Denis Cardon
2017-Aug-29 10:45 UTC
[Samba] recommanded way to restore objects from Deleted Objects
Hi everyone, in samba 4.5 changelog, it says that samba AD now supports tombstone reanimation. I've been used to ldbrename and ldbmodify to reanimate objects to keep objectSID, but if it is now officially supported, it would be better to use the proper way. Sysinternals tool adrestore [1] seems to be working properly (it does not restore most attributes, but this is expected since recycle bin is not yet supported. Replication after adrestor'ing an object is fine. I did'nt found an equivalent with samba-tool. Is using adrestore windows command line a proper way to do it? Should we use ntdsutil authoritative restore? Is there a samba command line to do that? Cheers, Denis [1] https://docs.microsoft.com/en-us/sysinternals/downloads/adrestore -- Denis Cardon Tranquil IT Systems Les Espaces Jules Verne, bâtiment A 12 avenue Jules Verne 44230 Saint Sébastien sur Loire tel : +33 (0) 2.40.97.57.55 http://www.tranquil-it-systems.fr
Andrew Bartlett
2017-Aug-30 10:26 UTC
[Samba] recommanded way to restore objects from Deleted Objects
On Tue, 2017-08-29 at 12:45 +0200, Denis Cardon via samba wrote:> Hi everyone, > > in samba 4.5 changelog, it says that samba AD now supports tombstone > reanimation. I've been used to ldbrename and ldbmodify to reanimate > objects to keep objectSID, but if it is now officially supported, it > would be better to use the proper way. > > Sysinternals tool adrestore [1] seems to be working properly (it does > not restore most attributes, but this is expected since recycle bin is > not yet supported. Replication after adrestor'ing an object is fine. > > I did'nt found an equivalent with samba-tool. Is using adrestore windows > command line a proper way to do it? Should we use ntdsutil authoritative > restore? Is there a samba command line to do that?Thanks for bringing this up, I actually wrote up a script, and posted it to samba-technical in May/June. I need to write up a simple test to ensure it keeps working, I'll do that. In the long term it needs to be part of samba-tool, and probably with some more options. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Possibly Parallel Threads
- Right way to restore deleted objects (in samba 4.1 or newer with or without "ad recycle bin")
- ldbrename does not rename container users CN=Deleted Objects
- Right way to restore deleted objects (in samba 4.1 or newer with or without "ad recycle bin")
- Recomendation for LDAP broser / editor for windows
- ldbrename does not rename container users CN=Deleted Objects