|
|
|
date: Sat, 27 Aug 2005 18:07:01 -0700,
group: microsoft.public.exchange2000.active.directory.integration
back
Re: 1500 Active Directory Users lost.....Mailboxes intact
From an AD perspective, someone, somehow, deleted all of those users, deleting
the "folder" that the users was in is the most likely cause. I can visualize any
scenario in which a spam filter would delete a user, let alone 1500. Someone did
it, plain and simple.
This is one of the huge reasons to not use the GUI when managing environments
over say 10 users. Custom scripts and provisioning systems can have rules built
in to prevent this sort of thing.
A month old AD backup is an old backup. Assuming you have a 91 day password
policy with a good average spread for password changes you will be looking at
around 500 users (about 1/3) whose passwords will be out of sync. After you
recovered you would have to identify which ones and somehow notify them.
Alternatively you can bounce all user passwords and let everyone know, but tough
to do either in a secure manner.
Any mailbox changes in that period will be lost, so if mailboxes got moved etc,
Exchange would get confused because AD would say one thing and Exchange would
have something else. New mailboxes created in that period would obviously not
reconnect. You would have to do that manually.
Another option, depending on how much info you store in your directory is to
recreate all of the users and use mbconn to connect them to the mailboxes.
Actually mbconn I believe can actually create the accounts based on what is in
the store as well. Search MSKB for mbconn.
If you want to go forward with the restore, you want what is called an
authoritative restore, this process is fully documented on the MS site. Note
that any users you deleted in that container in the month you don't have backups
for will be reanimated.
--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Angie wrote:
> I have been working with Exchange Servers for 8 years. Currently I was
> deleting a user (note: have all permissions as administrator). Upon doing so
> selected ONE user, deleted it as I always have in the past. I am positive
> nothing else was highlighted. I then noticed all users were gone 1500 of
> them, but all mailboxes were still there. Is there any other scenarios that
> could have caused this other than the actual user folder being selected and
> deleted. I AM POSITIVE THIS DIDN'T OCCUR.
>
> Another situation happened just the day before, and I was wondering if this
> could have had any bearing on what happened with the users. Barracuda Spam
> filtering was put on the exchange server not the proper way. In fact, we
> currently have Pure Message Spam filtering on the exchange server and this
> person never turned pure message off. Soooooooooooooo, two filtering systems
> were on without the proper config. to allow it, thus the exchange server went
> down. Immediately barracuda was disconnected (note: the IP number of the
> server was put on barracuda). The server was rebooted and it seemed people
> were getting email.
>
> But, I was the next person in to actually work on the Active Directory.
> Could two spam filters not properly installed cause pure message to grab all
> of the users and no matter what the first person did on active directory
> could delete all of the users?
>
> One last question....Backup is a month old....Seeing I have all of the
> Mailboxes can I restore the users?
>
> Please HELP!!!!!!!!!!!!!!!!!!!!!!!! EVERYONE!!!!!!!!!!!!!!!!!
>
> I need to know:
> 1. Steps on how all users could be deleted
> 2. Could two Spam Filtering cause an extreme crisis to Exchange when not
> installed properly.
> 3. How to restore users in Active Directory seeing I have the mailboxes...
> Don't want to use old backup.
>
> I THANK YOU ALL HELP
>
>
date: Sun, 28 Aug 2005 12:24:44 -0400
author: Joe Richards [MVP]
|
|
