Recover deleted AD Object

31 Jan

Original Microsoft Tech Net guide

 

OLD WAY!https://technet.microsoft.com/en-us/library/dd379509(v=ws.10).aspx

 

NEW WAY!

 

How to Restore a Microsoft Server 2012 Active Directory Object from the Active Directory Recycle Bin

  • Last updated on Oct 26, 2016

This article refers to the Barracuda Backup Legacy Release firmware or newer, and Microsoft® Active Directory (AD) on Microsoft Windows Server® 2012. For information on backing up the AD, refer to How to Back Up Microsoft Active Directory.

Before attempting to recover a domain controller, first review the Microsoft TechNet article Domain Controller Recovery[1] for a complete list of recommendations.

Use the following steps to restore an AD Object from the AD Recycle Bin:

  1. Log in to the Windows Server 2012 as the administrator.
  2. Go to Start, and type dsac.exe to open the ADAC, or in Server Manager, click Tools, and then click Active Directory Administrative Center.
  3. In the left pane, click on the target Server name; a Deleted Objects container displays in the center pane:
    ad_server2012.png

    Deleted Objects Container
    If the Deleted Objects container does not display, right-click on the Server name in the left pane to enable the container.

  4. Double-click the Deleted Objects container to view a list of deleted items which can be restored.
  5. Right-click on the user to restore, and click Restore:
    restore_ad.png
  6. Verify the user has been restored.

 

 

 

Tags: , , ,

Re Scan Veeam backup repos

19 Dec

Rescanning Simple Backup Repositories

You can rescan a backup repository configured in the backup infrastructure. Backup repository rescan may be required, for example, if you have archived backups from a backup repository to tape and deleted backup files in the backup repository. Or you have copied backups to the backup repository manually and want to work with them in Veeam Backup & Replication.

During the rescan operation, Veeam Backup & Replication gathers information about backups that are currently available in the backup repository and updates the list of backups in the configuration database.

To rescan a backup repository:

  1. Open the Backup Infrastructure view.
  2. In the inventory pane, select the Backup Repositories node.
  3. In the working area, select the backup repository and click Rescan Repository on the ribbon or right-click the backup repository and select Rescan repository.

Click to zoom in

Tags: ,

Add PST to Office365

6 Dec

https://support.office.com/en-us/article/Use-network-upload-to-import-PST-files-to-Office-365-103f940c-0468-4e1a-b527-cc8ad13a5ea6

Tags: ,

How to make a DEP Registered iPad Supervised

5 Dec
  1. Enter device serial number into DEP at deploy.apple.com (You only have to do this once in the device’s life).
  2. In Meraki, navigate to “SystemsManager>MDM>DEP”. Your device should have appeared automatically.
  3. In Meraki>MDM>DEP, select the check-box next to your desired device and then click “Assign Settings” at the top of the device list (Settings are configured via “SystemsManager>MDM>Settings”).
  4. From the device itself, Erase All Content and Settings (Alternatively, you can use Configurator to restore a backup at this point. This process also wipes the device).
  5. From the device, proceed through the initial configuration screens. One of the screens will ask if you would like to apply settings from the MDM (“SoandSo can automatically configure your iPad: Apply Configuration/Skip Configuration”). Select ApplyConfiguration and then click Next. Complete your setup.
  6. Everything should be happy now. Meraki should list the device as Supervised, and the device Settings>General>About should have an message stating the device is supervised just underneath the device name. If you ever want to reconfigure the device, just push the Settings again from Meraki, wipe the device and then accept the Settings.

Short Version:

  1. Enter serial into DEP
  2. Apply settings from Meraki
  3. Wipe device
  4. Complete device config and accept settings

It has taken me quite a bit of time to get comfortable with iPad management through Meraki, but I wont go into all of the perils. I will say that things actually become more complex with Configurator (more parts, more problems). Fortunately, what you are trying to do is fairly straight forward, and it shouldn’t take very long to get the hang of it.

You can also reference this page, if you haven’t already:https://documentation.meraki.com/SM/Device_Enrollment/Using_Apple’s_Device_Enrollment_Program_(DEP)_with_Systems_Manager

Tags: , , ,

.local again!

1 Dec

Full credit to Mark Parris for the original write up

Active Directory: .local domain design and Office 365.

Active Directory: .local domain design and Office 365.

Microsoft since the release of Windows 2000 Server have recommended that any Windows Server environment promoted to host an Active Directory forest/domain should be configured with a registered Top Level Domain (TLD), such as .com, .net, .org etc.

Many companies have ignored this advice and taken the approach of, my internet presence is for example markparris.net so I will therefore call my Active Directory forest markparris.local.

This approach to the .local namespace in Active Directory has caused no real issue, with exception of Apple Mac Integration into the environment (see below).

With the onset of the cloud, premises and off premises computing the .localnamespace now causes a potential issue. The .local namespace issue may be resolved with a simple fix or it could involve a fair amount of remediation work.

In order to use Microsoft Office 365 Cloud Services with an on premise Active Directory synchronised via DirSync to the “Microsoft Cloud” the forests namespace or to be more precise the users UPN (User Principal Name) must be an internet registered TLD.   In most companies this can be easily achieved by setting all cloud users UPN’s to their email address (or another registered namespace) and then this is what the user presents to Microsoft, to be authenticated/validated.

In some companies, the .local UPN namespace may already be in use for something else and a UPN remediation project may need to be completed prior to any Microsoft cloud integration. This could again be a simple resolution or a huge global project.

So to summarise, the recommendation is still not to use the .local namespace in any new Active Directory implementation, if you have utilised the .localnamespace and you have a requirement to implement Office 365, then identify and configure a registered UPN for the affected accounts.

To be fair to Microsoft, they did tell you.

DNS name registration with an Internet registrar

We recommend that you register DNS names for the top-most internal and external DNS namespaces with an Internet registrar. This includes the forest root domain of any Active Directory forests unless such names are sub-domains of DNS names that are registered by your organization name (For example, the forest root domain “corp.example.com” is a sub-domain of an internal “example.com.” namespace.) Article ID: 300684 – Last Review: February 16, 2011 – Revision: 25.1.  http://support.microsoft.com/kb/300684

As I put my thoughts down, it has also become apparent to me that anyone with an Active Directory namespace that uses a TLD namespace that is not registered to them will also have this same issue and will also need to configure new UPN’s.

Apple Issues

Mac OS X: About Multicast DNS

http://support.apple.com/kb/TA20999?viewlocale=en_US

You receive an “unexpected error occurred” error message when you try to access resources on a Windows-based network from your Macintosh computer

http://support.microsoft.com/kb/836413

Tags: , , ,

NTP Server

16 Nov

This is all you need if you want to keep it simple. Run using PowerShell as admin:

w32tm /config /manualpeerlist:pool.ntp.org /syncfromflags:MANUAL
Stop-Service w32time
Start-Service w32time

Login script, add the following; net time \\dc01 /set /yes

You can also configure GPO for your clients.

Tags: ,

← Older Entries
Newer Entries →