I was getting some best practices errors related to a first exchange admin group missing container for servers etc.. I didnt realize this main container enabled public folders to work and show up.. i thought i was fixing a problem, oh well.. But at this point, since i was dumb and deleted the entire container, is there anyway to restore this container somehow? We do you use dpm to backup Exchange 2010 each nite, but i'm not sure if it saves the admin group portion from AD, or just the DB. I was fairly certain this "first administrative group" was from our very old, gone for years, exchange 2003 server, so i could delete it.. We had just migrated from 2007 to 2010 recently as well.. Thanks for any tips

This info you are looking for is saved in AD. I think you will have to do a AD authoritive restore for this.

What version of AD are you running?

What version of AD are you running? 2008R2 functional level.

Have you tried using restore-adobject from the RSAT tools?

Have you tried using restore-adobject from the RSAT tools? Do you mean LDP.exe? I found the deleted tree in ldp, but cant seem to find the node i deleted from ADSIedit.. the one related to first administrative group.

No. The Remote Server Adminsitration Tools package for Server 2008 comes with a Powershell module of cmdlets for manageing Active Directory. One of them - resotre-adobject will restore a deleted AD object. PS C:\> get-help restore-adobject NAME Restore-ADObject SYNOPSIS Restores an Active Directory object. SYNTAX Restore-ADObject [-Identity] <ADObject> [-AuthType {Negotiate | Basic}] [-Credential <PSCredential>] [-NewName <string>] [-Partition <string>] [-PassThru <switch>] [ -Server <string>] [-TargetPath <string>] [-Confirm] [-WhatIf] [<CommonParameters>] DESCRIPTION The Restore-ADObject cmdlet restores a deleted Active Directory object. The NewName parameter specifies the new name for the restored object. If the NewName parameter is not specified, the value of the Active Directory attribute with an LDAP display name of "msDS-lastKnownRDN" is used. The TargetPath parameter specifies the new location for the restored object. If the TargetPath is not specified, th e value of the Active Directory attribute with an LDAP display name of "lastKnownParent" is used. The Identity parameter specifies the Active Directory object to restore. You can identify an object by its distinguished name (DN) or GUID. You can also set the Iden tity parameter to an object variable such as $<localObject>, or you can pass an object through the pipeline to the Identity parameter. For example, you can use the G et-ADObject cmdlet to retrieve a deleted object by specifying the IncludeDeletedObjects parameter. You can then pass the object through the pipeline to the Restore-A DObject cmdlet. Note: You can get the distinguished names of deleted objects by using the Get-ADObject cmdlet with the -IncludedeDeletedObjects parameter specified. RELATED LINKS Online version: http://go.microsoft.com/fwlink/?LinkID=144988 Move-ADObject New-ADObject Get-ADObject Set-ADObject Remove-ADObject Rename-ADObject REMARKS To see the examples, type: "get-help Restore-ADObject -examples". For more information, type: "get-help Restore-ADObject -detailed". For technical information, type: "get-help Restore-ADObject -full".

