The Swede's blog

Friday, November 20, 2009

Restore of an object or subtree

I've been asked several times how to get an object or subtree of objects back if an accidental deletion happened and you have one DC that still have the objects. In other words mark these objects as authoritative so they replicate back to the DCs that have them deleted. This is usual in a lag site scenario, or if you are lucky to find a DC that haven't already delete the object(s).

So here is a step-by-step on Windows 2008, note that this is not applicable for versions lower than 2008.


1. Stop relication on a DC that have the object(s) with repadmin. I usually stop both inbound and outbound to be safe:
- Repadmin /options +disable_inbound_repl
- Repadmin /options +disable_outbound_repl

2. Stop AD Service. This will also stop the following services:
- File Replication
- Kerberos Key Distribution Center
- Intersite Messaging
- DNS Server
- DFS Replication

3. Set instance:
- Ntdsutil
- Activate instance NTDS

4. Authoritative Restore (while in ntdsutil):
- Authoritative restore
- Restore subtree ou=dr-test,dc=qadvice,dc=prv

Example screenshot:
authoritative restore: restore subtree ou=dr-test,dc=qadvice,dc=prv
Opening DIT database... Done.

The current time is 11-20-09 12:35.45.
Most recent database update occured at 11-20-09 12:32.09.
Increasing attribute version numbers by 100000.
Counting records that need updating...
Records found: 0000001001
Done.

Found 1001 records to update.
Updating records...
Records remaining: 0000000000
Done.

Successfully updated 1001 records.
The following text file with a list of authoritatively restored objects has been created in the current working directory:
ar_20091120-123545_objects.txt
None of the specified objects have back-links in this domain. No link restore file has been created.
Authoritative Restore completed successfully.

5. Start AD and related services (if they don't start automatically)

6. Enable replication on the DC:
- Repadmin /options -disable_inbound_repl
- Repadmin /options -disable_outbound_repl

posted by Jimmy Andersson [AD & Security MVP] at 1:27 PM | 0 comments links to this post

Tuesday, October 06, 2009

MVP Award. I received this in my mail Oct 1st:

"Dear Jimmy Andersson,Congratulations!

We are pleased to present you with the 2009 Microsoft® MVP Award! This award is given to exceptional technical community leaders who actively share their high quality, real world expertise with others. We appreciate your outstanding contributions in Directory Services technical communities during the past year."

I'm very glad and proud of it. This is the 11th year in a row!

posted by Jimmy Andersson [AD & Security MVP] at 11:40 AM | 0 comments links to this post

Friday, August 07, 2009

TEC Europe

I just decided to attend TEC Europe in September. It will be held in Berlin at the Hilton, September 14-16.
Hope to see you there!

posted by Jimmy Andersson [AD & Security MVP] at 5:28 PM | 0 comments links to this post

Tuesday, August 04, 2009

Warning: The software you are installing does not match your mental model

I just read this on Jesper's blog. It is funny :)

posted by Jimmy Andersson [AD & Security MVP] at 3:28 PM | 0 comments links to this post

Recommended settings for event log sizes in Windows Server 2003 and in Windows Server 2008

http://support.microsoft.com/kb/957662

posted by Jimmy Andersson [AD & Security MVP] at 3:10 PM | 1 comments links to this post

Thursday, July 30, 2009

Sooz arrived

Sooz arrived, picked her up at the airport. And guess what..... Yes, she arrives without the bag, it is still in Copenhagen and we hope it will arrive sometime soon. Tomorrow we're going on a road trip to Sundsvall so I really hope she gets her bag tonight....

posted by Jimmy Andersson [AD & Security MVP] at 5:42 PM | 2 comments links to this post

Wednesday, July 29, 2009

Find account based on a given SID

Here is some code that will find the account based on a given SID:

-Script Begins-
'============================================================
' NAME: find-Account.vbs
' AUTHOR: Jimmy Andersson, Q Advice AB
' DATE: 21/04/2009
' Version: 1.0 - initial version
' USAGE: cscript find-Account.vbs
'============================================================
Option Explicit

'============================================================
'==== Declare variables and sets objWMIService
'============================================================
Dim strComputer, objWMIService, objAccount
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

'===========================================================
'==== Below code finds the account based on a given
'==== SID (both local and domain accounts)
'===========================================================
Set objAccount = objWMIService.Get _
("Win32_SID.SID='S-1-5-21-842925246-725345543-682003330-4474'")
wScript.Echo objAccount.ReferencedDomainName &_
"\" & objAccount.AccountName
-Script Ends-

posted by Jimmy Andersson [AD & Security MVP] at 11:56 PM | 0 comments links to this post

A way of finding the local admin account by searching SIDs

Let's say you don't know the account name for the local admin account. The below code will find it for you. This is really good to have if a customer used the "oh-not-so-good-way-to-apply-security" approach.
I actually had a customer (before I came along and changed it) randomize the renaming of the local admin on their workstations....
Do I need to say that they didn't have a log. And even more "strange" is that they actually created 20+ local accounts just to confuse a potential bad guy.....
I will not start to rant about what I think of this approach. Never the less I had to find all the local admin accounts on their workstations. So I wrote some code that I fired off remotely and logged the information in a secure place. The basis of that code is below:
(as usual wrapping might be an issue)

-Script Begins-
'============================================================
' NAME: find-AdminName.vbs
' AUTHOR: Jimmy Andersson, Q Advice AB
' DATE: 21/04/2009
' Version: 1.0 - initial version
' USAGE: cscript find-AdminName.vbs
'============================================================
Option Explicit

