Friday, 5 August 2011

Restore AD Object from the AD snapshot in Server 2008

      Restore AD Object from the AD snapshot in Server 2008

Frnz,

Today i will share "how to recover the deleted objects from AD snapshot in Server 2008
and Server 2008 R2.

This is also very nice feature.In the previous version of windows if you have accidently
deleted an object from AD then you need to perform couple of task to recover that,
and that also require you to reboot the DC.

But with the newer version of windows 2008 and 2008 R2 there are couple of features
included in these, and AD snapshot and Recycle Bin are the one of the feature.

In this blog I will share how to recover deleted object with AD snapshot.

So you have a AD environment and you have users in that.Assume you have scenerio
like below.Here you have two users vijay and t1.


Now you need create a AD snapshot. To do that follow the following steps.

Step1: Go to command prompt and type

          C:\ntdsutil

Step2: Now type snapshot

          ntdsutil: snapshot

Step3: Now you need activate AD instance,to do this type
       
          snapshot: activate instance ntds

Step4: Now instance is activated ,you need to create the snapshot

           snapshot: create
       
   Creating snapshot...
          Snapshot set {59738915-f3f2-4919-8769-f7379911c4f6} generated successfully.

Step5:  Now the instance is created but you need to mount it.to do this


            snapshot: mount {59738915-f3f2-4919-8769-f7379911c4f6}
            Snapshot {33d4ede5-c094-41b9-8e42-421df7b1d667} mounted as
            C:\$SNAP_201108040529 _VOLUMEC$\
            snapshot:


            It will mount the created snapshot to C:\$SNAP_201108040529 _VOLUMEC$\

Step6:  Now you need to connect the newly created instance with some different
           port number. To do this  type


 dsamain -dbpath C:\$SNAP_201108040529_VOLUMEC$\windows\NTDS\NTDS.Dit -ldapport 15389


          here blue portion is where the instance mounted and purple portion represent
          the port on which this instance will connect.

Step7: Now you have two AD instance

           1. One on port 389 (not having users t1 and vijay)
           2.  Second is on port 15389 (having both the users t1 and vijay)

          Open the first one using dsa.msc with the default port 389 
          Open the second one using dsa.msc and then connect to domain controller and
          mentioned the FQDN with the posrt 15389.
          Now you will have two mmc opened as shown below.



Step8:- Now you can recover the object either using ldp.exe tool or some other tool
            I have got a very small and easy command tool to recover the objects i.e oirecmgr.exe

           You can download this tool from here

Step9:- After downloading this tool just extract in some folder say c:\ drive

Step10:-Run the following command to recover the object but to run this command you
             need to get the GUID  of the deleted user.

           
C:\oirecmgr.exe -o fe6a3c0f-5e15-4022-b076-eacac4e1a23e -sh test.local:15389 -ol -real
 
   >>Here red portion is GUID of the object and blue portion is the snapshot
       connected to port 15389


To get the GUID of the user you can use ADSI Edit .Open Adsi Edit and then

Right click on Adsi Edit and connect to , A box will open then go to Advanced
Now add the port 15389 and then click on OK


Now go to the OU and open the properties of deleted user say vijay.






After running the above command the deleted object will be recovered.


          

Wednesday, 3 August 2011

Restore AD objects using Recycle Bin Feature of Server 2008 R2


How to restore the Object using Recycle Bin Feature of Windows Server 2008 R2

To Import the Active directory commands in the powershell we need to run the 
following command in powershell

PS> Import-Module activedirectory

Once all the Active directory cmdlets are imported after that you need to get the
functional level of the forest up to the level of Windows Server 2008 R2.  
As the Active directory Recycle Bin features only come under this functional level.
You can do this from Active Directory Domains and Trusts that is very easy way 
to do this. As you can see below that the current functional level is Windows Server
2003 and we need to raise it to Windows Server 2008 R2.

We can also raise the functional level from the powershell. The Get-ADForest 
cmdlet will return information about your forest and the Set-ADForestMode  
cmdlet will enable you to raise the current functional level.You will be prompted
to confirm that you wish to go ahead.

PS> Get-ADForest | Set-ADForestMode –ForestMode Windows2008R2Forest



Now our functional level is set to Server 2008 and now we can enable the Recycle Bin.
Now that our forest is at the correct functional level we can enable the Recycle Bin,
To enable this feature you can run the following command. It will also ask you about 
the confirmation. 

PS> Enable-ADOptionalFeature 'Recycle Bin Feature' -Scope ForestOrConfigurationSet 
-target 'test.local'


Now that we have the Recycle Bin enabled and now we can check by deleting some
object from our AD structure.



There is a new feature included in Windows 2008 Server that is ‘Protect object from
accidental deletion’. So it may happen that you going to delete  OU but got a  
Access is denied response and the administrator will actually have to remove the
tick from that checkbox before the OU can be deleted.Below is the error that you 
will get if the ‘Protect object from accidental deletion’ is checked.




