Configuring Settings for Recovery for Active Directory
To recover system attributes and restore deleted AD users and passwords, you've got to update your Active Directory schema to store attributes in the recycle bin. Perform the following configuration steps in your Active Directory infrastructure.
Note: Make sure to use the account that is a member of the Schema Admins and that the changes to the schema are authorized.
- Start ADSI Edit tool.
- In ADSI Edit window, right-click the root node and select Connect to.
-
In the Connection Settings dialog,
-
expand the drop-down list under Select a well known Naming Context and specify Schema,
- In Select or type a domain controller or server, provide a name of a DC that holds the Schema Master FSMO role.
-
- Expand the Schema container, locate objects to update. Select objects, one by one. For each object, specify Properties, locate the searchFlags attribute, and provide a new value (equals to old value + 8).
|
OBJECT |
ATTRIBUTE |
VALUE |
|---|---|---|
|
SID History |
|
|
|
SID-History (sIDHistory) |
searchFlags |
Current + 8 |
|
Passwords |
|
|
|
Unicode-Pwd (unicodePwd) |
searchFlags |
Current + 8 |
|
DBCS-Pwd (dBCSPwd) |
searchFlags |
Current + 8 |
|
Supplemental-Credentials (supplementalCredentials) |
searchFlags |
Current + 8 |
|
Lm-Pwd-History (lmPwdHistory) |
searchFlags |
Current + 8 |
|
Nt-Pwd-History (nTPwdHistory) |
searchFlags |
Current + 8 |
