???? ?? ?????????? ???? ?? ?????? ?????????? ??? ???? ???? ??????? ?? ???????????? ???? ????

???? ?????? ???? ??????
???? ID: 840001 - ?? ???????? ?? ?????? ??? ?? ?? ???? ???? ???? ??.
??? ?? ??????? ???? | ??? ?? ??????? ????

?? ????? ??

??????

???????????? ????? ??? ?????????? ????, ???????? ?? ????? ?? ??????? ???? ?? ??? ??? ??????? ????? ?? ???? ???? ?? ?????????? ????? collectively ??????? ???????????? ?? ??? ???? ??? ??? ??? ???????, ?? ???????????? authoritatively ???? ?? ??????????, ?? ???? ??? ?? ???? ?? ??????? ???????????? ?? ??? ???? ??????? ??????? ???????????? ????? ?? ?? ???? ???? ?? ???????? ???????????? ????, ?? former ????? ?? ???????????? ???? ?????????, ??memberOf????????? ???????? ??????? ????????? ??? ??? ??? ??????? ???:
  • ???? 1: ???????????? ???? ?? ?????????? ????, ?? ?? ?????? ???????????? ???????????? ???? ???? ???? ?? ??? Ntdsutil. exe ????-?????? ????? (Microsoft Windows Server 2003 ?????? ??? 1 ?? ??? [SP1] ????) ?? ????? ??
  • ???? 2: ???????????? ???? ?? ?????????? ???? ???, ?? ?? ???? ?????? ?? ???????????? ?????????? ?????
  • ???? 3: Authoritatively ???????????? ???? ?? ?????????? ???? ?? ??????? ?????? ?? ????? ??? ?????????? ?? ???
???::?? KB ???? ???? ??? Windows Server 2008 R2 ????? AD ??????? ??? ?????? ?? ????? ???? ??; ????? ?? ???? ???? ?? ?????? ?? ?? ???? ????? ?? ??? ?????? ????

???? 1 ?? 2 ???? ?? ????? ????? ????? ?????????? ?? ???? ?????????? ?? ??? ??????? ?? ??????? ?? ??? ?? ????? ?????? ?????? ?? ??? ?? ??? ????? ??????? ?????? ?? ??? ?? ?? ????? ?? ??? ???????? ??? ??? ???? 3 ?? ???, ??????? ???????????? ??? ???-??? ??????? ???? ?? ????, ?? ?????? ??????? ???? ??????? ?? ???? ?????? ????? ????? ?? ????

??? ???? ??? ??? ????? ????? ?????? ?????? ?? ???? ?? ?? ???? ????? ?? ????? ?? Windows Server 2003-?????? ????? ?????????? ??? ???, ?? ?? ?? ???? ??? ????????? ?? ???????? ??? ?? ???????????? ???? ?? ??????????? ?? ?? ?? ???? ??? ?????????? ????? ??? ?? ????????? ???? ?? ??? Repadmin ?????? ?? ????? ?? ?? ???? ????

???? large-scale ???? ??? ???? Microsoft ???? ?????? ??? ???????? ?? ????? ?? ???? ????? ?? ????? ?? ??? ?? ??? ???? ?? ??????? ???? ???

???:????? ?? ??? ??? ????? ?? ???????? (????? ??? ?? ?????????? ???????) ?? ??????, ?? ????? ????? ???????? ???????????? (ACEs) (???????? "DELETE" ?? "????? ????"), ???????? ???????? ?? ??????? ???????????? ?? ????? ?? ??? ?? ?? ????? ????? ???????? ???????????? (ACEs) ?? ??? ?? ???????? ???????? (???????? "????? ??????") ?? ??????? ???????????? ?? ????? ?? ????? ??? ???? ?? ??? Windows 2000 ????? ??? ?? Windows Server 2003 ???, ?????? ??????????? ?????????? ?? ??????????, ADSIEdit, LDP, ?? DSACLS ????-?????? ????? ?? ????? ????? ?? ?? ???? ??? ?? ???????? ????????? ????? AD ?????? ??? ?????????? ??????? ?? ??? ?? ?? ACEs ???????? ??? ?? ????? ????

?????? ?? ???, ?????????? CONTOSO.COM ?????????? ?? ??? ?? ???? ?? ??? ?? ?? ?? ???? ??? ?????????? ???? ?? ?? MyCompany ??? ???? ?? ?? ??? ???? ?? ?? AD ????? ??? ??? ???? ?? ?? ????? ???? ?? ???, ?? ????? ???????????:

For the MyCompany organizational unit, add DENY ACE for??????? ?? ???DELETE CHILD?? ????? ????????scope:
DSACLS "OU=MyCompany,DC=CONTOSO,DC=COM" /D "EVERYONE:DC"

For the Users organizational unit, add DENY ACE for??????? ?? ???DELETE and DELETE TREE?? ????? ????????scope:
DSACLS "OU=Users,OU=MyCompany,DC=CONTOSO,DC=COM" /D "EVERYONE:SDDT"

The Active Directory Users and Computers snap-in in Windows Server 2008 includes aProtect object from accidental deletion??? ???????????????? ?? ????? ????..

???:The????? ????????check box must be enabled to view that tab.

When you create an organizational unit by using Active Directory Users and Computers in Windows Server 2008, theProtect container from accidental deletioncheck box appears. ???????? ??? ??, ' ??? ????? ????? ?? ?? deselected ?? ???? ????

??????? ?? ???????? ?? ???? ??? ???????? ???????? ?????? ?????????? ??? ?? ACEs ?? ????? ???? ???, ?? ?????????? ??????? ?? ??? suited ??????? ??? ???? ???? ?? ????????? ?? ??? ??? ???????? ?? ?? ????? ?????? ?? ???? ??? ?? ??????????? ??? ??? ???? ?? ?? ????????? ????? ??? ?????? ????? ?? ??? ??? ??????????? ?? ????? ?? ???? ???????? ?? ????, ?????????? ACEs ??????? ?????? ???? ???

???? ???????

?? ??? ?? ??? ???? ????? ???? ?? ?? ???? ?????????? ????, ???????? ?? ????? ?? ???? ???? ??????? ???????????? ???? ?? ??? ?? ?????? ?????????? ?? ??? ???? ??? ??? ?? ???????? variations, ??? ?????????? ?????, ???????? ????, ?? ??????? ???? ??? ???? ??? ?? ???-??? ?? ??? ?????? ???? ??? ?? ?????? ???, ?? ?? ????????? ??? ????--authoritatively ???????????? ????, ????????? ????????????, ?? ?????????? ?? inadvertently ????? ???? ??? ???? ?? ???????? ?? ???????????? ???? ?? ??? ???? ????? ?? ???????? ??? ?? ?????????? ??? ?????????? ???? ??? ?????? ????????? ??? ?? ???? ???????? ?? ????????? ?? ???? ???? ???? ??? ???? ???????? ????? ??? ?? ?? ????????? ???managedBy, ??memberOf.

?? ?? ???? ??????? ???? ?? ??? ??? ?????????? ????, ???? ??????? ????, ?? ??? ???????? ???? ???? ??????? ???????????? ?????? ???, ?? ????? ??? ???????? ?????? ??????????:
  1. ??????? ????????? ' ?? ??? ?? ????? ??????????????? ??????? ???? ?? ??????? ???
  2. ???????? ??????? ???? ?? ??? ?? ??????????, ????????, ?? ??????? ???? ?? ????? ??, ???? ???? ???? ?? ??? ????? ??????? ?????????memberOf??????? ???
??? ???, ?? ??? ??????????, ???? ???????? ?? ???? ???? ?????? ?????????? ?? ??? ?? ???? ??, ?? ????? ???????? ??:
  1. The deleted security principal is moved into the deleted objects container.
  2. A number of attribute values, including thememberOfattribute, are stripped from the deleted security principal.
  3. Deleted security principals are removed from any security groups that they were a member of. In other words, the deleted security principals are removed from each security group'smember??????? ???
When you recover deleted security principals and restore their group memberships, the key point to remember is that each security principal must exist in Active Directory before you restore its group membership. (The member may be a user, a computer, or another security group.) To restate this rule more broadly, an object that contains attributes whose values are back links must exist in Active Directory before the object that contains that forward link can be restored or modified.

Although this article focuses on how to recover deleted user accounts and their memberships in security groups, its concepts apply equally to other object deletions. This article's concepts apply equally to deleted objects whose attribute values use forward links and back links to other objects in Active Directory.

You can use either of the three methods to recover security principals. When you use method 1, you leave in place all security principals that were added to any security group across the forest, and you add only security principals that were deleted from their respective domains back to their security groups. For example, you make a system state backup, add a user to a security group, and then restore the system state backup. When you use methods 1 or 2, you preserve any users who were added to security groups that contain deleted users between the dates that the system state backup was created and the date that the backup was restored. When you use method 3, you roll back security group memberships for all the security groups that contain deleted users to their state at the time that the system state backup was made.

Method 1: Restore the deleted user accounts, and then add the restored users back to their groups by using the Ntdsutil.exe command-line tool (Microsoft Windows Server 2003 with Service Pack 1 [SP1] only)

???:This method is valid only on domain controllers that are running Windows Server 2003 with SP1. If Windows Server 2003 SP1 has not been installed on the domain controllers that you use for recovery, use Method 2.

In Windows Server 2003 SP1, functionality was added to the Ntdsutil.exe command-line tool to help administrators more easily restore the backlinks of deleted objects. Two files are generated for each authoritative restore operation. One file contains a list of authoritatively restored objects. The other file is an .ldf file that is used with the Ldifde.exe utility. This file is used to restore the backlinks for the objects that are authoritatively restored. In Windows Server 2003 SP1, an authoritative restoration of a user object also generates LDIF files with the group membership. This method avoids a double restoration.

When you use this method, you perform the following high-level steps:
  1. ??? ??? ??????? ?????? ??? ?????????? ?? ????? ?? ?? ????????? ???? ????? ??? ????? ?? ??? ???? ????, ?? ???? ??? ?? ??????? ?????? replicating ?? ???? ??? ??? ??????? ?????? latent ??, ????? ??? ?????????? ?? ??? ????? ??? ??? ??????? ?????? ????? ???????? ?? ???? ??????? ?????? ?????? ????? ?? ?????? ??????
  2. ??????????? ??? ???? ?? ?????????? ???? ?? ???????????? ????, ?? ???? ??? ?? ?????????? ????? ?? ??????????? ?? ?????? ???? ?? ??? ?????? ?? ?????? ????
  3. ?????????? ????? ?? ??? ????? ??? ?? ???? ?? ???? ?? ??? ?? ?? ??? ????? ??? ??? ?????? ?? ???????????? ???????????? ?? ???????
???? 1 ?? ????? ????, ?? ????????? ?? ???? ????:
  1. ?????? ?? ???? ?? ??? ??????? ?????? ????? ???????? ????? ?? ??? ??? ?? ????????? ???? ?? ?? ????? ??? ?????????? ?? ??? ????? ??? ????? ?? ????

    ???:?? ?? ?? ???? ???? ????????? ??????? ?? ??? ??????? ?????? ?? ????? ?????

    ??? ?? ??????? ?????? ??? ?? ?? ?? ???? ????? ??, ?? ????? ??????? ??????????? ?? ????? ???? ?? ??? Repadmin.exe ????-?????? ????? ?? ????? ????? ??? ???? ?? ???, ????? ????? ?? ???? ????::
    1. ????? ????,????????? ????-????? ????, ?? ???? ????????.
    2. ??????:cmd??????????????? ???, ?? ???? ???OK.
    3. ????? ????????? ?? ????? ???? ???? ?? ???? ??? ENTER ?????::
      repadmin /options<recovery dc="" name=""></recovery>+ DISABLE_INBOUND_REPL
      ???:??? ?? ????? Repadmin ???? ????? ???? ?? ????, ??? ??????? ??????????? ?? ??????? latent ??????? ?????? ?? ?? ?? ??????? ??????????? ?? ????? ???? ?? ??? Repadmin ?? ????? ?? ???? ???, ?? ???? ??? ????? ??????? ??????????? ?????
    ?? ????? ???????? ?? ??? ????????????? ????? ???????? ?? ??? ??? ???????? ???? ????? ??? ??? ??? ??? ??????? ?????? ??, ?? ??? 2 ?? ?????
  2. ?? ???????? ???????? ??? ??????? ???? ?? ??? ??? ????? ????? ?? ???? ??? ?? ????? ?? ??? ??????? ??:
    • ???? ???????? ??? (dn) ?? ?????? ?? ???? 1 ?????? ???????????? ????? ??? ?????????? ?? ???????? ???? ?? ??? ????? ?? ??? ????
    • ?? ?? ??? ?? latent ????????????? ????? ???????? ???????? ??? ??? ????? ?????????? ?? ??? ????? ?? ?? ????????? ???
    • ?? ??????? ?????? ?? ???? ?????? ?????? ?? ???????????? ???? ?? ?????? ???? ????
    ??? ?? ??????? ?????? ?? ????? ???? (OU) ?????? ??????? ???? ?? ?????????? ????? ?? ????? ???? ???? ?? ???????????? ???? ?? ?????? ???, ?? ?? ??? ???????? ??????? ??? ?? ??????

