So it’s not the mistake, but how you react to it, because we have all made them before.
The good news is that we have multiple AD servers, and one is placed in a separate data center for DR purposes, and that is how we backed out of this Dooh! We leveraged the AD server in the remote data center as it had not received an update to the change yet. Why? When we configured it, it’s on a WAN segment, and therefore changes are batched and updated every three hours.
So Joe is a really good IT dude and just goofed. He is also smart and got on it right away. Joe did the following. They are at a high level, but you will get the idea.
- Went to the remote AD server and turned off receiving replication. So it will not get the change.
- Changed the update sequence number for the OU on the remote AD server. This is done via authoritative restore via Directory Services Recovery Mode.
- Then he was able to replicate everything back.
- And everything appeared to be good. And it was!
Recommended reading
Performing an Authoritative Restore of Active Directory Objects @ http://technet.microsoft.com/en-us/library/cc779573(WS.10).aspx
How To Reset the Directory Services Restore Mode Administrator Account Password in Windows Server 2003 @ http://support.microsoft.com/kb/322672
No comments:
Post a Comment