[Samba] Right way to restore deleted objects (in samba 4.1 or newer with or without "ad recycle bin")
Mike Lykov
combr at samges.ru
Tue Nov 1 18:53:31 UTC 2016
01.11.2016 21:33, Andrew Bartlett пишет:
>> I operate two-dc domain, based on samba 2:4.1.9+dfsg-1~bpo70+1
>
> First, please upgrade to Samba 4.5. This is particularly important if
> you wish to try and restore a deleted object.
by the way, what way to upgrade are better:
- stop samba, install new deb package, do some actions recommended in
changelogs and start samba again (on one dc and than on another), OR
- do not stop samba, start a new dc with new version, join it as dc to
domain, repeat with one more new dc with new version, transfer fsmo
roles to new version, stop dc with old version?
> Given that the password would have been deleted with the account, and
> that can not be recovered automatically, the solution is to just re-
> join the affected machine.
after try to restore objects I got it in the ADUC console without
passwords and group membership (not deleted objects are in "domain
computers" group and have a "primary group"), and then I rejoin machines
sucessfully.
But computer objects still not have a group membership, does this affect
anything?
> The windows tools should work now. But as I said at the start, re-
> joining the client machine is the correct option here.
After all, now the right way are this:
- upgrade to ver 4.5.1
- raise domain level to 2008r2 (or 2012?, or it is not need?)
- use windows tools to restore tombstoned objects
- do not enable "ad recycle bin" any way?
what about a "losing attributes when delete without recycle bin" in 4.5.1?
I would like to know how to act in "need to restore objects" situation
in future.
> I hope this helps,
Thanks, I hope it too :)
--
Mike
More information about the samba
mailing list