    ?????????? ?? ????? ???? ?? ???? ????? ?? ?????????? ?? ????? ?? ???? ??? ?? ????? ??? ????? ?????????? ?? ????? ??????? ????? ??? ????? ?????????? ?? ??? ?????
  3. ?? ??? ?????? ?????? ????? ?? ???? ??? ????? ????? ??? ?????? ??? ???? ??? ???? ?????????? ?? ?????? ???? ?? ??? ???? ?? ????? ?? ????? ?? ?????

    ???:??? ?????? ?????? ?? ????? ?? ????? ?? ????? ?? ??? ??????? ???, ?? ?? ??? ???? ???? ?? ??? 4 ?? ?????

    ??? ?? ??? 1 ??? ??? ????????????? ????? ???????? ??????, ?? ??? ?? ??? ???? ?????? ?????? ????

    ??? ????? ??? ???? ?? ????? ??? ????? ?? ????????? ??????? ?????? ????? ??, ???? ????? ?? ????? ??? ??? ??????? ?????? ?? ?????? ?????? ?? ????? ????

    ?? ?? ??? ????? ??????, ????? ???? ????????????? ????? ??? ?? ???? ???? ?????? ??? ???? ???? ??? ?? ????????????? ????? ???????? ?? ???? ??????? ?????? ??? ???? ?? ???? ????
  4. ??? ?? ????? ???? ?? ?????????? ?? ????? ??? ??? ??????? ?????? latent ????? ???????? ???? ???? ????, ?? ????? ??? ??? ??????? ?????? ????? ???????? ?? ???? ?????? ?????? ?????? ????? ??????? ?? ?????? ?????? ?? ????? ??? ???? ?? ?????????? ??? ???? ?????? ????????????? ????? ???????? ?? ??? ??? ?? ????? ???????? ?? ????? ?????

    ?????????? ?? ????? ??? ??????? ?????? ????? ?????????? ?? ???? restorations ????? ????? ??? ????? ??????? ???? ?? ??? ????????? ?? ??????? ???? ??????? ??????? ????? ??? ??? ?????????? ???? ???? ?? ????? ??? ??????? ?????? ????? ???????? ?? ??? ?????? ?????? ?? ????? ??, ?? ?? ????? ???? ?? ????memberOf??????? ?? ??????? ???? ??????? ?? ????????? ???? ?? ??? ?? ????? ????? ??????? ?? ???????????? ???? ?? ??? ???????????? ?????????? ????? ?? ??????? ??? ??? ??, ?? ??? ????? ????? ?? ?? ???-??????? ?????? ????? ???????? ?? ???? ?????? ?????? ?????? ????? ????? ?? ????
  5. ??? ?? ??????? ?????????? ???? ?? ??????? ????? ???, ?? ??????? ????????????? ????? ???????? Dsrepair ??? ??? ??? ??? ?? ??????? ?????????? ???? ?? ??????? ???? ???, ??????? ?? ????? ??? ?? ??????? ?????? ?????????? ??? ????????????? ????? ???????? ?? ?? ????

    ?? ????? ?? ???? ???setpwd?????? ??????????? ?? ?????? ??? ??? ????? ???????? ?? ?? Microsoft Windows 2000 ?????? ??? 2 (SP2) ?? ??? ??? ?? ??? ??? ?? ???? ?? ??????? ????? ???? ?? ??? ???????-?????? ????? ???

    ???:Microsoft ?? Windows 2000 ?? ???????

    For more information about changing the Recovery Console administrator password, click the following article number to view the article in the Microsoft Knowledge Base:
    239803How to change the Recovery Console administrator password on a domain controller
    Administrators of Windows Server 2003 domain controllers can use theset dsrm passwordcommand in theNtdsutilcommand-line tool to reset the password for the offline administrator account.

    For more information about how to reset the Directory Services Restore Mode administrator account, click the following article number to view the article in the Microsoft Knowledge Base:
    322672How to reset the Directory Services Restore Mode administrator account password in Windows Server 2003
  6. Press F8 during the startup process to start the recovery domain controller in Dsrepair mode. Log on to the console of the recovery domain controller with the offline administrator account. If you reset the password in step 5, use the new password.

    If the recovery domain controller is a latent global catalog domain controller, do not restore the system state. Go to step 7.

    If you are creating the recovery domain controller by using a system state backup, restore the most current system state backup that was made on the recovery domain controller now.
  7. Auth restore the deleted user accounts, the deleted computer accounts, or the deleted security groups.

    ???:The terms??????? ????????????, ??authoritative restorerefer to the process of using theauthoritative restorecommand in theNtdsutilcommand-line tool to increment the version numbers of specific objects or of specific containers and all their subordinate objects. As soon as end-to-end replication occurs, the targeted objects in the recovery domain controller's local copy of Active Directory become authoritative on all the domain controllers that share that partition. An authoritative restoration is different from a system state restoration. A system state restoration populates the restored domain controller's local copy of Active Directory with the versions of the objects at the time that the system state backup was made.

    For more information about auth restoring a domain controller, click the following article number to view the article in the Microsoft Knowledge Base:
    241594How to perform an authoritative restore to a domain controller in Windows 2000


    Authoritative restorations are performed with theNtdsutilcommand-line tool and refer to the domain name (dn) path of the deleted users or of the containers that host the deleted users.

    When you auth restore, use domain name (dn) paths that are as low in the domain tree as they have to be to avoid reverting objects that are not related to the deletion. These objects may include objects that were modified after the system state backup was made.

    Auth restore deleted users in the following order:
    1. Auth restore the domain name (dn) path for each deleted user account, computer account, or security group.

      Authoritative restorations of specific objects take longer but are less destructive than authoritative restorations of a whole subtree. Auth restore the lowest common parent container that holds the deleted objects.

      Ntdsutiluses the following syntax:
      ntdsutil "authoritative restore" "restore object<object dn="" path=""></object>"q q
      ?????? ?? ??? ??????? ?? ??? ???????????? ????? ??? ???????????????????Mayberry?? OUContoso.com????? ?? ???, ????? ???? ?? ????? ????:
      Ntdsutil "authoritative ????????????" "???????? cn ???????????? ????, ou = Mayberry, = dc contoso, = dc = com" q q
      ???? ?? ??????? ???? ?? ???????????? ???? ?? ??? ???????ContosoPrintAccess?????Mayberry?? OUContoso.com????? ?? ???, ????? ???? ?? ????? ????:
      Ntdsutil "authoritative ????????????" "???????? cn ???????????? ContosoPrintAccess, ou = Mayberry, = dc contoso, = dc = com" q q


      ???????????????? ????? ?? ????? ?????? ???

      ???????? ?????????? ???? ?? ???????????? ???? ?? ??? ?? ?? ?? ?? ??????? ????? ???? ?? ??????? ?? ????? ?????? ???:

      ar_YYYYMMDD HHMMSS_objects.txt
      ?? ????? ?? ???????????? authoritatively ?????????? ?? ???? ??? ??? ?? ????? ?? ??? ????? ????Ntdsutil authoritatative ???????????? "ldif ????? ????? ??"???? ???? ?????????? ????? ??????? ???? ?? ????? ?? ???????? ??? ???? ????? ??? ???

      ar_YYYYMMDD HHMMSS_links_usn.loc.ldf
      ??? ?? ??? ??????? ?????? ?? ??????? ???????????? ???? ???, ?? ?? ??????? ??? ?? ?? ???????? ??? ???????? ????? ?? ??? ????? ??? ?? ????? ??? ?? ????????? ?? ?? ??? Ldifde. exe ?????? ?? ????? ?? ???? ???? ????????? ?? ???????????? ?????????? ?? ??? backlinks ???????????? ???? ??? ?????????? ?? ??? ?????, ??? ????????? ???????????? ?? ???????????? ???? ?? ??? ??? ???? ??????? ???????????? ???? ??? ??? ???? ????? ??? ???? ?????????? ???? ??????? ?? ???????? ???, ????????? ???? ????????? ?? ??????? ???? ??????? ???????????? ???? ??? ????????? ???? ????? ?? ???????????? ???? ??????? ???? ???????? ??? ??????? ?????? ?????? ?? ??????? ????? ???? ????
    2. ??????????? ???? OU ?? ???????? ??? (CN) ?????? ???? ?? ????? ??? ?????????? ?? ???? ?? ????? ???? ???? ???????????? ?????

      ?? ??????? subtree ?? authoritative restorations ????? ?? ?? OU ?? ?????? ?????? ??Ntdsutil "authoritative ????????????"???? ??? ??????? ?? ???????????? ???? ?? ??? ?? ?????? ?? ??? ??? ?? ???????? ?? overwhelming majority ??? Ideally, ?????? OU ??????? ???????????? ???? ?? ??? ?? ?????? ?? ??? ??? ?? ??? ?????????? ????

      ??? OU subtree ?? ??? authoritative ???????????? ??? ????????? ?? ?????????? ???? ???????? ??? ???????????? ???? ??? ???? ?? ??? ???? ?????? ?????? ?? ????? ???????????? ???? ?? ??? ??? ?? ???????? ??? rolled ???? ???? ????? ?? ??? ????? ?? ???? ?? ?????????? ????, ???????? ?? ????? ?? ??????? ??????, ?? ??? ?? ?????? ?? ???? ?? ???? ????? ?? ??? ??????????, ????????? ?? ?? ???? ?? ???, ??????? ?? ??? ?????? ???????? ???? ?? ??? ????? ?? ????? ?? ?????? ???? ?? ???, ???? ??????? ?? ???, ?? ??? ??????? ?????????? ?? ?? ?? ?? ????????? ???? ?? ??? ???????? ?? ??????????

      Ntdsutil????? ???????? ?? ????? ???? ??:
      Ntdsutil "authoritative ????????????" "???????????? subtree<container dn="" path=""></container>"q q
      ?????? ?? ???, ?????? ???????????? ???? ?? ???Mayberry?? OUContoso.com????? ?? ???, ????? ???? ?? ????? ????:
      Ntdsutil "authoritative ????????????" "subtree ou ???????????? Mayberry, = dc contoso, = dc = com" q q
    ???:?? ??? ?? ??????? ???? OU ???????? ?? ??? ?? ??????? ????? ??? ?????????? ?? ?????

    ???????????? ?? ???? subordinate ???????? ?? ??? OU ???????????? ????, subordinate ???? ?? ?????????? ?? ??? ???? ?? ?????? ?????? ???? ?????? ?????? ??? ?? ??????? ???????????? ???? ???? ???

    ???????? ?????????? ???? ???????????? ???? ???? ??, ?? ??? ?? ?? ?? ?? ??????? ????? ???? ?? ??????? ?? ????? ?????? ???:

    ar_YYYYMMDD HHMMSS_objects.txt

    ?? ????? ?? ???????????? authoritatively ?????????? ?? ???? ??? ??? ?? ????? ?? ??? ????? ????Ntdsutil authoritatative ???????????? "ldif ????? ????? ??"???? ???? ???????????? ?????????? ????? ??????? ???? ?? ????? ?? ???????? ??? ???? ????? ??? ???

