G
Guest
Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)
An attribute was changed on 1800 users and we thought about trying an
authoritative restore. The old attribute should be restored on all the
objects once that is done.
I was wondering if group memberships would be affected at all. The groups
would not be marked as authoritative.
I saw these articles
http://support.microsoft.com/default.aspx?scid=kb;en-us;280079#kb2
Authoritative restore of groups can result in inconsistent membership
information across domain controllers
http://support.microsoft.com/kb/840001/
How to restore deleted user accounts and their group memberships in Active
Directory
This excerpt from the first article caught my eye
"Note This issue may occur even if the users are authoritatively restored
and the groups are not. If a System State restore is done and only users are
marked as authoritative, their group membership will be restored on the
domain controller that the restore was done on (because the forward links in
the group objects would have been restored in the System State restore). If
the membership of the groups has not changed since the System State backup
was done, no replication for the groups will be done after the restore. This
results in inconsistent group membership between domain controllers. Changing
the membership to the group on one domain controller will replicate the
current contents of that group on that domain controller to the other domain
controllers. "
So will the group memberships be inconsistent?
Thanks
Mike
An attribute was changed on 1800 users and we thought about trying an
authoritative restore. The old attribute should be restored on all the
objects once that is done.
I was wondering if group memberships would be affected at all. The groups
would not be marked as authoritative.
I saw these articles
http://support.microsoft.com/default.aspx?scid=kb;en-us;280079#kb2
Authoritative restore of groups can result in inconsistent membership
information across domain controllers
http://support.microsoft.com/kb/840001/
How to restore deleted user accounts and their group memberships in Active
Directory
This excerpt from the first article caught my eye
"Note This issue may occur even if the users are authoritatively restored
and the groups are not. If a System State restore is done and only users are
marked as authoritative, their group membership will be restored on the
domain controller that the restore was done on (because the forward links in
the group objects would have been restored in the System State restore). If
the membership of the groups has not changed since the System State backup
was done, no replication for the groups will be done after the restore. This
results in inconsistent group membership between domain controllers. Changing
the membership to the group on one domain controller will replicate the
current contents of that group on that domain controller to the other domain
controllers. "
So will the group memberships be inconsistent?
Thanks
Mike