Active Directory Object Restore Guide RUS

Download Active Directory Object Restore Guide RUS

Post on 28-Apr-2015

99 views

Category:

Documents

8 download

Embed Size (px)

TRANSCRIPT

<p> Active Directory: </p> <p> .................................................................................................................................................... 3 : .............................................................................................. 4 1. 2. 3. 4. 5. ldp.exe .......................................................................... 5 ADRESTORE ............................................................................................................ 10 AD Recycle Bin (Windows Server 2008 R2) .................................................. 13 NTDSUTIL .................................................... 17 NetWrix Active Directory Object Restore Wizard ........................................................................ 21</p> <p> .............................................................................................................................................. 25 .................................................................................................................... 26</p> <p>2</p> <p> Active Directory: </p> <p>, . , , , Microsoft, . , . , , . tombstone-. : ( ,</p> <p> ) - , </p> <p> . , . , objectGUID objectSid ( , ). , ACL, . . , tombstone-, </p> <p> . NetWrix Active Directory Object Restore Wizard.</p> <p>3</p> <p> Active Directory: : </p> <p>: acme.com OU Finance_Department Oleg Dmitry OU Admins, Sergey. : OU ( OU) .</p> <p> .</p> <p> , AD. , .</p> <p>4</p> <p> Active Directory: 1. ldp.exe</p> <p> : -&gt;Ldp.exe : tombstone- DSRM- (Directory Services Restore Mode) : (), , </p> <p> :1) (CN=Deleted Objects)</p> <p> , ( CN=Deleted Objects . ldp.exe Active Directory ( Domain Admins). 1. 2. ldp.exe. ( ldp.exe) Options () Controls ( )</p> <p>5</p> <p> Active Directory: 3. Load Predefined</p> <p>( ), Return deleted objects ( ) 4. a. , : , </p> <p> Active Directory, Connections () Connect () Bind (). b. , Distinguished Name</p> <p>(DN) DC=,DC=. c. (DN) </p> <p> CN=Deleted Objects, DC=,DC=. :</p> <p> Oleg, OU Finance_Department.</p> <p>1)</p> <p> ldp.exe</p> <p>2) Connections () Connect () - Bind () , Active Directory</p> <p>3)</p> <p> CN=Deleted Objects ( </p> <p>DC=acme,DC=com )</p> <p>6</p> <p> Active Directory: </p> <p>4)</p> <p> CN=Deleted Objects , </p> <p>, Modify (). 5) a. b. Modify () Edit Entry ( ) isDeleted Values () </p> <p>7</p> <p> Active Directory: c. Operation () Delete () </p> <p> Enter ()</p> <p>d. e.</p> <p> Edit Entry Attribute ( ) distinguishedName Values () (DN) </p> <p> Active Directory. f. g. Operation () Replace () Extended (), Enter (), </p> <p> Run ()</p> <p>8</p> <p> Active Directory: </p> <p> , . . . : OU Finance_Department OU Admins Dmitry Sergey</p> <p>:</p> <p> , . .</p> <p>9</p> <p> Active Directory: 2. ADRESTORE</p> <p> : Active Directory : www.microsoft.com/technet/sysinternals/utilities/AdRestore.mspx : DSRM- (Directory Services Restore Mode) : , </p> <p> (OU OU)</p> <p> - LDP . . ADRESTORE, AD.</p> <p> :</p> <p> . - . </p> <p> CN=Deleted Objects</p> <p> , :</p> <p>C:\&gt; adrestore Finance_Department</p> <p>10</p> <p> Active Directory: CN=Deleted Objects, Finance_Department CN OU LDAP cn=*Finance_Department* ou=*Finance_Department*. </p> <p> , ADRESTORE.</p> <p> -, , </p> <p> r , , :</p> <p>C:\&gt; adrestore r Finance_Department :</p> <p>C:\&gt; adrestore r Oleg C:\&gt; adrestore r Dmitry C:\&gt; adrestore r Admins C:\&gt; adrestore r Sergey . , </p> <p>lastKnownParent - ( ).</p> <p>11</p> <p> Active Directory: -. ADRESTORE , lastKnownParent -, .</p> <p>:</p> <p>ADRESTORE , LDP. , - - . .</p> <p>12</p> <p> Active Directory: 3. AD Recycle Bin (Windows Server 2008 R2)</p> <p> : , : Windows Server 2008 R2. : : Powershell. Windows 2008 R2</p> <p> Windows Server 2008 R2 Active Directory Recycle Bin (AD RB), , , Windows Server 2008 R2. AD RB Windows - . AD RB . AD RB 180 , Recycle Bin Lifetime, . Powershell Get-ADObject Restore-ADObject ( , , ). Get-ADObject , Restore-ADObject:</p> <p>13</p> <p> Active Directory: 1. 2. Active Directory Windows PowerShell. Active Directory module for Windows PowerShell </p> <p> : PS C:\&gt; Get-ADObject -Filter {displayName -eq "user"} -IncludeDeletedObjects | RestoreADObject -Filter {displayName -eq "user"} , AD ( user), -IncludeDeletedObjects , Restore-ADObject AD. , , -. , . , .