    ???? ??????? ?? ???, Microsoft ?? ????? ??? ???? ?? ????::
    HTTP://technet2.Microsoft.com/WindowsServer/EN/Library/5ec3a3b1-c4b2-4c74-9d8a-61f7cb555f821033.mspx?mfr=TRUE
    ar_YYYYMMDD HHMMSS_links_usn.loc.ldf
    ?? ????? ??? ?? ????????? ?? ?? ??? Ldifde. exe ?????? ?? ????? ?? ???? ???? ????????? ?? ???????????? ?????????? ?? ??? backlinks ???????????? ???? ??? ?????????? ?? ??? ?????, ??? ????????? ???????????? ?? ???????????? ???? ?? ??? ??? ???? ??????? ???????????? ???? ???
  8. ??? ???? ?? ?????????? ???? ?????? ?????? ???????????? ?? ????????????? ????? ???????? ?? ???????????? ??? ?? ??, ??? ??????? ???? ?? ?? ?? ??? ???? ????? ???????? ???????? ??? ???? ?? ??? ??????? ??????????? ?????? ????????
  9. ?????? ??? ????????????? ????? ???????? ?? ???????? ?????? ?????????? ????
  10. ????????????? ????? ???????? ?? ??? ??????? ??????????? ?? ????? ???? ?? ??? ????? ???? ???? ????:
    repadmin /options<recovery dc="" name=""></recovery>+ DISABLE_INBOUND_REPL
    ??????? ??????????? ???? ????????????? ????? ???????? ????? ?????? ?????? ???????????? ???? ?? ??? ????? ???
  11. ???????-???????????? Outbound-replicate ?????????? ????????????? ????? ???????? ?? ????? ?? ???????? ??? ????? ?????????? ?? ????

    ????????????? ????? ???????? ?? ??? ??????? ????????? ????? ???? ??, ???? ??? ?????-???? replica ????? ?????????? ??? ????? ?? ???????? ??? ??? ??????? ?????? ???? ?? ??? ?????? ???????????? ???????? ??? ???? ???? ?? ??? ????? ???? ?????:
    repadmin /syncall /d /e /P<recovery dc=""> <naming context=""></naming></recovery>
    ??? ????? ????? ?? ???? ???, ?? ???? ??????? ?????? ???????????? ?? ????????? ???? ?? ?????????? ???? ?? ??? rebuilt ???? 14 ??? ?? ?????

    ???:??? ????? ????? ??? ?? ?? ?? ???? ???? ???? ??, ?? ??? 12 ?? ?????
    • ???? ???????? ?? ?? ???? Windows Server 2003 ???????? ???????? ???? ?? Windows Server 2003 Interim ???????? ???????? ???? ?? ???
    • ???? ?????????? ???? ?? ???????? ???? ????? ???, ?? ??????? ???? ?????
    • ???? ?? ?????????? ???????? ??? ??? ????? ??? ??????? ???? ?? ??? ???? ?? ?? ?? ???????? transitioned ???????? ???? ???????? ??? Windows Server 2003 ?? ??? ???? ??? ???
  12. ????????????? ????? ???????? ?? ????? ?? ????? Ldifde. exe ?????? ?? ar_YYYYMMDD HHMMSS?????????? ???? ??????? ?? ???????????? ???? ?? ??? _links_usn.loc.ldf ?????? ??? ???? ?? ???, ????? ????? ?? ???? ????::
    • ????? ????,???????????? ????,???????????:cmd??????????????? ???, ?? ???? ???OK.
    • ????? ????????? ??, ????? ???? ???? ???? ?? ???? ??? ENTER ?????::
      LDIFDE -i -f ar_YYYYMMDD HHMMSS_links_usn.loc.ldf
    LDIFDE ???? ???? ?? ???? ?? ?? ???? ????? ?????? ????? ??????? ?? ???? ??:
    ?????? ?? ?????? ?? ?????xxx>: ?????? ???????? ????? ?? ??? ?????? ?? "???????? ???? ??."
    ??? ?????? ???? ???? ???? ?????? ?????? LINKS.LDF ????? ??? ?? ??? ??????????? ?????? ????????? ?? ???????? ???? ??, msPKIDPAPIMasterKeys, msPKIAccountCredentials ?? msPKIRoamingTimeStamp ?? ???, ????? Microsoft ???????? (KB) ???? ?????:
    2014074?????? "???????? ??? ??" LDF ????? ?? ???? ???? ?? ?????? Authoritative ???????????? ?? ???
    ???:?? ???? ????? ???? ?? ?? ???? LDF ????? ?? ??????????? ???? ???? ?? ??? ???????? ???????? ?????
  13. ????? ???? ?? ????? ???? ????????????? ????? ???????? ?? ??? ??????? ???????????? ????? ????:
    repadmin /options<recovery dc="" name=""></recovery>-DISABLE_INBOUND_REPL
  14. ??? ????? ??? ?????????? ????? ????? ??? ??????? ???? ?? ???? ?? ??, ?? ????? ??? ?? ??? ?? ?????:
    • ?? ?????? ?? ???????? ??? ?? ???? ?? ?????????? ???????
    • ?????? ?????? ???????????? ???? ?? ?????? ???????????? ?? ????? ??? ?????? ??????? ??????? ?????? ??? ?? ???????? ???????????? ?????
  15. Verify group membership in the recovery domain controller's domain and in global catalogs in other domains.
  16. Make a new system state backup of domain controllers in the recovery domain controller's domain.
  17. Notify all the forest administrators, delegated administrators, help desk administrators in the forest, and users in the domain that the user restore is complete.

    Help desk administrators may have to reset the passwords of auth-restored user accounts and computer accounts whose domain password changed after the restored system was made.

    Users who changed their passwords after the system state backup was made will find that their most recent password no longer works. Have such users try to log on by using their previous passwords if they know them. Otherwise, help desk administrators must reset the password and select theuser must change password at next logon??? ????? ???, preferably ?????????? ?? ??? ??? ?? ?? Active Directory ???? ??? ??? ????? ???????? ?? ??? ????? ???

???? 2: ???????????? ???? ?? ?????????? ???? ???, ?? ?? ???? ?????? ?? ???????????? ?????????? ?????

?? ?? ?? ???? ?? ????? ????, ?? ????? high-level ????? ?? ????:
  1. ??? ??? ??????? ?????? ??? ?????????? ?? ????? ?? ?? ????????? ???? ????? ??? ????? ?? ??? ???? ????, ?? ???? ??? ?? ??????? ?????? replicating ?? ???? ??? ??? ??????? ?????? latent ??, ????? ??? ?????????? ?? ??? ????? ??? ??? ??????? ?????? ????? ???????? ?? ???? ??????? ?????? ?????? ????? ?? ?????? ??????
  2. ??????????? ??? ???? ?? ?????????? ???? ?? ???????????? ????, ?? ???? ??? ?? ?????????? ????? ?? ??????????? ?? ?????? ???? ?? ??? ?????? ?? ?????? ????
  3. ?????????? ????? ?? ??? ????? ??? ?? ???? ?? ???? ?? ??? ?? ?? ??? ????? ??? ??? ?????? ?? ???????????? ???????????? ?? ???????
???? 2 ?? ????? ????, ?? ????????? ?? ???? ????:
  1. ?????? ?? ???? ?? ??? ??????? ?????? ????? ???????? ????? ?? ??? ??? ?? ????????? ???? ?? ?? ????? ??? ?????????? ?? ??? ????? ??? ????? ?? ????

    ???:?? ?? ?? ???? ???? ????????? ??????? ?? ??? ??????? ?????? ?? ????? ?????

    ??? ?? ??????? ?????? ??? ?? ?? ?? ???? ????? ??, ?? ????? ??????? ??????????? ?? ????? ???? ?? ??? Repadmin.exe ????-?????? ????? ?? ????? ????? ??? ???? ?? ???, ????? ????? ?? ???? ????::
    1. ????? ????,????????? ????-????? ????, ?? ???? ????????.
    2. ??????:cmd??????????????? ???, ?? ???? ???OK.
    3. ????? ????????? ?? ????? ???? ???? ?? ???? ??? ENTER ?????::
      repadmin /options<recovery dc="" name=""></recovery>+ DISABLE_INBOUND_REPL
      ???:??? ?? ????? Repadmin ???? ????? ???? ?? ????, ??? ??????? ??????????? ?? ??????? latent ??????? ?????? ?? ?? ?? ??????? ??????????? ?? ????? ???? ?? ??? Repadmin ?? ????? ?? ???? ???, ?? ???? ??? ????? ??????? ??????????? ?????
    ?? ????? ???????? ?? ??? ????????????? ????? ???????? ?? ??? ??? ???????? ???? ????? ??? ??? ??? ??? ??????? ?????? ??, ?? ??? 2 ?? ?????
  2. ??????? ???? ?? ???? ???????, ???? ?? ?? ?????????? ????, ???????? ?? ????? ?? ??????? ?????? ??? ?????????? ?????? ??????? ??? ?? ???? ?? ???? ?? ?? ?? ??? ????????????? ????? ?? ???? ???? ??? ???

    ???? ????? ????????????? ?? ????, ?? ??? ??????? ??? ?? ??? ???? ?? ??? ????? ?????? ??? ???????? ????? ???????? ????? ?????????? ?????? ??????? ????? ???????? ????, ?????????? ?? ????? ?? ??? ???? ????? ???, ???? ??????? ???????? ??? ???? ?? ???????????? ?? ?????? ?? ????? ????? ?????????? ?? ??? ??? Halting ???????, ???? ??, ?? ????? ?????? ??? ???????? ?? ????? ????:
    1. ?????????? ???? ?? ?????????? ????? ?? ?????????
    2. ???????? ?? ????? ?? ???????? ?? ????? ?? ?????????
    3. ???? ????
    4. ??????? ????
    ?? ???????? ???????? ??? ??????? ???? ?? ??? ??? ????? ????? ?? ???? ??? ?? ????? ?? ??? ??????? ??:
    • ?? ????? ??? (dn) ?? ???? ?????? ?????? ???????????? ????? ??? ?????????? ?? ???????? ???? ?? ??? ???? 2 ????? ?? ??? ????
    • ?? ?? ??? ?? latent ????????????? ????? ???????? ???????? ??? ??? ????? ?????????? ?? ??? ????? ?? ?? ????????? ???
    • ?? ??????? ?????? ?? ???? ?????? ?????? ?? ???????????? ???? ?? ?????? ???? ????
    ??? ?? ??????? ?????? ?? ????? ???? (OU) ?????? ??????? ???? ?? ?????????? ????? ?? ????? ???? ???? ?? ???????????? ???? ?? ?????? ???, ?? ?? ??? ???????? ??????? ??? ?? ??????

    ?????????? ?? ????? ???? ?? ???? ????? ?? ?????????? ?? ????? ?? ???? ??? ?? ????? ??? ????? ?????????? ?? ????? ??????? ????? ??? ????? ?????????? ?? ??? ?????
  3. ?? ??? ?????? ?????? ????? ?? ???? ??? ????? ????? ??? ?????? ??? ???? ??? ???? ?????????? ?? ?????? ???? ?? ??? ???? ?? ????? ?? ????? ?? ?????

    ???:??? ?????? ?????? ?? ????? ?? ????? ?? ????? ?? ??? ??????? ???, ?? ?? ??? ???? ???? ?? ??? 4 ?? ?????

    ??? ?? ??? 1 ??? ??? ????????????? ????? ???????? ??????, ?? ??? ?? ??? ???? ?????? ?????? ????

    ??? ????? ??? ???? ?? ????? ??? ????? ?? ????????? ??????? ?????? ????? ??, ???? ????? ?? ????? ??? ??? ??????? ?????? ?? ?????? ?????? ?? ????? ????

    ?? ?? ??? ????? ??????, ????? ???? ????????????? ????? ??? ?? ???? ???? ?????? ??? ???? ???? ??? ?? ????????????? ????? ???????? ?? ???? ??????? ?????? ??? ???? ?? ???? ????
  4. ??? ?? ????? ???? ?? ?????????? ?? ????? ??? ??? ??????? ?????? latent ????? ???????? ???? ???? ????, ?? ????? ??? ??? ??????? ?????? ????? ???????? ?? ???? ?????? ?????? ?????? ????? ??????? ?? ?????? ?????? ?? ????? ??? ???? ?? ?????????? ??? ???? ?????? ????????????? ????? ???????? ?? ??? ??? ?? ????? ???????? ?? ????? ?????

    ?????????? ?? ????? ??? ??????? ?????? ????? ?????????? ?? ???? restorations ????? ????? ??? ????? ??????? ???? ?? ??? ????????? ?? ??????? ???? ??????? ??????? ????? ??? ??? ?????????? ???? ???? ?? ????? ??? ??????? ?????? ????? ???????? ?? ??? ?????? ?????? ?? ????? ??, ?? ?? ????? ???? ?? ????memberOf??????? ?? ??????? ???? ??????? ?? ????????? ???? ?? ??? ?? ????? ????? ??????? ?? ???????????? ???? ?? ??? ???????????? ?????????? ????? ?? ??????? ??? ??? ??, ?? ??? ????? ????? ?? ?? ???-??????? ?????? ????? ???????? ?? ???? ?????? ?????? ?????? ????? ????? ?? ????
  5. ??? ?? ??????? ?????????? ???? ?? ??????? ????? ???, ?? ??????? ????????????? ????? ???????? Dsrepair ??? ??? ??? ??? ?? ??????? ?????????? ???? ?? ??????? ???? ???, ??????? ?? ????? ??? ?? ??????? ?????? ?????????? ??? ????????????? ????? ???????? ?? ?? ????