No. The Remote Server Adminsitration Tools package for Server 2008 comes with a Powershell module of cmdlets for manageing Active Directory. One of them - resotre-adobject will restore a deleted AD object. PS C:\> get-help restore-adobject NAME Restore-ADObject SYNOPSIS Restores an Active Directory object. SYNTAX Restore-ADObject [-Identity] <ADObject> [-AuthType {Negotiate | Basic}] [-Credential <PSCredential>] [-NewName <string>] [-Partition <string>] [-PassThru <switch>] [ -Server <string>] [-TargetPath <string>] [-Confirm] [-WhatIf] [<CommonParameters>] DESCRIPTION The Restore-ADObject cmdlet restores a deleted Active Directory object. The NewName parameter specifies the new name for the restored object. If the NewName parameter is not specified, the value of the Active Directory attribute with an LDAP display name of "msDS-lastKnownRDN" is used. The TargetPath parameter specifies the new location for the restored object. If the TargetPath is not specified, th e value of the Active Directory attribute with an LDAP display name of "lastKnownParent" is used. The Identity parameter specifies the Active Directory object to restore. You can identify an object by its distinguished name (DN) or GUID. You can also set the Iden tity parameter to an object variable such as $<localObject>, or you can pass an object through the pipeline to the Identity parameter. For example, you can use the G et-ADObject cmdlet to retrieve a deleted object by specifying the IncludeDeletedObjects parameter. You can then pass the object through the pipeline to the Restore-A DObject cmdlet. Note: You can get the distinguished names of deleted objects by using the Get-ADObject cmdlet with the -IncludedeDeletedObjects parameter specified. RELATED LINKS Online version: http://go.microsoft.com/fwlink/?LinkID=144988 Move-ADObject New-ADObject Get-ADObject Set-ADObject Remove-ADObject Rename-ADObject REMARKS To see the examples, type: "get-help Restore-ADObject -examples". For more information, type: "get-help Restore-ADObject -detailed". For technical information, type: "get-help Restore-ADObject -full". I'm not following how i restore this part, from configuration: CN=First Administrative Group\0ADEL:322a0be5-c4cb-4291-b22a-932137263882,CN=Deleted Objects,CN=Configuration,DC=domain,DC=local I've tried using the filter, but i dont think i'm quite getting it right. I did restore-adobject -Identity "CN=First Administrative Group\0ADEL:322a0be5-c4cb-4291-b22a-932137263882,CN=Deleted Objects,CN=Configuration,DC=domain,DC=local" But this isnt quite working i tried this as well: PS C:\Windows\system32> get-adobject -filter {name -like "first administrative group bad"} -includedeletedobjects | Rest ore-adobject The actual node that needs restored is CN=First Administrative Group bad\0ADEL:322a0be5-c4cb-4291-b22a-932137263882,CN=Deleted Objects,CN=Configuration,DC=pst,DC=local

Can you locate the object using get-adobject? (you'll need to include the -includedeletedobjects switch).

Can you locate the object using get-adobject? (you'll need to include the -includedeletedobjects switch). If i run get-adobject -filter {name -like "first administrative group bad"} -includedeletedobjects It just drops to the next line, no data is show.. i'm not sure what should be between the curly brackets though.. ie: Name.. distinguished name.. CN etc?

Do you know what the object type is?

Does this help (I don't have a 2008 R2 domain, so I can't really test very well). http://www.simple-talk.com/sysadmin/exchange/the-active-directory-recycle-bin-in-windows-server-2008-r2/

Do you know what the object type is? If i run get-adobject -IncludeDeletedObjects -filter * > c:\deleted.txt I dont see the object in this listing.. Maybe because its is under the Configuration tree.. If i use LDP.exe to view it.. it seems to just show the node.. so i cant tell of what type it would be.. or is the type Configuration? CN=First Administrative Group\0ADEL:322a0be5-c4cb-4291-b22a-932137263882,CN=Deleted Objects,CN=Configuration,DC=domain,DC=local Taking a step back, would it be just as easy to just re-run Exchange 2010 setup, do a repair.. would it recreate this legacy group (to support Public Folders). Thanks

I don't know. I'd post that as a new question in the Exchange 2010 forum and see if there's any help there.

On restoring the object, i installed the powergui tool and the plugin for it.. it warned me the forest functional level was still at 2003.. i swear i had raised it when i installed R2.. apparently not.. It would seem the only way to fix this is hopefully through an exchange 2010 repair, since i dont think the deleted items are retroactive etc.

Hi, If you have Active Directory Recyle bin enabled, then I think you may to restore. But I am not sure it will work. Active Directory Recycle Bin Step-by-Step Guide http://technet.microsoft.com/en-us/library/dd392261(WS.10).aspx Restore a Deleted Active Directory Object http://technet.microsoft.com/en-us/library/dd379509(WS.10).aspx Regards, Xiu