Accident deleted Active Directory Object – now what?

Good day. Its almost holiday period. Got a call from one of our customer, situation is like this:

The backup of the system state is over the tumbstone mode, 60 days. No more backup after that. He accidently delete an OU, which consists of three departments users.

Normally, we shall say, please use authoritative restore. Yes, this is the best and safe way if you have a recent backup. What if you dont? Does it mean all your object now gone?

The beauty of AD is, it keeps its deleted objects for 60 days by default, you will be able to change it via registry.

Normally, to "undelete" an object from AD can be tedious. We would like to share a tool from Quest software. We would like to thank Prakash, the Malaysia Champ who share this with us.

You can use this tool for FREE, only valid for 6 months. However, as long as it works and save your day!

Accessing other users mailboxes using administrators

Good day. Still remember Exchange 5.5 days where you can access other users’ mailboxes using administrator account? Too bad - it doesn’t work in Exchange 2000 or Exchange 2003.

Recently, there are few of the companies required to perform this, randomly check on employee's mailboxes; it’s a company policies.

How to do so? Again, Support Tools - best practices, we always encourage administrators to install windows support tools to every server that you had in the network - you simply won’t know when you need it.

1) Go to ADSI Edit using MMC
2) Locate under configuration partition
3) CN=Services, CN=Microsoft Exchange,
4) Right click the organization name, CN=Orgname
5) Click on Security Tab
6) You will notice administrator has "Deny" permissions on the "Receive As" and "Send As" properties. Once you uncheck those you would be able to access all mailboxes using the Administrator account.

NOTE: We always recommend to use Groups rather than individual account to assign/delegate any permission.

There you go...