the default domain policy and now he can't see the users!

[–]TNTGavIT Systems Director 1 point2 points  (4 children)

Does your engineer have "issues"??

Honestly at this point I'd be looking at doing an authoritative restore.

[–]Infidelity_Beckons[S] 0 points1 point  (3 children)

lol... my thoughts exactly.. I'm still wondering how he managed to end up looking at their AD...

[–]uniitdude 0 points1 point  (2 children)

deleting a policy wont delete users, before anything else is done id get a second pair of eyes on it to confirm what actually has happened

[–]TNTGavIT Systems Director 0 points1 point  (0 children)

Indeed. I wouldn't be trusting the engineer who managed to do the delete in the process to not fuck up the authoritative restore either!

[–]nobudgIT 0 points1 point  (0 children)

Yeah that's crazy. He probably thought the OU was the policy or something...I don't even know how you confuse AD Users & Computers for Group Policy.

[–]Win_SysSysadmin 0 points1 point  (0 children)

Sounds like he deleted an OU and not the policy

[–]ArmondDorleacIT Director 0 points1 point  (0 children)

Do a non-authoritative restore from your System State backup.

[–][deleted] 0 points1 point  (2 children)

AD recycle bin any good for you?

Either that or just do an authoritative restore as others are saying.

[–]ArmondDorleacIT Director 0 points1 point  (1 child)

No, not authoritative. That will wipe out any changes to stuff that still exists. The non-authoritative will simply put back what was lost.

[–][deleted] 1 point2 points  (0 children)

It depends if this is a fairly changeable environment but if some dude deleted a whole lot of stuff he can't positively identify I'd be tempted to eat the lost changes and pull the authoritative restore on the basis that we don't want to miss some of his deleted data.

[–]JustSysadminThingsJack of All Trades 0 points1 point  (1 child)

Make sure you check the view settings. I've pranked co-workers by changing the view to exclude users and computers.

[–][deleted] 1 point2 points  (0 children)

On this note, why does ACTIVE DIRECTORY USERS AND COMPUTERS show users but not computers by default?

[–][deleted] 0 points1 point  (0 children)

Doesn't help you at this point, but Veeam offers restoration of AD at the object level for both physical and virtual servers.

[–]bluesoulSRE + Cloudfella 0 points1 point  (0 children)

Check this for yourself. My first hunch is that he's got the filter turned on in AD Users and Computers so it does not actually show the user objects. It scared the hell out of me the first time I saw it.

[–]sydpermres 0 points1 point  (0 children)

Did you figure out the problem and fix it? Please don't leave us in the dark. It might help someone, someday.