    ?? ????? ?? ???? ???setpwd?????? ??????????? ?? ?????? ??? ??? ????? ???????? ?? ?? Microsoft Windows 2000 ?????? ??? 2 (SP2) ?? ??? ??? ?? ??? ??? ?? ???? ?? ??????? ????? ???? ?? ??? ???????-?????? ????? ???

    ???:Microsoft ?? Windows 2000 ?? ???????

    ?????? ????? ?????????? ??????? ????????? ???? ?? ???? ??? ???? ??????? ?? ??? Microsoft ???????? ??? ???? ????? ?? ??? ????? ???? ?????? ?? ????? ????:
    239803??? ????? ???????? ?? ?????? ????? ?????????? ??????? ????????? ???? ?? ??? ???? ????
    Windows Server 2003 ????? ?????????? ?? ??? ?????????? ?? ????? ?? ???? ?????? dsrm ?????????? commandNtdsutil??????? ?????????? ???? ?? ??? ??????? ????? ???? ?? ??? ???????-?????? ??????

    ?????????? ?????? ???????????? ??? ?????????? ???? ?? ????? ???? ???? ?? ???? ??? ???? ??????? ?? ??? Microsoft ???????? ??? ???? ????? ?? ??? ????? ???? ?????? ?? ????? ????:
    322672Windows Server 2003 ??? ?????????? ?????? ???????????? ??? ?????????? ???? ??????? ????? ???? ?? ??? ???? ????
  6. ????????????? ????? ???????? ?? Dsrepair ??? ??? ??????? ???? ?? ??? ????????? ????????? ?? ????? ?? F8 ?????? ??????? ?????????? ???? ?? ????????????? ????? ???????? ?? ????? ?? ??? ?? ????? ??? ???? ??? 5 ??? ??????? ????? ????, ?? ?? ??????? ?? ????? ?????

    ????????????? ????? ???????? ?? ??? ??????? ?????? latent ????? ???????? ??, ??? ?????? ?????? ???????????? ????? Go to step 7.

    If you are creating the recovery domain controller by using a system state backup, restore the most current system state backup that was made on the recovery domain controller now.
  7. Auth restore the deleted user accounts, the deleted computer accounts, or the deleted security groups.

    ???:The terms??????? ????????????, ??authoritative restorerefer to the process of using theauthoritative restorecommand in theNtdsutilcommand-line tool to increment the version numbers of specific objects or of specific containers and all their subordinate objects. As soon as end-to-end replication occurs, the targeted objects in the recovery domain controller's local copy of Active Directory become authoritative on all the domain controllers that share that partition. An authoritative restoration is different from a system state restoration. A system state restoration populates the restored domain controller's local copy of Active Directory with the versions of the objects at the time that the system state backup was made.

    For more information about auth restoring a domain controller, click the following article number to view the article in the Microsoft Knowledge Base:
    241594Windows 2000 ??? ?? ????? ???????? ?? ??? ??? authoritative ???????????? ???? ?? ??? ???? ????


    Authoritative restorations ?? ??? ?? ?? ???Ntdsutil????-?????? ????? ?? ?? ????? ??? ?????????? ?? ????? ???? ???? ?????? ?? ?? ????? ??? ?????????? ?? ????? ??? (dn) ?? ?? ????????

    ?? ?? ??????? ????????????, ?? ????? ????? ??? (dn) ?? ?? ??? ??? ?? ????? ???? ??? ??? ??? ?? ?? ???? ?? ??? ???? ?? ???? ?? ?? ?? ??? ?? ???????? ?? ????? ?? ??????? ???? ??? ?? ?????????? ?? ?????? ?????? ?? ????? ??? ?? ?? ??? ??????? ??? ?? ???????? ????? ?? ???? ???

    ??????????? ???????????? ?????????? ???? ??? ???????????? ?? ??? ???? ??:
    1. ??????????? ???????? ????? ??? ?????????? ????, ???????? ????, ?? ??????? ???? ?? ??? ????? ??? (dn) ?? ???????????? ?????

      ??????? ?????????? ?? authoritative restorations ?????? ??, ????? ?? ?? ????? subtree authoritative restorations ?? ?? destructive ???? ??????????? ???????????? ??????? ??????? ?????? ???????? ?? ???? ?? ???????? ?? ???? ???

      Ntdsutil????? ???????? ?? ????? ???? ??:
      Ntdsutil "authoritative ????????????" "???????????? ????????<object dn="" path=""></object>"q q
      ?????? ?? ??? ??????? ?? ??? ???????????? ????? ??? ???????????????????Mayberry?? OUContoso.com????? ?? ???, ????? ???? ?? ????? ????:
      Ntdsutil "authoritative ????????????" "???????? cn ???????????? ????, ou = Mayberry, = dc contoso, = dc = com" q q
      ???? ?? ??????? ???? ?? ???????????? ???? ?? ??? ???????ContosoPrintAccess?????Mayberry?? OUContoso.com????? ?? ???, ????? ???? ?? ????? ????:
      Ntdsutil "authoritative ????????????" "???????? cn ???????????? ContosoPrintAccess, ou = Mayberry, = dc contoso, = dc = com" q q


      ???????????????? ????? ?? ????? ?????? ???

      ???:?? ???????? ???? Windows Server 2003 ??? ?????? ??? ????? ?? ????? ???? ?? ??? ???? Windows 2000 ??? ???????? ??:
      Ntdsutil "authoritative ????????????" "???????????? subtree???????? DN ??"
      ???:Ntdsutil authoritative ???????????? ???????? ??? ???????? ??? ?? (DN) ??? ??????? ???? ?? ????????? ??? ???? ??? ???, ? ???????????? ???????? ?? ??? scripted ???????????? ?? ??? ' ???? ???<dn path=""></dn>? ???? ????? ?? ???????? ?? ??? ??? ???? ?? ???? ?????
      ?? ?????? ?? ?? ???? ?? ??? ?? ??? ??????? ???? ?? ????????-???-??????-????? ?????? ??????? ?? ??? ????????? DN ??? ????? ???? ?? ?????? ??:
      Ntdsutil "authoritative ????????????" "???????????? ???????? \"CN=John ????, OU Mayberry NC, DC = contoso, DC = = com\ ""q q

      ???:???? ?????? ??????? ?? ?? ???? ?? ??? DN ???????? ?? ???????????? ???? ?? ??? ?? ?????????? ????? ?????? ?????:
      Ntdsutil "authoritative ????????????" "???????? \"CN=Doe\, ???? ???, OU ???????????? Mayberry NC, DC = contoso, DC = = com\ ""q q

      ???:??? ???????? ?? ??? ??????? authoritative ???????????? ??? ?? ?? ?? ???????????? ?????? ??? ???? ???? ?? ???? ??? ?? ??? NTDS ??????? ?? ?? ??? ??? ?? ???????????? ???? ?? ??? ???? ????, USN ??????? authoritatively ???????????? ???? ?? ??? ???????? ?? ?????? ?? increased ?? ????? ?? 100000 ?? ???????? ?? ??????? ????? ???? ??????? ???? ????? ???????????? ?? ??? ???? ????? ???? ???????? 100000 (???????) ?? ???? ???? ??? ??????? ?????? ???? ????????? ?? ??? ?????? ??: "authoritative ????????????" ntdsutil "???????? \"CN=Doe\, ???? ???, OU ???????????? Mayberry NC, DC = contoso, DC = com\ "verinc 150000\" = "q q

      ???:??? ????????? ?????? ?? ??? ????? ???? ??, ?? ???????? ???????? ?? ???????????? ???? ?? ??? ?? ?? ??????? ?? ??? ???? ?? ???? ???? ????? ?? ??? ???? ?? ??? ???????? ??: ntdsutil """authoritative ????????????" "??? popups ???????????? ???????? \"CN=John ????, OU Mayberry NC, DC = contoso, DC = com\ "verinc 150000\" = "q q
    2. ??????????? ???? OU ?? ???????? ??? (CN) ?????? ???? ?? ????? ??? ?????????? ?? ???? ?? ????? ???? ???? ???????????? ?????

      ?? ??????? subtree ?? authoritative restorations ????? ?? ?? OU ?? ?????? ?????? ??Ntdsutil "authoritative ????????????"???? ??? ??????? ?? ???????????? ???? ?? ??? ?? ?????? ?? ??? ??? ?? ???????? ?? overwhelming majority ??? Ideally, ?????? OU ??????? ???????????? ???? ?? ??? ?? ?????? ?? ??? ??? ?? ??? ?????????? ????

      ??? OU subtree ?? ??? authoritative ???????????? ??? ????????? ?? ?????????? ???? ???????? ??? ???????????? ???? ??? ???? ?? ??? ???? ?????? ?????? ?? ????? ???????????? ???? ?? ??? ??? ?? ???????? ??? rolled ???? ???? ????? ?? ??? ????? ?? ???? ?? ?????????? ????, ???????? ?? ????? ?? ??????? ??????, ?? ??? ?? ?????? ?? ???? ?? ???? ????? ?? ??? ??????????, ????????? ?? ?? ???? ?? ???, ??????? ?? ??? ?????? ???????? ???? ?? ??? ????? ?? ????? ?? ?????? ???? ?? ???, ???? ??????? ?? ???, ?? ??? ??????? ?????????? ?? ?? ?? ?? ????????? ???? ?? ??? ???????? ?? ??????????

      Ntdsutil????? ???????? ?? ????? ???? ??:
      Ntdsutil "authoritative ????????????" "???????????? subtree<container dn="" path=""></container>"q q
      ?????? ?? ???, ?????? ???????????? ???? ?? ???Mayberry?? OUContoso.com????? ?? ???, ????? ???? ?? ????? ????:
      Ntdsutil "authoritative ????????????" "subtree ou ???????????? Mayberry, = dc contoso, = dc = com" q q
    ???:?? ??? ?? ??????? ???? OU ???????? ?? ??? ?? ??????? ????? ??? ?????????? ?? ?????

    ???????????? ?? ???? subordinate ???????? ?? ??? OU ???????????? ????, subordinate ???? ?? ?????????? ?? ??? ???? ?? ?????? ?????? ???? ?????? ?????? ??? ?? ??????? ???????????? ???? ???? ???
  8. ??? ???? ?? ?????????? ???? ?????? ?????? ???????????? ?? ????????????? ????? ???????? ?? ???????????? ??? ?? ??, ??? ??????? ???? ?? ?? ?? ??? ???? ????? ???????? ???????? ??? ???? ?? ??? ??????? ??????????? ?????? ????????
  9. ?????? ??? ????????????? ????? ???????? ?? ???????? ?????? ?????????? ????
  10. ????????????? ????? ???????? ?? ??? ??????? ??????????? ?? ????? ???? ?? ??? ????? ???? ???? ????:
    repadmin /options<recovery dc="" name=""></recovery>+ DISABLE_INBOUND_REPL
    ??????? ??????????? ???? ????????????? ????? ???????? ????? ?????? ?????? ???????????? ???? ?? ??? ????? ???
  11. ???????-???????????? Outbound-replicate ?????????? ????????????? ????? ???????? ?? ????? ?? ???????? ??? ????? ?????????? ?? ????

    ????????????? ????? ???????? ?? ??? ??????? ????????? ????? ???? ??, ???? ??? ?????-???? replica ????? ?????????? ??? ????? ?? ???????? ??? ??? ??????? ?????? ???? ?? ??? ?????? ???????????? ???????? ??? ???? ???? ?? ??? ????? ???? ?????:
    repadmin /syncall /d /e /P<recovery dc=""> <naming context=""></naming></recovery>
    ??? ????? ????? ?? ???? ???, ?? ???? ??????? ?????? ???????????? ?? ????????? ???? ?? ?????????? ???? ?? ??? rebuilt ???? 14 ??? ?? ?????

    ???:??? ????? ????? ??? ?? ?? ?? ???? ???? ???? ??, ?? ??? 12 ?? ?????
    • ???? ???????? ?? ?? ???? Windows Server 2003 ???????? ???????? ???? ?? Windows Server 2003 Interim ???????? ???????? ???? ?? ???
    • ???? ?????????? ???? ?? ???????? ???? ????? ???, ?? ??????? ???? ?????
    • ???? ?? ?????????? ???????? ??? ??? ????? ??? ??????? ???? ?? ??? ???? ?? ?? ?? ???????? transitioned ???????? ???? ???????? ??? Windows Server 2003 ?? ??? ???? ??? ???
  12. ??? ?? ?? ??????? ?? ????? ??? ?????????? ??????? ???? ????????? ????, ?? ???? ??? ?????? ?? ?????? ?? ???????

