Home
Topics
Microsoft Active Directory
Microsoft Active Directory Backup and Restore
Unable to restore critical information after moving user accounts via LDIF

Unable to restore critical information after moving user accounts via LDIF

In my company we cannot just delete user accounts due to regulatory restrictions. While I can export the user information via LDIF, I cannot restore the most critical information, like group memberships and SID. I have tried using the AD migration tool to move disabled IDs to a different domain, but that has restrictions and quirks as well. Our Win2k AD tombstones objects in 60 days, which is not a long enough period to keep IDs should I need to restore them. Any ideas?

Requires Free Membership to View

Login

By submitting you agree to receive email communications from
TechTarget and its partners. Privacy Policy Terms of Use.

Interesting issue... I could see why using LDIF or moving the accounts to another domain may cause issues, primarily issues with the SID and maintaining that SID through the transitions. ADMT might assist in the move from the Domains, but will still leverage a SID-history mechanism that could lead to issues. An interesting possibility is to move the disabled accounts to an OU. Create a highly restrictive GPO and apply it specifically to the OU. Use a group like, disabled_accounts, and specifically deny network logons, deny logon locally, deny logon as a service, deny logon as a batch job. When you need to prevent a user from access resources you add them to this restrictive group and OU. The group policy is applied and they are prevented from getting to any resource in the organization. Since the account is not deleted or disabled, it will be retained as long as you need it. Keep in mind that I have not tried this myself and I would strongly suggest setting up a testing AD in an isolated lab to make sure that it is working appropriately (preventing the people you don't want and not affecting the remaining population). The last thing you want to do is cripple the entire organization with a GPO.

Additional Expert Help:
Be sure to check our Answer FAQ for more expert advice.
For faster answers, visit ITKnowledge Exchange.

More News and Tutorials

Articles

Related glossary terms

Terms for Whatis.com - the technology online dictionary
- Directory Services Restore Mode (DSRM)

This was first published in December 2004

Join the conversationComment

Share

Comments

Results

Contribute to the conversation

All fields are required. Comments will appear at the bottom of the article.

Back to top

More from Related TechTarget Sites

Server Virtualization
Cloud computing
Exchange
SQL Server
Windows IT
Enterprise Desktop
Virtual Desktop

Server Virtualization
- Strike a common-sense balance when deciding what to automate
  
  Consider the many factors that determine the potential return on investment when deciding when and what to automate.
- How can I enable automated VM resource provisioning?
  
  As with many other facets of virtualization, VM resource allocation is becoming automated. Find out what tools you can use for automated provisioning.
- Columbia Sportswear's move from virtualization to private cloud computing
  
  Columbia Sportswear parlayed server virtualization into a private cloud. Along the way, it found that its management tools needed serious rethinking.
Cloud computing
- Sequestration stymies federal government cloud ambitions
  
  The federal government is under mandates to consolidate data centers and deliver IT as a Service, but sequestration makes this easier said than done.
- VMware charges into public cloud IaaS fray as Dell exits
  
  Dell will discontinue its OpenStack and VMware vCloud-based public cloud offerings as VMware delivers its vCloud IaaS.
- Cloud migration obstacles remain for heavily regulated industries
  
  Financial, government and healthcare industries must overcome data security breaches and regulatory issues for a successful cloud migration.
Exchange
- Exchange Global Address List updates not replicating to sites
  
  For some reason, an admin's Exchange Global Address List updates are not updating to sites. Our expert has several suggestions to fix the issue.
- Replacing Forefront TMG: Alternate reverse-proxy options for Exchange
  
  With the discontinuation of Forefront TMG, Exchange admins are left wondering what to do moving forward. The available options may surprise you.
- Comparing Exchange 2013 and Office 365 pricing and feature sets
  
  Exchange 2013 and Office 365 pricing and feature sets are important items to examine when weighing an email migration. Here's what to know.
SQL Server
- Database index design and optimization: Some guidelines
  
  What are the latest tips and tricks for database design and optimization? Check out this tip from Basit Farooq to learn more.
- Adam Machanic talks SQL Saturday
  
  We caught up with Adam Machanic, group leader of the New England SQL Server user group, at SQL Saturday Boston. Find out what he shared with us.
- SQL Server meets database application security
  
  Make sure your SQL Server is secure by studying these general guidelines for secure database applications from SQL Server expert Roman Rehak.
Windows IT
- How to advance your cloud skills and get ahead of the gap
  
  There may be a growing shortage of IT pros with cloud skills, but you can take action now and become a valuable asset with the right skills.
- Prepare for a SharePoint 2013 upgrade with five tips
  
  Considering an upgrade to SharePoint 2013? Find out the answers to the most common questions IT pros will ask before making the jump.
- Prioritize your IT tasks and finally conquer your to-do list
  
  It's easy to feel overwhelmed by a growing to-do list of IT tasks, but there are easy ways you can decide what to tackle first and what can wait.
Enterprise Desktop
- Finding a prescription for desktop security management at Sharp HealthCare
  
  Desktop security policy must cover the use of mobile devices and the cloud. Sharp HealthCare uses a mix of software for desktop security management.
- Windows 8 tools build on native Windows 7 utilities with new capabilities
  
  New and updated Windows 8 tools can help admins and users. Windows 8 utilities include functions for backing up and restoring systems.
- Why a Windows security scan is not enough to protect your workstations
  
  A traditional Windows security scan may lure IT into complacency about desktop vulnerabilities, so look at four areas to beef up Windows security.
Virtual Desktop
- Citrix simplifies VDI again with XenDesktop 7-XenApp combo
  
  Citrix VDI admins can deploy and manage XenDesktop and XenApp under the same architecture, something they expected for years.
- Citrix kills its Application Streaming feature, directs users to App-V
  
  Citrix has officially ceased development and support for its Application Streaming feature, and has directed IT pros to use Microsoft App-V instead.
- Citrix expected to tackle mobile application delivery, VDI costs
  
  As Citrix Synergy 2013 kicks off in Anaheim, attendees hope to learn about new desktop and application delivery strategies for the mobile world.

All Rights Reserved,Copyright - 2013, TechTarget