News Stay informed about the latest enterprise technology news and product updates.

New AD tool brings users 'back from the dead'

A new version of Aelita Software's Active Directory recovery product will give AD users another option for reconstituting deleted objects online.

An upcoming version of an Active Directory recovery product made by Aelita Software Corp. will give customers another option for reconstituting deleted objects online.

The software, which was formerly called ERDisk for Active Directory, will launch this week as Aelita Recovery Manager for Active Directory 7.0. The main improvement will be support for a tombstone reanimation programming interface in Microsoft's Windows Server 2003.

By supporting this interface, customers get an alternate way to restore objects that have been deleted, said Betsy Bender, director of product marketing and product management at Aelita, which is based in Dublin, Ohio.

Before Microsoft had made its programming interface available in Windows Server 2003, Aelita's software was able to restore deleted objects, but it did so using methods that were not sanctioned by Microsoft.

To recover a user object in Active Directory 2000 an IT administrator had to take a domain controller offline and work in Active Directory restoration mode. The administrator had to know the actual "distinguished name" of the user and locate the user. "The Aelita product was good because you didn't have to take down the live domain controller, and it showed you graphically which users were deleted," said Jeremy Moskowitz, a consultant at Moskowitz Inc., Wilmington, Del.

The new product can use an officially sanctioned Microsoft API for tombstone reanimation, Moskowitz said: "[The API] paws through Active Directory objects that are deleted, and it does something akin to a preliminary restore -- it puts back the skeleton of the user. But to get back the skin and hair and teeth, you still need the Aelita product."

With ERDisk, customers were able to bring back "tombstoned" objects, but the method may have been considered a security risk, said Ernie Coldwell, a network analyst at MAHLE Industries Inc., a German auto parts manufacturing company with offices worldwide.

Having the ability to do an online restoration of deleted objects from an Active Directory is valuable to many companies. The ability may be especially valuable at a large enterprise, where it's more likely that some end users may have the same last name. If, during the course of a network migration using Active Directory 2000, the wrong person's information is deleted, that user is gone for good.

"With ERDisk, you could bring back users 'from the dead' with all the files and permissions," Coldwell said. "This is especially important if the user has a lot of access to things. Without ERDisk, you had to recreate the user's name and then manually create files and folders."

Moskowitz said it would be a user's choice whether to go with the old Aelita back-door method of restoring a user or to use the new Aelita product and restore the user through the API. The reasons for doing it one way or the other are purely philosophical. Both methods work, but one way is blessed by Microsoft.

Aelita isn't the only third-party software company to help customers restore deleted objects from Active Directory. CommVault Systems Inc., an Oceanport, N.J., company, also offers tombstone reanimation, as part of a larger software package.

The Aelita Recovery Manager for Active Directory is licensed by number of user accounts. Prices start at $6 per user account. Volume discounts are available.


Learning guide: Planning and designing your Active Directory

Experts' Top 5: Active Directory migration tips

Top 10 Active Directory management bloopers

Dig Deeper on Windows administration tools

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Have a look here for deleted active directory objects restore .