'============================================================
'==== Declare variables and sets objWMIService
'============================================================
Dim strComputer, objWMIService, objAccount, colAccounts
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

'===========================================================
'==== Below code finds the local ADMINISTRATOR account
'==== by searching the SIDs of local accounts
'===========================================================
Set colAccounts = objWMIService.ExecQuery _
("Select * From Win32_UserAccount Where LocalAccount = TRUE")
For Each objAccount in colAccountsIf Left (objAccount.SID, 6) = "S-1-5-" and Right(objAccount.SID, 4) = "-500" Then
Call getInfo
End If
Next

'===========================================================
'==== Function to get properties
'===========================================================
Function getInfo
wScript.Echo "Name: " & objAccount.Name
wScript.Echo "SID: " & objAccount.SID
wScript.Echo "Description: " & objAccount.Description
wScript.Echo "Disabled: " & objAccount.Disabled
wScript.Echo "Pwd Expires: " & objAccount.PasswordExpires
wScript.Echo "Pwd Required: " & objAccount.PasswordRequired
wScript.Echo "Pwd Changeable: " & objAccount.PasswordChangeable
End Function
-Script Ends-

posted by Jimmy Andersson [AD & Security MVP] at 11:39 PM | 0 comments links to this post

How to get the SID of an account

Someone asked me how to write a script that will show you the SID and some other "stuff" of a specified username. So here it is, really simple and fast to do. The below will show you:
- name (which you need to know in advance)
- SID
- Description
- If it is disabled or not
- If the password expires
- If a password is required
- If the password can be changed.

-Script Begins-
'============================================================
' NAME: findSID-Name.vbs
' AUTHOR: Jimmy Andersson, Q Advice AB
' DATE: 21/04/2009
' Version: 1.0 - initial version
' USAGE: cscript findSID-Name.vbs
'============================================================
Option Explicit

'============================================================
'==== Declare variables and sets objWMIService
'============================================================
Dim strComputer, objWMIService, objAccount
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

'============================================================
'==== Below code gets the SID of a specified account.
'==== NOTE: If you specify a domain name instead of a computer name you'll
'==== get the SID of a domain account. E.g. name='admin',domain='root' '================'===========================================
Set objAccount =_
objWMIService.Get("Win32_UserAccount.Name='x-admin',Domain='client001'")
Call getInfo

'===========================================================
'==== Function to get properties
'===========================================================
Function getInfo
wScript.Echo "Name: " & objAccount.Name
wScript.Echo "SID: " & objAccount.SID
wScript.Echo "Description: " & objAccount.Description
wScript.Echo "Disabled: " & objAccount.Disabled
wScript.Echo "Pwd Expires: " & objAccount.PasswordExpires
wScript.Echo "Pwd Required: " & objAccount.PasswordRequired
wScript.Echo "Pwd Changeable: " & objAccount.PasswordChangeable
End Function
-Script Ends-

posted by Jimmy Andersson [AD & Security MVP] at 11:10 PM | 0 comments links to this post

How to show color indices in Excel with VBScript

Ok, someone asked me how to find out the color indices in Excel via Script. So here it goes:

(as always, formatting and word wrap might not work.....And you need Excel installed on the machine where the code executes of course)

-Script Begins-

Set objExcel = CreateObject("Excel.Application")
objExcel.Visible = TrueSet
objWorkbook = objExcel.Workbooks.Add()
Set objWorksheet = objWorkbook.Worksheets(1)

For i = 1 to 14
objExcel.Cells(i, 1).Value = i
objExcel.Cells(i, 2).Interior.ColorIndex = i
Next

For i = 15 to 28
objExcel.Cells(i - 14, 3).Value = i
objExcel.Cells(i - 14, 4).Interior.ColorIndex = i
Next

For i = 29 to 42
objExcel.Cells(i - 28, 5).Value = i
objExcel.Cells(i - 28, 6).Interior.ColorIndex = i
Next

For i = 43 to 56
objExcel.Cells(i - 42, 7).Value = i
objExcel.Cells(i - 42, 8).Interior.ColorIndex = i
Next

-Script Ends-

posted by Jimmy Andersson [AD & Security MVP] at 10:17 PM | 0 comments links to this post

Back from Philly

Came back from Philly and I must say that I had a great time!
It was really nice to meet Laura and Mark again. Their new place is really nice and have everything you need. Including a very nice pub (Charlie's) just around the corner!

All in all - time well spent, good food, good drinks! Hopefully I'll see them again in December in New York!

Now I'm getting ready for Sooze to come visit us tomorrow. That will also be loads of fun, travelling around Sweden and then Germany. Hopefully we have the time to stop by Zürich as well....

Ok, carry on! :)

posted by Jimmy Andersson [AD & Security MVP] at 10:00 PM | 0 comments links to this post

Wednesday, July 22, 2009

"I want to look after old people"

Nick, you are old. Get over it :)

For you that don't know us, Nick is my mate and I can take the Mickey out of him if I want!

posted by Jimmy Andersson [AD & Security MVP] at 4:49 PM | 0 comments links to this post

Philly

Ok, arrived in Philly. Mark picked me up at the airport but not my bag... Read Mark's blog for details. Anyway, I'm here and we're having fun!

As always, good food an wine is a given!

posted by Jimmy Andersson [AD & Security MVP] at 4:44 PM | 0 comments links to this post