    ???:???? ???? ?? ?? ?????????? ????, ?????? ?????? ??? 7 ?? ??? ?? ?? ????????-????????? ??? 11 ??? ??? ???????????? ???? ???? ?? ???? ??? ????????? ????? ?????????? ??? ???????? ????? ???????? ?? ????? ?? ??? ??????? ?????? ????? ???????? ???????? ??? ???????????? ?? ???? ???? ????

    ??? ?? ???? ???? provisioning ?????? ??????? ???? ?? ??? ??????? re-populate ???? ?? ??? ???? ??, ?? ?? ?????? ?? ????? ??? ????? ??? ?????????? ?? ?? ?? ?? ????? ???? ?? ???? ?? ??? ?? ?? ??????? ?????? ?? ???????????? ???? ?? ???? ???? ?? ??? after ???? ?? transitive ????? ???????? ???????? ????? ??? ?? ?? ?? ??????? ?????? ????? ?????? ???????-????????? ??????? ???????????? ?????????? ?? ???? ?? ???????????? ?????? ???

    ??? ???? ??? ???? ??? ?? ??? ????????, Ldifde. exe ????-?????? ????? ?? ???????-?????? Groupadd.exe ????? ???? ???????? ?? ????? ???? ?? ??? ?? ?? ????????????? ????? ???????? ?? ????? ???? ?? ??????? ?? ?????? ??? Microsoft ?????? ?????? ????? ?? ???????? ???, Ldifde. exe ?????????? ???? ?? ???? ??????? ??????, ?????????? ?? ????????? ???? ?? ?? OU ?????? ?? ??????? ???? ?? ??? ??? ??? LDAP ???? ???????? ??????? (LDIF) ??????? ????? ????? ?? ??? ???? ??? ???? Groupadd.exememberOf???????? ?????????? ???? ?? .ldf ????? ??? ???????? ??, ?? ???? ??? ???????? ????? ?? ??? ??? ?? ???????? LDIF ??????? ???????? ??? ??????? ???? ?? ??? ??????? ??? ?? LDIF ??????? ??? ???? ?? ?????????? ????? ?? ??? ???? ?? ???? ???? ??????? ?? ???????????? ?? ???? ??? ?? ??????? ???? ?? ??? ??? ?? ??? ?? ????????????? ?? ??? ????? ????? ?? ???? ?????
    1. Log on to the recovery domain controller's console by using a user account that is a member of the domain administrator's security group.
    2. ?????Ldifdecommand to dump the names of the formerly deleted user accounts and theirmemberOfattributes, starting at the topmost OU container where the deletion occurred. TheLdifdecommand uses the following syntax:
      ldifde -d<dn path="" of="" container="" that="" hosts="" deleted="" users=""></dn>-r "(objectClass=user)" -l memberof -p subtree -f user_membership_after_restore.ldf
      Use the following syntax if deleted computer accounts were added to security groups:
      ldifde -d<dn path="" of="" container="" that="" hosts="" deleted="" users=""></dn>-r "(objectClass=computer)" -l memberof -p subtree -f computer_membership_after_restore.ldf
    3. ?????Groupadd?? ????? ?? ??? ' ?? ' ???? ?? ?????????? ?? ??? ????? ??? ?? ?? ?? ????????? ??????? ??????? ?????? ?? ??? ??? ?? ???? .ldf ??????? ?? ????? ?? ??? ???? ??? Groupadd ???? ????? ???????? ?? ????? ???? ??:
      Groupadd /after_restoreusers_membership_after_restore.ldf
      ??? ???????? ??????? ???? ?? ??? ????? ????? ?? ??? ??? ?? ???? ?? ????????
    4. ???????? Groupadd_ ???? ????fully.qualified.domainname.ldf ????? ?? ???????? ????? .ldf ????? ?? ??? ???? ?? ??????? ?????? ????? ???????? ?? ??? 12 c ??? ???? ?? ??? ????? Ldifde ???????? ?? ????? ????:
      Ldifde ?i ?k ?f Groupadd_<fully.qualified.domain.name></fully.qualified.domain.name>.ldf
      ????????????? ????? ???????? ?? ??? ?? ?? ??? ????? ???????? ?? ?????????? ?? ???? ?? ????? ?? ??? .ldf ????? ?? ??????
    5. Groupadd_ ???? ???? ?? ??? ????? ???? ???? ?? ?? ???????? ????? ???????? ?? ????? ??<fully.qualified.domain.name></fully.qualified.domain.name>.ldf ???? ????? ????? ?? ??? ?????, ????????-replicate ????? ??? ???? ????? ???????? ?? ??? ?? ???????? ??? ??????? ?????? ????? ?????????? ?? ??? ???? ??????? ??????? ????? ???? ?? ????? ??:
      repadmin /syncall /d /e /P<recovery dc=""> <naming context=""></naming></recovery>
  13. ???????? ??????????? ?? ????? ???? ?? ??? ????? ??? ???? ????, ?? ???? ??? ENTER ?????:
    repadmin /options + DISABLE_OUTBOUND_REPL
    ???:???????? ????????? ???: ????? ??, ????? ??? ???? ????, ?? ???? ??? ENTER ?????:
    repadmin /options - DISABLE_OUTBOUND_REPL
  14. ??? ????? ??? ?????????? ????? ????? ??? ??????? ???? ?? ???? ?? ??, ?? ????? ??? ?? ??? ?? ?????:
    • ?? ?????? ?? ???????? ??? ?? ???? ?? ?????????? ???????
    • ?????? ?????? ???????????? ???? ?? ?????? ???????????? ?? ????? ??? ?????? ??????? ??????? ?????? ??? ?? ???????? ???????????? ?????
  15. ???? ??????? ????????????? ????? ???????? ?? ????? ?? ???? ????? ??? ??????? ?????? ??? ???? ?????
  16. ???? ?? ?? ??? ?????? ?????? ????? ?????????? ?? ??? ????? ????????????? ????? ???????? ?? ????? ??? ???
  17. ??? ???????? ??????????, ??????? ???? ??? ?????????? ?? ?????, ???????? ??? ????? ?????????? ?? ?????????? ????? ?????????? ???????????? ????? ???? ??? ??? ?????

    ??? ????? ?????????? ??????? ???????????? ?????????? ???? ?? ????? ????? ??????? ????????? ???? ?? ??? ?????? ???????????? ???? ??? ???????? ???? ?? ??????? ????? ???? ?? ??? ?? ???? ???

    Users who changed their passwords after the system state backup was made will find that their most recent password no longer works. Have such users try to log on by using their previous passwords if they know them. Otherwise, help desk administrators must reset the password and select theuser must change password at next logon??? ????? ???, preferably ?????????? ?? ??? ??? ?? ?? Active Directory ???? ??? ??? ????? ???????? ?? ??? ????? ???

Method 3: Authoritatively restore the deleted users and the deleted users' security groups two times

?? ?? ?? ???? ?? ????? ????, ?? ????? high-level ????? ?? ????:
  1. Check to see if a global catalog in the user's domain has not replicated in the deletion, and then prevent that domain controller from inbound-replicating the deletion. If there is no latent global catalog, locate the most current system state backup of a global catalog domain controller in the deleted user's home domain.
  2. Authoritatively restore all deleted user accounts and all security groups in the deleted user's domain.
  3. Wait for the end-to-end replication of the restored users and of the security groups to all the domain controllers in the deleted user's domain and to the forest's global catalog domain controllers.
  4. Repeat steps 2 and 3 to authoritatively restore deleted users and security groups. (You restore the system state only one time.)
  5. If the deleted users were members of security groups in other domains, authoritatively restore all the security groups that the deleted users were members of in those domains. Or, if system state backups are current, authoritatively restore all the security groups in those domains.
To satisfy the requirement that deleted group members must be restored before security groups to fix up group membership links, you restore both object types two times in this method. The first restoration puts all the user accounts and group accounts in place, and the second restoration restores deleted groups and repairs the group membership information, including membership information for nested groups.

To use method 3, follow this procedure:
  1. Check to see whether a global catalog domain controller exists in the deleted users home domain and has not replicated in any part of the deletion.

    ???:Focus on global catalogs in the domain that has the least frequent replication schedules. If these domain controllers exist, use the Repadmin.exe command-line tool to immediately disable inbound replication. ??? ???? ?? ???, ????? ????? ?? ???? ????::
    1. ????? ????,????????? ????-????? ????, ?? ???? ????????.
    2. ??????:??????????????????? ???, ?? ???? ???OK.
    3. ??????:repadmin /options<recovery dc="" name=""></recovery>+ DISABLE_INBOUND_REPLat the command prompt, and then press ENTER.

      ???:If you cannot issue the Repadmin command immediately, remove all network connectivity from the domain controller until you can use Repadmin to disable inbound replication, and then immediately return network connectivity.
    ?? ????? ???????? ?? ??? ????????????? ????? ???????? ?? ??? ??? ???????? ???? ????? ???
  2. Avoid making additions, deletions, and changes to the following items until all the recovery steps have been completed. Changes include password resets by domain users, help desk administrators, and administrators in the domain where the deletion occurred, in addition to group membership changes in the deleted users' groups.
    1. ?????????? ???? ?? ?????????? ????? ?? ?????????
    2. ???????? ?? ????? ?? ???????? ?? ????? ?? ?????????
    3. ???? ????
    4. ??????? ????

      ???:Especially avoid changes to group membership for users, computers, groups, and service accounts in the forest where the deletion occurred.
    5. Notify all the forest administrators, the delegated administrators, and the help desk administrators in the forest of the temporary stand-down.
    This stand-down is required in method 2 because you are authoritatively restoring all the deleted users' security groups. Therefore, any changes that are made to groups after the date of system state backup are lost.
  3. ?? ??? ?????? ?????? ????? ?? ???? ??? ????? ????? ??? ?????? ??? ???? ??? ???? ?????????? ?? ?????? ???? ?? ??? ???? ?? ????? ?? ????? ?? ?????

    ???:If your system state backups are current up to the time that the deletion occurred, skip this step and go to step 4.

    If you identified a recovery domain controller in step 1, back up its system state now.

    If all the global catalogs that are located in the domain where the deletion occurred replicated the deletion, back up the system state of a global catalog in the domain where the deletion occurred.

    When you create a backup, you can return the recovery domain controller back to its current state and perform your recovery plan again if your first try is not successful.
  4. ??? ?? ????? ???? ?? ?????????? ?? ????? ??? ??? ??????? ?????? latent ????? ???????? ???? ???? ????, ?? ????? ??? ??? ??????? ?????? ????? ???????? ?? ???? ?????? ?????? ?????? ????? ??????? ?? ?????? ?????? ?? ????? ??? ???? ?? ?????????? ??? ???? ?????? ????????????? ????? ???????? ?? ??? ??? ?? ????? ???????? ?? ????? ?????

    ???? ?????????? ?? ????? ??? ??????? ?????? ????? ?????????? ?? ??????? ??? ???????? ??? ????? ????? ?? ??? ???? ??????? ??????? ??? ??? ?????????? ???? ???? ?? ????? ??? ??????? ?????? ????? ???????? ?? ??? ?????? ?????? ?? ????? ??, ?? ?? ????? ???? ?? ????memberOf??????? ?? ??????? ???? ??????? ?? ????????? ???? ?? ??? ?? ????? ????? ??????? ?? ???????????? ???? ?? ??? ???????????? ?????????? ????? ?? ??????? ??? ???? ??? ?? ????? ??? ???? ????? ????? ??? ???? ??????? ?? ????? ??????? ??, ?????? ???????????? ?? ???????????? ???? ?? ??? ?? ????? ??? ??????? ???? ???? ?? ??? ?????????? ????? ?? ???????????? ???? ??? ???
  5. ??? ?? ??????? ?????????? ???? ?? ??????? ????? ???, ?? ??????? ????????????? ????? ???????? Dsrepair ??? ??? ??? ??? ?? ??????? ?????????? ???? ?? ??????? ???? ???, ??????? ?? ????? ??? ?? ??????? ?????? ?????????? ??? ????????????? ????? ???????? ?? ?? ????

    ?? ????? ?? ???? ???setpwd?????? ??????????? ?? ?????? ??? ??? ????? ???????? ?? ?? Microsoft Windows 2000 ?????? ??? 2 (SP2) ?? ??? ??? ?? ??? ??? ?? ???? ?? ??????? ????? ???? ?? ??? ???????-?????? ????? ???

