Archive for February, 2010

Hey there network administrators I don’t know if you know this but it is a VERY VERY bad thing to log into your workstations with your domain admin username and password. It is also VERY VERY bad to leave your servers logged into.

Are you logging in as a normal user? Are you logging out of your servers when you are finished with your work?

You should be…

Sure it makes stuff easier as you don’t have to authenticate over and over but it is also really really dangerous. If your session gets hijacked or your machine becomes infected guess what…

You just handed over the keys to the kingdom without a fight. Your whole network could be destroyed and compromised. What happens if your active directory objects are deleted?

If that happens lets look at a tool our friends at bauer-power.net used to recover deleted accounts. And while we are on that note does anyone know why schema changes would remove user objects in a 2008 native ad setup?

Today I walked into the office with a little bit of a shocker. One of the Help Desk users said that his, and another user’s active directory accounts on our parent company’s domain had miraculously vanished. WTF? The only changes to active directory the previous day was my co-worker was setting up OCS, and that require some schema changes. I am not sure why those schema changes would delete accounts, but whatever, this is the problem I was facing when I walked in (Still no coffee yet either).

Well it turned out to not be that huge of a deal because I found a really awesome free tool that easily finds deleted active directory objects, and with a click of the button restores them. The way active directory deletes objects is pretty cool, and it also makes it relatively easy to recover. According to Petri, “When an object is deleted from Active Directory, it is not immediately erased, but is marked for future deletion…The marker used to designate that an AD object scheduled to be destroyed is called "tombstone". A tombstone is an object whose IsDeleted property has be set to True, and it indicates that the object has been deleted but not removed from the directory, much like a deleted file is removed from the file allocation table but the data is not actually removed from the drive.”

The tool I used to recover the objects is called ADRestore.net. To use it you simply install it on one of your domain controllers, then click Enumerate Tombstones. Find the missing object (User, OU, Computer, Etc) click on it and hit restore. Easy as pie!

 

Yes! This works on 2008 Active Directory’s as well as 2003. How do I know? Because we are a 2008 native shop! Here is a list of the main features available:

    * Browsing the tombstones
    * Domain Controller targeting
    * Can be used with alternative credentials (convenient if you do not logon to your desktop as Domain Admin, which you should never do anyway)
    * User/Computer/OU/Container reanimation
    * Preview of tombstone attributes

Know of some other good, free tools for recovering deleted AD objects? Hit us up in the comments!

What do you guys think? What if the objects were modified instead of removed? How do you deal with that? Do you have to do  a restore from backup? Can you roll your AD back? Let’s here from you admins out there!

_TheAdAdmiN_