To do this you need to select the Advance Features, you can get this by following way.


Then you can go to the properties the OU and go to the Object tab and uncheck the
”Protect object from accidental deletion”



So now we have removed the checkbox and now we can remove the OU from the AD.
We have removed the Team OU and now you can see below that there is no 
Team OU in the structure.



To see all the deleted objects, we can run the below Powershell command
PS> Get-ADObject –SearchBase “CN=Deleted Objects,DC=test,DC=local” 
–ldapFilter “(objectClass=*)” -includeDeletedObjects | Format-List Name,ObjectClass,ObjectGuid


We can see from the resultant output that we have both the Users OU in there 
and the two user accounts. So now we will restore the objects
                                                                                                                     
Note:- To restore the Users ,you first need to restore the Parent OU otherwise is will give you error.

PS> Restore-ADObject -identity 280befcd-6937-4030-a33c-1ba0a9d40c24 

The above command will restore the OU Team but that will be empty as we need to 
restore the User objects as well.




Now we need to restore the objects in Team OU. We can do this by the above 
method we used to restore the OU.But the problem is that if we will have 1000 users
in that OU that will be so tough to use this command to restore every single object
related to that OU Team.So to fix this we will make a search for all the deleted users 
that are related to that OU Team and then will restore them.
To do that we can run the following command.

PS> Get-ADObject -ldapFilter "(lastKnownParent=OU=Team,DC=test,DC=local)" 
-includeDeletedObjects | Restore-ADObject

After this command will finish you will see that all the users that will be related to this 
Team OU will be restored.Check the below screen shot.



The user accounts are back in the Users OU.

This is very Nice and easy feature of Windows Server 2008 R2 to restore the deleted Objects.

Monday, 1 August 2011

Extend virtual machine partition and create single vmdk file from multiple files

Hello Frnz,

As most of you are using VmWare for your day-today testing.
Sometimes you may have face the following issues and may be get angry.

1.  You have vmdk files spitted into 2GB files
     (suppose your HDD is of 40GB then you will 20 Vmdk files)
2.  You have created 10GB Vmdk file and afterward you require more HDD space.

Today in this blog I will just share with you few techniques to fix the above issues. 

                          How To create one vmdk file from multiple files

Please follow the following steps to create one Vmdk file from multiple files.

Step1.  Copy the vmware-vdiskmanager from vmware server/workstation edition to          
             %systemroot%\system32.you can get this by
             
           Going into C:\Program Files\VMware\VMware Server>
             or
            Going into C:\Program Files\VMware\VMware Workstation>  
            or
          You can also search for vmware-vdiskmanager from the Vmware installation folder

Step2:  After copying the exe file just run the following command.

C:\>vmware-vdiskmanager -r G:\VmS\2003_server\Windows_Server_2003-000001.vmdk –t 2 H:\mysinglefile.vmdk


{G:\ is the source drive folder where you have all the splitted 2Gb vmdk files.
H:\mysinglefile.vmdk is the location where it will create a single vmdk file.}


Step 3: After that run the Vm machine, if it gave some error message then try to 
            browse that single Vm disk.If still the error comes then  just create a new
            VM machine and after creating the new machine just replace the HDD of
            the newly created machine with the HDD (single vmdk file that you have  
            created).It will work.




                                   How To increase space of single vmdk file

There are two ways to do this 


1. Command based
2  GUI based

Command Based:

Step1:- Turn off the virtual machine;
Steps2:-Commit/remove all the snapshots if any. 
Step3:-Open a Command Prompt and go to:  

C:\Program Files\VMWare\VMWare Server or C:\Program Files\VMware\VMware Workstation

or if you have already copied this file to system32 folder then simply run the below command. 

Step4:-Run this command to expand the virtual disk:

vmware- vdiskmanager -x 12GB "My harddisk.vmdk"

Step5:-This only expands the disk and not the partition, you'll need to resize the partition
           table as well. This can be done by 3rd party tools like 'Partition Magic, but also
           with Diskpart.exe, a tool of Windows.
  
Step6:- Type the following commands to extend the partition.
             Power on the Virtual machine
       
1.      Open a Command Prompt and type:
diskpart
2.      Type:
list volume
Remember the volume number of your volume
3.      Type:
select volume <volume number>
4.      Type:
extend 

GUI Based

To extend the disk using GUI interface

Step1:- Power off the machine
Step2:-Goto the "Edit virtual machine setting" option on the main page.
Step3:- Click on the Hard Disk
Step4:- On the right hand side click on Utilities as shown below

Step5:- Click on expand and mention how much total space you require.Click OK
             It will start extending the disk

Step6:- Use the diskpart.exe utility to extend the partition.