    ???:Microsoft ?? Windows 2000 ?? ???????

    ?????? ????? ?????????? ??????? ????????? ???? ?? ???? ??? ???? ??????? ?? ??? Microsoft ???????? ??? ???? ????? ?? ??? ????? ???? ?????? ?? ????? ????:
    239803??? ????? ???????? ?? ?????? ????? ?????????? ??????? ????????? ???? ?? ??? ???? ????
    Windows Server 2003 ????? ?????????? ?? ??? ?????????? ?? ????? ?? ???? ?????? dsrm ?????????? commandNtdsutil??????? ?????????? ???? ?? ??? ??????? ????? ???? ?? ??? ???????-?????? ??????

    ?????????? ?????? ???????????? ??? ?????????? ???? ?? ????? ???? ???? ?? ???? ??? ???? ??????? ?? ??? Microsoft ???????? ??? ???? ????? ?? ??? ????? ???? ?????? ?? ????? ????:
    322672?????????? ?????? ???????????? ??? ?????????? ???? ?? ??????? ??? Windows Server 2003 ?? ????? ???? ????
  6. ??????? ?????????? ???? ?? ????????????? ????? ???????? ?? ????? ?? Dsrepair mode.Log ??? ????????????? ????? ???????? ?? ??????? ???? ?? ??? ????????? ????????? ?? ????? ?? F8 ?????? ??? ???? ??? 5 ??? ??????? ????? ????, ?? ?? ??????? ?? ????? ?????

    ????????????? ????? ???????? ?? ??? ??????? ?????? latent ????? ???????? ??, ??? ?????? ?????? ???????????? ????? ??? 7 ?? ?????

    ??? ?? ?? ?????? ?????? ?? ????? ?? ????? ???? ????????????? ????? ???????? ??? ??? ???, ?? ?????? ?????? ?????? ????? ???????????? ?? ??? ???? ?? ?????????? ?? ????????????? ????? ???????? ?? ???? ??? ???
  7. Auth restore the deleted user accounts, the deleted computer accounts, or the deleted security groups.

    ???:The terms??????? ????????????, ??authoritative restorerefer to the process of using theauthoritative restore??? commandNtdsutilcommand-line tool to increment the version numbers of specific objects or of specific containers and all their subordinate objects. As soon as end-to-end replication occurs, the targeted objects in the recovery domain controller's local copy of Active Directory become authoritative on all the domain controllers that share that partition. An authoritative restoration is different from a system state restoration. A system state restoration populates the restored domain controller's local copy of Active Directory with the versions of the objects at the time that the system state backup was made.

    For more information about auth restoring a domain controller, click the following article number to view the article in the Microsoft Knowledge Base:
    241594Windows 2000 ??? ?? ????? ???????? ?? ??? ??? authoritative ???????????? ???? ?? ??? ???? ????


    Authoritative restorations ?? ??? ?? ?? ???Ntdsutilcommand-line tool by referencing the domain name (dn) path of the deleted users or of the containers that host the deleted users.

    ?? ?? ??????? ????????????, ?? ????? ????? ??? (dn) ?? ?? ??? ??? ?? ????? ???? ??? ??? ??? ?? ?? ???? ?? ??? ???? ?? ???? ?? ?? ?? ??? ?? ???????? ?? ????? ?? ??????? ???? ??? ?? ?????????? ?? ?????? ?????? ?? ????? ??? ?? ?? ??? ??????? ??? ?? ???????? ????? ?? ???? ???

    ??????????? ???????????? ?????????? ???? ??? ???????????? ?? ??? ???? ??:
    1. Auth restore the domain name (dn) path for each deleted user account, computer account, or deleted security group.

      Authoritative restorations of specific objects take longer but are less destructive than authoritative restorations of a whole subtree. Auth restore the lowest common parent container that holds the deleted objects.

      Ntdsutil????? ???????? ?? ????? ???? ??:
      Ntdsutil "authoritative ????????????" "???????????? ????????<object dn="" path=""></object>"q q
      ?????? ?? ??? ??????? ?? ??? ???????????? ????? ??? ???????????????????Mayberry?? OUContoso.com????? ?? ???, ????? ???? ?? ????? ????:
      Ntdsutil "authoritative ????????????" "???????? cn ???????????? ????, ou = Mayberry, = dc contoso, = dc = com" q q
      ???? ?? ??????? ???? ?? ???????????? ???? ?? ??? ???????ContosoPrintAccess?????Mayberry?? OUContoso.com????? ?? ???, ????? ???? ?? ????? ????:
      Ntdsutil "authoritative ????????????" "???????? cn ???????????? ContosoPrintAccess, ou = Mayberry, = dc contoso, = dc = com" q q


      ???????????????? ????? ?? ????? ?????? ???

      By using this Ntdsutil format, you can also automate the authoritative restoration of many objects in a batch file or a script.
      ???:?? ???????? ???? Windows Server 2003 ??? ?????? ??? The only syntax in Windows 2000 is to use: ntdsutil "authoritative restore" "restore subtree???????? DN ??".
    2. ??????????? ???? OU ?? ???????? ??? (CN) ?????? ???? ?? ????? ??? ?????????? ?? ???? ?? ????? ???? ???? ???????????? ?????

      ?? ??????? subtree ?? authoritative restorations ????? ?? ?? OU ?? ?????? ?????? ??Ntdsutil Authoritative restore???? ??? ??????? ?? ???????????? ???? ?? ??? ?? ?????? ?? ??? ??? ?? ???????? ?? overwhelming majority ??? Ideally, ?????? OU ??????? ???????????? ???? ?? ??? ?? ?????? ?? ??? ??? ?? ??? ?????????? ????

      An authoritative restore on an OU subtree restores all the attributes and objects that reside in the container. Any changes that were made up to the time that a system state backup is restored are rolled back to their values at the time of the backup. With user accounts, computer accounts, and security groups, this rollback may mean the loss of the most recent changes to passwords, to the home directory, to the profile path, to location and to contact info, to group membership, and to any security descriptors that are defined on those objects and attributes.

      Ntdsutil????? ???????? ?? ????? ???? ??:
      Ntdsutil "authoritative ????????????" "???????????? subtree<container dn="" path=""></container>"q q
      ?????? ?? ???, ?????? ???????????? ???? ?? ???Mayberry?? OUContoso.com????? ?? ???, ????? ???? ?? ????? ????:
      ntdsutil "authoritative restore" "restore subtree ou=Mayberry,dc=contoso,dc=com" q q
    ???:?? ??? ?? ??????? ???? OU ???????? ?? ??? ?? ??????? ????? ??? ?????????? ?? ?????

    ??????????When you restore a subordinate object of an OU, all the parent containers of the deleted subordinate objects must be explicitly auth restored.
  8. ?????? ??? ????????????? ????? ???????? ?? ???????? ?????? ?????????? ????
  9. Outbound-replicate the authoritatively restored objects from the recovery domain controller to the domain controllers in the domain and in the forest.

    While inbound replication to the recovery domain controller remains disabled, type the following command to push the authoritatively restored objects to all the cross-site replica domain controllers in the domain and to global catalogs in the forest:
    repadmin /syncall /d /e /P<recovery dc=""> <naming context=""></naming></recovery>
    ???????? ?? ????? ?? ??????? ?????? ??? ???????????? authoritatively ???????????? ?? ??? ????? ?? ????????? ?? ??? ??? ???? ?? transitive ????? ?????????? ?? ??? ???????????? ??????, 11 ??? ?? ?????

    ??? ????? ????? ?? ???? ???, ?? ???? ??????? ?????? ???????????? ???? ?? ?????????? ???? ?? ??? rebuilt ???? 13 ??? ?? ?????
    • ???? ???????? ?? ?? ???? Windows Server 2003 ???????? ???????? ???? ?? Windows Server 2003 interim ???????? ???????? ???? ?? ???
    • ???? ??????? ?????? ?? ????? ???? ????
    • ???????? ??? ??? ????? ??? ??? ??????? ???? ?? ??? ????? ??? ?????????? ???? ?? ???
    ???????????? ????? ???????? ?? ???????????? ?? ???????? ??????????? ?? accelerate ???? ?? ??? Repadmin ???? ?? ????? ???? ?? ????? ?????

    ??? ???? ?? ??? ?? ??, ?? ??? ?? ?????? ???? ???? ?? ?? ????? ??? ?????????? ????? ??? ??? ??????? ???? ?? ??? Windows Server 2003 interim ?? ???????? ???????? ???? ?? ??????? ?? ???, ??? 12 ?? ?????
  10. ?????? ?????? ???????????? ??? ???? 7, 8 ?? 9 ????? ?? ???????, ?? ???? ??? 11 ??? ?? ?????
  11. ??? ????? ??? ?????????? ????? ????? ??? ??????? ???? ?? ???? ?? ??, ?? ????? ??? ?? ??? ?? ?????:
    • ?? ?????? ?? ???????? ??? ?? ???? ?? ?????????? ???????
    • ?????? ?????? ???????????? ???? ?? ?????? ???????????? ?? ????? ??? ?????? ??????? ??????? ?????? ??? ?? ???????? ???????????? ?????
  12. ???? ??????? ????????????? ????? ???????? ?? ????? ?? ???? ????? ??? ??????? ?????? ??? ???? ?????
  13. ????????????? ????? ???????? ?? ??? ??????? ???????????? ????? ???? ?? ??? ????? ???? ?? ????? ????:
    repadmin /options????????????? dc ???-DISABLE_INBOUND_REPL
  14. ???? ?? ?? ??? ?????? ?????? ????? ?????????? ?? ??? ????? ????????????? ????? ???????? ?? ????? ?? ???????? ??? ???? ????? ??? ??????? ?????? ??? ???
  15. ??? ???????? ?????????? ??????? ???? ??? ??????????, ???????? ??? ?????? ????? ?????????? ?? ????? ?????????? ???????????? ????? ???? ??? ???????????? ?? ????? ?????

    ??? ????? ?????????? ???????????? ?????? ?????????? ???? ?? ????? ????? ??????? ????????? ???? ?? ??? ?????? ???????????? ???? ??? ???????? ???? ?? ??????? ????? ???? ?? ??? ?? ???? ???

    ???? ??????? ?? ????????? ???? ?? ??? ?????? ?????? ?? ????? ??? ?? ?????????? ??? ????? ?? ???? ?????? ??????? ?? ??? ????? ??? ???????????? ?? ??? ?? ?????? ????? ???? ????? ??????? ?? ????? ?? ??? ?? ???? ?? ?????? ??? ??????, ?????? ????? ?????????? ??????? ?? ??? ????? ???? ?????????????? ???? ????? ?? ??????? ????? ????????? ????? ??? ???? ??? ??, preferably ?????????? ?? ??? ??? ?? ?? Active Directory ???? ??? ??? ????? ???????? ?? ??? ????? ???

???? ??? ??? ????? ?????? ?????? ?? ????? ???? ?? ?? ?? Windows Server 2003 ????? ???????? ?? ???? ?? ?????????? ????????????? ???? ????