</p> <p> 1. Active Directory Windows PowerShell. 2. Active Directory module for Windows PowerShell :</p> <p> acme.com Get-ADObject -SearchBase "CN=Deleted Objects,DC=acme,DC=com" IncludeDeletedObjects , OU Get-ADObject -SearchBase "CN=Deleted Objects,DC=acme,DC=com" -ldapFilter:"(msDslastKnownRDN=User)" IncludeDeletedObjects Properties lastKnownParent</p> <p>14</p> <p> Active Directory: User OU ( -Properties lastKnownParent)</p> <p> , OU OU Finance_Department, (Finance_Department\\0ADEL:e954eddadb8c-41be-bbbd-599bef5a5f2a).</p> <p>Get-ADObject SearchBase "CN=Deleted Objects,DC=acme,DC=com" -Filter {lastKnownParent -eq 'OU=Finance_Department\\0ADEL:e954edda-db8c-41be-bbbd-599bef5a5f2a,CN=Deleted Objects,DC=acme,DC=com'} -IncludeDeletedObjects -Properties lastKnownParent | ft</p> <p>!</p> <p> OU, </p> <p> . OU=Finance_Department.</p> <p> 1. Active Directory Windows PowerShell 2. Finance_Department, :</p> <p>Get-ADObject -ldapFilter:"(msDS-LastKnownRDN=Finance_Department)" IncludeDeletedObjects | Restore-ADObject3. OU, OU Finance_Department (, Finance_Department </p> <p>OU=Finance_Department,DC=acme,DC=com)</p> <p>Get-ADObject {lastKnownParent</p> <p>-SearchBase -eq</p> <p>"CN=Deleted</p> <p>Objects,DC=acme,DC=com"</p> <p>-Filter -</p> <p>"OU=Finance_Department,DC=acme,DC=com"}</p> <p>IncludeDeletedObjects | Restore-ADObject</p> <p>15</p> <p> Active Directory: ( OU)4. , OU (, OU Admins, OU Finance Department. OU=Admins,OU=Finance_Department,DC=acme,DC=com)</p> <p>Get-ADObject {lastKnownParent</p> <p>-SearchBase -eq</p> <p>"CN=Deleted</p> <p>Objects,DC=acme,DC=com"</p> <p>-Filter -</p> <p>"OU=Admins,OU=Finance_Department,DC=acme,DC=com"}</p> <p>IncludeDeletedObjects | Restore-ADObject Get-Help, Get-Help Get-ADObject</p> <p>: . , , , . , Windows 2008 R2. AD LDP AdRestore.</p> <p>16</p> <p> Active Directory: 4. NTDSUTIL : , AD : DSRM (F8) : Active Directory : DSRM . </p> <p>(,</p> <p>,</p> <p>)</p> <p> Directory Service Restore Mode. : , -, , . NTDSUTIL. AD DS. , OU , . () Active Directory, VSS.</p> <p>!</p> <p> AD </p> <p> . , .</p> <p>17</p> <p> Active Directory: :1. OU Finance_Department acme.com 2. DSRM ( F8) , DSRM, Dcpromo. AD , .</p> <p>!</p> <p> , </p> <p>Server 2008 NTDS AD. 3. , .</p> <p>! . , ntdsutil, , . LDAP, . ntdsutil:</p> <p>&gt; ntdsutil ntdsutil: snapshot :</p> <p>: list all1: 2009/04/22:23:18 {8378f4fe-94c2-4479-b0e6-ab46b2d88225} 2: C: {732fdf7f-9133-4e62-a7e2-2362227a8c8e}</p> <p>3: 2009/04/23:00:19 {6f7aca49-8959-4bdf-a668-6172d28ddde6} 4: C: {cd17412a-387b-47d1-9d67-1972f49d6706}</p> <p>18</p> <p> Active Directory: mount c {ID}:</p> <p>: mount 4 {cd17412a-387b-47d1-9d67-1972f49d6706} </p> <p>C:\$SNAP_200904230019_VOLUMEC$\ . 4. Finance_Department</p> <p>&gt; ntdsutil "authoritative restore" "restore subtree ou=Finance_Department,dc=acme,dc=com" q q OU Finance_Department OU Admins , , c Oleg</p> <p>&gt;</p> <p>ntdsutil</p> <p>"authoritative</p> <p>restore"</p> <p>"restore</p> <p>object</p> <p>cn=Oleg,ou=Finance_Department,dc=acme,dc=com" q q5. . , 3. LDIF-.</p> <p>6. DC .</p> <p>19</p> <p> Active Directory: 7. DC . LDIF-, 5, </p> <p>ldifde -i -f ar_20110221-151131_links_contoso.com.ldf, ar_20110221-151131_links_contoso.com.ldf LDIF-. 8. (, ) </p> <p>!</p> <p> , </p> <p> , 6 .</p> <p>: , Active Directory . AD, .</p> <p>20</p> <p> Active Directory: 5. NetWrix Active Directory Object Restore Wizard</p> <p> : AD : : www.netwrix.com/ru/active_directory_object_restore_wizard_freeware.html : </p> <p> , NetWrix Active Directory Object Restore Wizard. , , AD . NetWrix Active Directory Object Restore Wizard - (, OU ), AD. - ( 4 ), . , , , . </p> <p>21</p> <p> Active Directory: . , . : 1. NetWrix Active Directory Object Restore Wizard.</p> <p>2.</p> <p> : tombstone- ( </p> <p>)</p> <p> ( </p> <p> )</p> <p>22</p> <p> Active Directory: </p> <p>3.</p> <p>4. 5.</p> <p> OU , , , : , </p> <p>23</p> <p> Active Directory: </p> <p> , </p> <p> , .</p> <p> , , Active Directory. . .</p> <p>: . , .</p> <p>24</p> <p> Active Directory: </p> <p> Active Directory. , , . , , , , Active Directory.</p> <p>25</p> <p> Active Directory: : Active Directory Windows Server 2008/R2:</p> <p>http://www.netwrix.com/ru/active_directory_audit_guide.html NetWrix Active Directory Change Reporter AD</p> <p>http://www.netwrix.com/ru/landing.html?product=adcr NetWrix </p> <p>http://www.netwrix.com/ru/products.html</p> <p>26</p>