??? ?? ???? ????? ???? ?????????? ???? ?? ??????? ???? ??? ???? ???, ?? ????? ?????????? ?? Windows Server 2003 ??? ????? ??? ?? ????? ??? ??????? ?????? ?????? ????? lack, ???????? ??? ?? ???? ?? ?????????? ???????? ?? ???? ?? ?????????? reanimate ???? ?? ???, ????? ????? ?? ???? ????:
  1. ???? ?? ??????????, ??????????, ??????, ?? ?? ?? ??? reanimate ???? ?? ??? "???????? ??? ?? ???? ?? ?????????? ???????? ??? ???????? undelete ???? ?? ??? ???? ????" ??? ??? ??? ????? ?? ???? ?????
  2. ?? ???? ?? ????? ?? ??? ????? ?????? ??????????? ?????????? ?? ???????? ?? ????? ???? ?? ??? ?????? (???? ??? ????? ???? ?? ??? OU.)
  3. ????? ?? ???? ?????? ??? ???? ?????? ??? ???? ?? ??? ?????? ??????????? ?????????? ?? ???????? ?? ??????? ?? ????? ???? ?? "??????? ????? ?????? ???? ????? ??" ???? ??????, ??? ?????????? ??, ????????? ?? ?? ?? ?????? ?? ??? ??? ???? ?? ???? ?? ??? ???? ??????? ?? Windows Server 2003 ???????? ?? ????? ????? ?? ?? ???????? ?? ?? ????????????? ???? ?? ????? ?? ?????
  4. ??? Microsoft Exchange 2000 ?? ??? ?? ????????? ?? ????? ???? ??? ??, ?? Exchange ???????? ?? ???? ?? ?????????? ?? ??? ????????
  5. Exchange 2000 ?? ??? ?? ????????? ?? ????? ???? ??? ??, ??? Exchange ???????? ?? ????? ??? ?????????? reassociate.
  6. ???????? ???? ?? ???????????? ?????????? ??? ?? ?? ??????? ??????????, ???? ???????????? ?? ??????? ?? ????? ???? ????
?? ?? ???? ??? ???????? ????????????? ????? ??? ?? ??? ?? ???? ????? ??????? ?? ????? ??:
  • ?? ????????? ?? ??? 1 ??? ???????? ????????????? ?? ???????? ????? ?? ???????? ??? ?? ????? ?????? ?? ?? ??? ??? ????????? ???, ??????, ???, ?? ????? ????? ?????? ???????? ?????? ???? ?? ???????? ?? scoping, ?? ???? ??? reanimation ???? ?? ???????? ?? ??????? ?? ????? ????? Reanimation ?? ???????? ???? ?? ??? ????????? ????isDeletedFALSE ?? TRUE ??????? ?? ?? ???????? ???? ?? ??? ??? ?? ?? ??????? ???????? ??? ????????? ??? ?? ??lastKnownParent???????, ?? ??? ??? OU ?? ??????? ??? (CN) ?????? ??? ?? ?????????? ?????? ????????? ??? (??????? ???????? ??? ?? ?? ???? RDN.)
  • Windows Server 2003 ????? ?????????? ?? ???? ?? ?????????? ?? reanimation ?? ?????? ???? ?? ?? ?? ???-Microsoft ????????? ??????? ????? ?? ??? ???????? ?? AdRestore ??? Windows Server 2003 AdRestore ????? undelete primitives ?????????? ?? ???-??? undelete ???? ?? ??? ??? Aelita ?????????? Corporation ?? Commvault ?????? ?? ???????? ?? ?????? ???? ???? ???????? ?? Windows Server 2003-?????? ????? ?????????? ?? ??????????? undelete.

    To obtain AdRestore, visit the following Web site:
    http://technet.microsoft.com/en-us/sysinternals/bb963906.aspx
?????? ?????? ???? ??? ???? ?????? ???? ?? ??? Microsoft ???? ?????-???? ?????? ??????? ?????? ????? ??.. ?? ?????? ??????? ???? ???? ????? ????? ?? ??? ???? ??.. Microsoft ?? ?????-???? ?????? ??????? ?? ??? ???? ?? ??? ?????? ???? ????..

How to manually undelete objects in a deleted object's container

To manually undelete objects in a deleted object's container, follow these steps:
  1. ????? ????,???????????? ????,?????, ?? ??? ???? ????ldp.exe.

    ???:If the Ldp utility is not installed, install the support tools from the Windows Server 2003 installation CD.
  2. ????????????menu in Ldp to perform the connect operations and the bind operations to a Windows Server 2003 domain controller.

    Specify domain administrator credentials during the bind operation.
  3. ????? ?????????????? ??,????????.
  4. ?????Load Predefined????, ????? ????Return Deleted Objects.

    ???:The1.2.840.113556.1.4.417control moves to theActive Controls????? ??? ????? ??..
  5. ?? ???????Control Type????? ????,?????, ?? ????? ????OK.
  6. ????? ????????????? ??,????, type the distinguished name path of the deleted objects container in the domain where the deletion occurred, and then clickOK.

    ???:The distinguished name path is also known as the DN path. For example, if the deletion occurred in the contoso.com domain, the DN path would be the following path:
    cn=deleted Objects,dc=contoso,dc=com
  7. In the left pane of the window, double click theDeleted Object Container.

    ???:As a search result of Idap query, only 1000 objects are returned by default. Fot example, if more than 1000 objects exist in the Deleted Objects container, not all objects appear in this container. If your target object does not appear, useNtdsutil, and then set the maximum number by usingmaxpagesizeto get the search results .
  8. Double-click the object that you want to undelete or to reanimate.
  9. Right-click the object that you want to reanimate, and then click Modify.

    Change the value for theisDeletedattribute and the DN path in a single Lightweight Directory Access Protocol (LDAP) modify operation. ???????? ???? ?? ?????????? ????dialog, follow these steps:
    1. ?????Edit Entry Attribute????? ???,isDeleted.

      ???? ???Value:box blank.
    2. ????? ?????????option button, and then clickENTERto make the first of two entries in theEntry List??????

      ?????????????? ????? ?????????.
    3. ????????????????? ???,distinguishedName.
    4. ????????box, type the new DN path of the reanimated object.

      For example, to reanimate the JohnDoe user account to the Mayberry OU, use the following DN path:
      cn=????, ou =Mayberry, dc =contoso, dc =COM
      ???:??? ?? ???? ???? ?? ???????? ?? ???? ??? ???????? ?? ??? reanimate ???? ????? ???, ?? ???? ????? ??? ???????? ?? ???lastKnownParent??????? ???? CN ??? ?? ???, ?? ?? ???? DN ?? ??? ??????????????? ????
    5. ?????????????????? ???, ????? ?????????.
    6. ????? ????,ENTER.
    7. ?? ??? ???? ?? ??? ????? ???????????????? ?????.
    8. ?? ??? ???? ?? ??? ????? ???????????????? ?????.
    9. ????? ????,?????.
  10. ?? ?? ???????? reanimate, ????? ????????????????? ??????????????, ????? ???????? ?? ???? ??????? (1.2.840.113556.1.4.417) ?? ?? ??????? ?? ????????? ???????????? ????? ???
  11. ?????????? ???? ???????, ?????????, ??? ?????????? ?? ???? ?? ?????????? ?? ??? ???? ??????? ?? ????? ?????

    ?? ???????? ????? ??? ??, ?? ?? ??? ?? ??? ??????? ???SID,ObjectGUID,LastKnownParent, ??SAMAccountNamestripped ??? ?? ???
  12. ?????? ??????????? ?????????? ?? ???????? ??? reanimated ???? ?? ????? ?????

    ???:Reanimated ???????? ??? ????? ?? ???? ??, ????? ???????? ?????? ????? ?? ???: ???? ?? ??? ?????? ?? ????? ?? ??? ???? ?? ??? ?? ?? ??????? ???? ?? ??? ??? ???????? SID ???? ??? Windows Server 2003 ?? ???? ?????? ???? ?????? ????SIDHistory??????? reanimated ?????????? ????, ???????? ?? ????? ?? ??????? ?????? ?? ??? Windows Server 2003 ?????? ??? 1 ?? ??? ?????? ????SIDHistory???? ?? ?????????? ?? ??????? ???
  13. Microsoft Exchange ????????? ??????? ?? Exchange ???????? ?? ??? ?????????? ?? ???: ?????? ?????

    ???:???? ?? ?????????? ?? reanimation ????? ?? Windows Server 2003 ?? ????? ???????? ?? ???? ?? ?? ?? ??? ??????? ??? ???? ?? ?????????? ?? reanimation ????? ?? Windows Server 2003 ?? ??? ???????? ?? ?? Windows 2000 ????? ???????? ?? ???? ?? ?? ??????? ???? ???

    ???:??? ????? ??? ?????, Windows 2000 ????? ???????? ?? ???? ??lastParentOfWindows Server 2003 ????? ?????????? ?? ??????? ????????? ???? ???

?? ?? ???? ????? ?? ?? ???????? ???? ????

?? ?????????? ?? ?? ???? ?????? ???? ???? ?? ???? ??? ?? ???? ???, ?? ?? ???? ????? originated ????? ?? ??? ?? ????? ??? ???? ?? ???, ?????????? ????? ?? ???? ????.:
  1. ??????? ??? ?? ???????? ???? ??? subordinate ?????????? ?? ?? ????? ???? (OU) ?????? ?? ????? ?? ????? ???? ?? ???, ??? ?? ?????? ?? ?? ????? ???? ?? ????? ??? ????? ?????????? ?? ??????? ????? ??? ??? ?? ????? ????? ?? ??? ???????? ?? ???? scoped ????? ?????????? ?? ??? ?? ????? ??? ?? ??? ???? ?? EventCombMT ?????? ??? EventCombMT ?? Windows Server 2003 ?????? ??? ????? ????? ??? ?? ??? ???

    Windows Server 2003 ?????? ??? ????? ??????? ???? ?? ??? ???? ???? ?? ???? ??? ???? ??????? ?? ??? ????? ??? ????, ????? Microsoft ??? ??? ?? ????:
    HTTP://TechNet.Microsoft.com/en-us/windowsserver/bb693323.aspx
  2. 1 ?? 7 ???? ?? ??????? ???????????? ?????? ?? ??? "?? ???? ?? ???????? ?? ???????? ??? ???????? ?? ???????? ??? ?? undelete ???? ?? ??? ???? ????" ??? ??? ????? ?? ???? ????? ??? ??? ???? ?? ??? ???? ??? ??, ???? ?? ???????? ?? ??? ?????? ?????? ?? ?????? ????? ?? ??? ????? ????? ?? ???? ?????
  3. ?? ??? ?? ????????? ?????objectGUIDWindows ?????????? ??????? ???

    ?? ?? ??? ????? ???? ??? ?? ?? ??? 4 ??? Repadmin ???? ???? ?????
  4. ????? ???? ???? ????:
    repadmin /showmeta GUID =objectGUID>FQDN>
    ?????? ?? ???, ??? ???? ?? ???????? ?? ?????? ?? objectGUID 791273b2-eba7-4285-a117-aa804ea76e95 ?? ???? ??? ??????????? ????? ??? (FQDN) ?? dc.contoso.com ??, ????? ??????? ???? ????:
    repadmin /showmeta GUID 791273b2-eba7-4285-a117-aa804ea76e95 dc.contoso.com =
    ?? ???? ?? ???????? ??? ???? ?? ???????? ?? ???????? ?? GUID ?? FQDN ?? ????? ?? ??? ?? ????? ?? ????? ????? ????
  5. Repadmin ??????? ?????? ??? originating ??????, ??? ?? ????? ???????? ?? ??? ?????isDeleted??????? ??? ?????? ?? ???, ?? ??? ???????isDeleted??????? ????? ????? ?????? ?? ??????? ?????? ??? ????? ???? ??:
    Loc.USN  Originating DC                  Org.USN  Org.Time/Date       Ver  Attribute
    -----------------------------------------------------------------------------------------------
     134759  Default-First-Site-Name\NA-DC1   134759  2004-03-15 17:41:20   1  objectClass
     134760  Default-First-Site-Name\NA-DC1   134760  2004-03-15 17:41:22   2  ou
     134759  Default-First-Site-Name\NA-DC1   134759  2004-03-15 17:41:20   1  instanceType
     134759  Default-First-Site-Name\NA-DC1   134759  2004-03-15 17:41:20   1  whenCreated
     134760  Default-First-Site-Name\NA-DC1   134760  2004-03-15 17:41:22   1  isDeleted
     134759  Default-First-Site-Name\NA-DC1   134759  2004-03-15 17:41:20   1  nTSecurityDescriptor
     134760  Default-First-Site-Name\NA-DC1   134760  2004-03-15 17:41:22   2  name
     134760  Default-First-Site-Name\NA-DC1   134760  2004-03-15 17:41:22   1  lastKnownParent
     134760  Default-First-Site-Name\NA-DC1   134760  2004-03-15 17:41:22   2  objectCategory
  6. ?????? ?? ????? ????? ??? originating ????? ???????? ?? ??? ?? 32-???? alpha ???????? GUID ?? ??? ??? ????? ???? ??, ??? IP ??? ?? ????? originated ????? ???????? ?? ??? ?? ??? GUID ?? ?? ???? ?? ??? ???? ???? ?? ????? ????? The Ping command uses the following syntax:
    ping ?a<originating dc="" guid=""></originating>._msdomain controllers.<fully qualified="" path="" for="" forest="" root=""></fully>>
    ???:The "-a" option is case sensitive. Use the fully qualified domain name of the forest root domain regardless of the domain that the originating domain controller resides in.

    For example, if the originating domain controller resided in any domain in the Contoso.com forest and had a GUID of 644eb7e7-1566-4f29-a778-4b487637564b, type the following command:
    ping ?a 644eb7e7-1566-4f29-a778-4b487637564b._msdomain controllers.contoso.com
    The output returned by this command is similar to the following:
    Pinging na-dc1.contoso.com [65.53.65.101] with 32 bytes of data:
    
    Reply from 65.53.65.101: bytes=32 time<1ms TTL=128
    Reply from 65.53.65.101: bytes=32 time<1ms TTL=128
    Reply from 65.53.65.101: bytes=32 time<1ms TTL=128
    Reply from 65.53.65.101: bytes=32 time<1ms TTL=128
  7. View the security log of the domain controller that originated the deletion on or about the time that was indicated in the output of the Repadmin command in step 5.

    Give consideration to time skews and time zone changes between the computers that were used to arrive at this point. If delete auditing is enabled for OU containers or for the deleted objects, pay attention to the relevant audit events. If auditing is not enabled, pay attention to users who had the permissions to delete OU containers or the subordinate objects in them, and that also had authenticated against the originating domain controller in the time before the deletion.

How to minimize the impact of bulk deletions in the future

The keys to minimizing the impact of the bulk deletion of users, of computers, and of security groups are to make sure that you have up-to-date system state backups, to tightly control access to privileged user accounts, to tightly control what those accounts can do, and finally, to practice recovery from bulk deletions.

System state changes occur every day. These changes may include password resets on user accounts and on computer accounts in addition to group membership changes and other attribute changes on user accounts, on computer accounts, and on security groups. If your hardware fails, your software fails, or your site experiences another disaster, you will want to restore the backups that were made after each significant set of changes in each Active Directory domain and site in the forest. If you do not maintain current backups, you may lose data or may have to roll back restored objects.

Microsoft recommends that you take the following steps to prevent bulk deletions:
  1. Do not share the password for the built-in administrator accounts or permit common administrative user accounts to be shared. If the password for the built-in administrator account is known, change the password and define an internal process that discourages its use. Audit events for shared user accounts make it impossible to determine the identity of the user who is making changes in Active Directory. Therefore, the use of shared user accounts must be discouraged.
  2. It is very rare that user accounts, computer accounts, and security groups are intentionally deleted. This is especially true of tree deletions. Disassociate the ability of service and delegated administrators to delete these objects from the ability to create and to manage user accounts, computer accounts, security groups, OU containers, and their attributes. Grant only the most privileged user accounts or security groups the right to perform tree deletes. These privileged user accounts may include enterprise administrators.
  3. Grant delegated administrators access only to the class of object that those administrators are permitted to manage. For example, it is better if a help desk administrator whose primary job is to modify properties on user accounts does not have permissions to create and to delete computer accounts, security groups, or OU containers. This restriction also applies to delete permissions for the administrators of other specific object classes.
  4. Experiment with audit settings to track delete operations in a lab domain. After you are comfortable with the results, apply your best solution to the production domain.
  5. Wholesale ????? ???????? ?? ???? ?????????? ?? ?????????? ?? ???? ?? tens ????? ?????? ?? ?????? ?????????? ??????? ?? Windows 2000 ????? ??? ????? ??? ??, ???????????? ????? ??? ????? ????? ????? ????? ???? ?? ??? ??????? ???????? ?????????? ???? ?? ??? ??????? ????? mirrors ??????? ????? ?? ????? ????? ????? ????? ?????? ??? ntds.dit ??????? ?? ??????? ????? ??? ????? ?????????? ?? ??? ??????? ?? ???? ?? ??? ????? ???? ???? ????? ????? ?? ???? ????? ?????-???????? ?????? ?? ???? ?? ??????? ????? ???????? ??? ?? ???????? ???? ????? ?? ???????? needlessly ?????? ??? ??? ?????? ??? ??? ???? ?? ??? ?????????? ?? ???? ???? ????? ?????? ?? ???, ???????? ???? ?? ???? ?? ????? ???????? ?????? ??????? ?? = ????? ??? ?????? (DNS) ?? ?????? ???? CN ??? ?????? ??????? (DLT) ?? ????? ???? ?? ????
  6. ?????????? ????, ???????? ????, ??????? ??????, ?? ???? ???? ?? ???? ?????????? ???? ??? ??????? ???? ?? ??? ??????? ?????? OU ?????? ?? ????? ????? ?? ?? ???? ??? ?????? ?? ????? ????, ?? ???????? ?? ??? ??? ??? ???? ?? ?????????? discretionary ????? ???????? ???? (DACLs) ???? ?? ???? ???, ?? ?? ??? ????? ???? ???????? ???? ?? ?????? ???????????? ???? ?? ???? ??? ?????? ???????????? ???? ?? ??? ???? ??? ???? ?? ??? ???????? ?? ??? ??? ??????? ?????? OU ?????? discussed ?? "????? an ????? ???? ??????" ??? ??? ????????? ?????? ?????? ?????????? ??????? Windows ??????? ?? ?????? ???? ?? ???????? ????:. ?? ????? ???? ?? ??????? ???? ?? ??? ????? Microsoft ??? ???? ?? ????:
    HTTP://TechNet.Microsoft.com/en-us/library/Bb727085.aspx
  7. ???? ??????? ????? mirrors ?????????? ??????? ??? ???? ?????? ???? ??????? ????? ???? sense ????? ?? ?? ????????????? ???? ?????, ?? ??? ??? ???? ????? ?? ??? ???????? ????? ?? ????? ?? ????? ?? ???? ???:
    • ?? ????? ?????? ??? ?? ?? ?? ???????? ????? ??? ????? ???????? ?? ???
    • ???? ????? ?????? ???????? ??? ?? ???

      Ideally, ?? ??? ???????? ????? ????? ?? ?? ???????? ??? ???????? ????? ??? ??? ??????? ?????? ???? ?? ??? ??????? ?? ?? ?????? ???????? ????
    • ?????? ???? ?? ??? ??? ????? ????? ?? ??? ?? ?????
    • ?? ?????? ???? ?? ??? ???? ????? ?????
  8. ?????????? ????? ??, ???????? ?? ????? ??, ?? Microsoft ????? ??????? ?????? ?? ???? ?????? ???? ?? ??????? ??? ???? ???? IT ???????? ?? ??? ?? ???????? ?? ????? ????, ?? ??? ?????? ?????? ????? ?????? ?? ???? ??, ???? ????? ??? ????? ?? ???? ??????????? ???? ????? ?????????? ?? ??? ?? ???? ??????? ?? ??? ??? ????? ???? ?? ?? ??? ??? ??? ?? ????? ???????? ???? (ACLs) ?? ?????????? ??????? ?????? ?????? ??????? ?? ??? ?? ???? ?? ??? ???? ?????? ?? ????? ?? ??? ????? ?? ?? ?? ???? ???? ??? ???? ?????? ???? ?? ????? ?? ??? Windows ??????? ??????? ?? ????? ???? ???? ?? ???? ??? ???? ??????? ?? ??? "Guarding ?? ??????? ??? ???? ?????? ???? ??? ?????? ??????????" ?? ????? ?? ??? ????? Microsoft ??? ???? ?? ????:
    (WS.10) http://TechNet.Microsoft.com/en-us/library/cc773347 .aspx
    ????????? ?? ????? ???? ?? ????? ???? ?? Dsacls.exe ?? ????? ???? ??? ???? ?????? ???? ?? ?? ????? ?? ??? ???? ???? ?? ???? ??? ???? ??????? ?? ??? "????????? Protect ????? ???? (ou) ??? ??? ????? ??" ?? ????? ?? ??? ????? Microsoft ??? ???? ?? ????:
    HTTP://go.Microsoft.com/fwlink/?LinkId=162623

????? ?? ????????? ???? ??? ??? ?? ???? ?? ?? ???? ?????? ???? ?? ?? ???????????? ????

Groupadd.exe ????-?????? ?????? ???? ??memberOf?? ?? ?????? ??? ??? OU ?? builds ???????? ??? ???????? ????? ??? ??????? ???? ?? ??? ???? .ldf ????? ???????????? ?? ???????? ?????????? ?? ????? ?? ?? ???????????? ?? ??????? ???

Groupadd.exe ???????? ??? ?? ???? ????? ?? ?????????? ???? ?? ??????? ???? ?? ????? ?? ?? ?????? ?? ?????? ?? ?????? ??? ???? ?? ??? 11 ??? ?? ???? ????? ??? ?? ????????? ?? explained 1?

Groupadd.exe ????? ????? ???????? ?? ???? ??:
  • Windows Server 2003 ????? ????????
  • Windows 2000 ????? ?????????? ?? .NET 1.1 ?? ??? ????? ???????
Groupadd.exe ????? ???????? ?? ????? ???? ??:
groupadd /after_restoreldf_file[/before_restoreldf_file]
????,ldf_file????? ???? ?? ??? ????? ???? ?? ??? .ldf ????? ?? ??? ?? ???????????? ???? ??after_restore?????????? ????? ???? ????? ???, ?? ???????????? ???? ?? ??before_restore?????????? ???? ?? ??????? ?????? ?? ?? ???????????? ???? ??? (?????????? ????? ???? ????? ????? ?????????? ???? ??.)

Microsoft ?????? ?????? ?? ?????? ????, Groupadd.exe ??????? ???? ?? ??? ?????

?? ?????-???? ?????? Microsoft ?? ???????? ???????? ?????? ??????? ??? ?? ??? ????? ?? ???? ????? ???? ??.. Microsoft ?? ???????? ?? ???????? ?? ??????????? ?? ???? ??? ??? ?????? ???? ???? ??, ????? ?? ??????..

??????

??? ??????? ???? ??? ?? ???? ???????? ?? ???????????? ???? ???? ?? ???? ??? ???? ??????? ?? ??? ?????? ?? Microsoft ???????? ??? ????? ?? ??? ????? ???? ???????? ?? ????? ????:
886689Ntdsutil authoritative ???????????? ???????? ??? ???? ???? ??? ???????? ??? ?? ??? ???? ??? Windows 2000 ?? Windows Server 2003 ??? ??????? ??
???? ??????? ?? ???, Microsoft ?????? ??? ??? ???? ????? ?? ??? ????? ???? ???????? ????? ????::
824684Microsoft ?????????? ???????? ?? ????? ???? ?? ??? ????? ?? ???? ???? ???? ???????? ?? ?????
910823?????? ??? 1 ?? ??? Windows Server 2003 ??? ??? ?? ?? ???? ???????? ?? .ldf ??????? ???? ???? ?? ?????? ???? ??? ?????? ?????: "LineNumber ?????? ?? ?????? ?? ??????: ??? ??? ????????"
937855After you restore deleted objects by performing an authoritative restoration on a Windows Server 2003-based domain controller, the linked attributes of some objects are not replicated to the other domain controllers

For more information on how to use the AD Recycle Bin feature included in Windows Server 2008 R2, please reference the Active Directory Recycle Bin Step-by-Step Guide available from this Microsoft Web site:http://technet.microsoft.com/en-us/library/dd392261(WS.10).aspx

???

???? ID: 840001 - ????? ???????: 11 ??????? 2011 - ??????: 3.0
???? ???? ???? ??:
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional Edition
  • Microsoft Windows 2000 Server
  • Windows Server 2008 Datacenter without Hyper-V
  • Windows Server 2008 Enterprise without Hyper-V
  • Windows Server 2008 for Itanium-Based Systems
  • Windows Server 2008 Standard without Hyper-V
  • Windows Server 2008 Datacenter
  • Windows Server 2008 Enterprise
  • Windows Server 2008 Standard
  • Windows Server 2008 R2 Datacenter
  • Windows Server 2008 R2 Enterprise
  • Windows Server 2008 R2 Standard
??????: 
kbhowto kbwinservds kbactivedirectory kbmt KB840001 KbMthi
???? ?????? ????????
??????????: ?? ???? ?? ???? ??????? ?? ????? ?? Microsoft ????-?????? ?????????? ?????? ?????? ???? ??? ??. Microsoft ???? ??? ????-???????? ?? ????-???????? ????? ?????? ?? ???? ???????? ???? ?? ???? ????? ????? ??? ?? ??? ?????? ?? ???? ???? ???? ??? ????? ??. ???????, ????-???????? ???? ????? ???? ???? ???? ???. ?????, ????????, ?????-???? ?? ??????? ?? ???????? ?? ???? ???, ???? ?? ??? ?????? ???? ???? ??? ????? ??? ?? ???? ??. Microsoft ??????? ??? ???? ?? ?????? ?? ??????????, ????????? ?? ??? ?????? ?? ???? ????? ?? ???? ???????? ?? ??? ???? ????? ?? ??? ????????? ???? ??. Microsoft ????-?????? ?????????? ?? ????? ?????? ?? ?? ??? ??.
?????????? ?? ??????? ????????? ??????? ??:840001

??????????? ???

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com