Restoring Exchange using Microsoft DPM 2007 SP1

This article will walk you step-by-step through performing a restore on Microsoft Exchange 2007 using Data Protection Manager 2007 SP1.

To recover Exchange data, you must first have an active recovery storage group mounted. To do this, open the Exchange Management Console (EMC), go to tools, and then click "Troubleshooting Assistant." You must first enter the server and user information and click next.

Next, you must select a task. Choose "Create a recovery storage group."

Now you must select the recovery storage group that contains the mailbox you want to recover. For this example, we will choose the executive storage group. Click next.

The next screen asks you to name the recovery storage group and verify the location of the exchange data and logs. When done, click "Create Recovery Storage Group."

The last screen will show you whether or not the creation was successful:

Next, recover the database to the recovery storage group. Log onto your DPM server, and go to the Recovery tab of the DPM 2007 console. Expand the Exchange server, and click on the storage group from which you want to restore the mailbox database:

Right-click on the database in the right-hand side of the screen and click "Recover�" Click Next on the review screen.

Select "Recover to Recovery Storage Group."

Specify the Exchange server, the Storage Group Name (Recovery Storage Group), and the database (Executive Database):

Select to mount the databases after they are recovered:

Click Next, review your recovery settings, and then click "Recover."

Now to recover a single mailbox, you will need to open the Exchange Management Shell on your exchange server. The following commands are examples of different mailbox recovery scenarios:

• To recover a single mailbox from the RSG database to the active mailbox 'username', run the following command in the Exchange Management Shell:
  

Restore-Mailbox -identity 'UserDisplayName' -RSGDatabase 'RSG\mailbox
database'

• Use the following command to restore a mailbox in a Recovery Storage Group into a folder in the same active mailbox or a different active mailbox:
  

  Restore-Mailbox -RSGMailbox 'SourceUsername' -RSGDatabase 'RSG\Mailbox Database' -id 'DestinationMailbox' -TargetFolder 'FolderName'
  

• To recover email in a particular date range into a folder in the same active mailbox or a different active mailbox, use this command:

Restore-Mailbox -RSGMailbox 'SourceUsername' -RSGDatabase 'RSG\mailbox database' -id 'DestinationUsername' -TargetFolder 'FolderName' -StartDate 'mm/dd/yy' -EndDate 'mm/dd/yy'

A note about "single mailbox restores" in DPM 2007: If you use DPM 2007 to restore a single mailbox, DPM still restores the entire mailbox database to your Exchange server, and you still have to use powershell to pull the mailbox data out of the database. Personally, I don't use this feature. It seems repetitive to me. But if you do use it, make sure you have enough space to restore the whole database.

OCS Master program - here's what their labs look like

WOW.

Impressive. If it didn't almost require an EDU loan, I would love to take this.

http://blogs.technet.com/themasterblog/archive/2009/01/31/holy-hol-s-batman.aspx

Exchange 2007 and machines with underscores in their name

I somehow completely forgot this won't work. Luckily there is a workaround.

Rename the machine :( Easier said than done for some situations.

Group Chat - Microsoft's take

So I have noticed the Group Chat stuff is getting a LOT of hits on here, and one of the questions I seem to see being asked a lot elsewhere is "how would we use this"

So I figured I would rely on Microsoft's devarketing team (ha!) to explain this for me some. These are from a series of OCS R2 videos I posted back in January. This one only had 500 hits when I posted it, so I think the "spin" on Group Chat usage will help some people get a better understanding of where it fits in to an organization.

OCS 2007 R2 Group Chat Installation - Part 3, Client install

Earlier, in Part One, we installed Group Chat Server and in Part Two, we learned how to connect to the admin tools and to create a channel and allow people in it. Now it is time to Deploy the client.

The Group Chat client requires the .NET Framework 3.5 SP1 and Visual C++ runtime installed. Unfortunately, Microsoft provided only an executable client install, so we cannot easily GPO this installation without an MSI file. There are the below options for the clientsetup.exe executable:

Working with this, I created a logon script to do this installation. If a client does not have .NET 3.5 SP1 installed, and you skip that install, the unattended install will give an error.

\\2008dc\netlogon\dotnetfx35setup.exe /qb \\2008dc\netlogon\Clientsetup.exe /Unattend

An added dose of fun - .NET requires a reboot, and /qb tries to force that reboot.

The actual manual install process is very simple - just take all the defaults.

Getting the software installed is just one part - getting it configured is another. First I will cover the manual configuration. Then I will discuss deploying these settings in an enterprise.

The more critical knowledge here is how to deploy this to clients and have the logins work out of the box. Using the "Automatic Configuration" provided, my first sign in was less than desirable. I got the below error:

And was unable to search for a channel (it just seems to hang there trying) so I created a new configuration named domain.com like I did in Part 2. I had to investigate further.

So I decided to try the Administrator account. It worked fine. So for some reason - the "Server Address" had to be "Administrator@domain.com" and then when I actually log on, I use my Chris@domain.com SIP URI. Very odd behavior. Above is the NON working config. Below is the working config.


Odd for sure. Again, when I sign into the application, I am clearly me, not admin:

Now, configuring another piece of client software might be easy for us, but not for most users, so it's time to learn how to deploy these settings.

So I downloaded the OCS 2007 R2 ADM files and went to create a new GPO, and quickly found that none of the GPO names in the XLS document for Group chat are in there.

It seems as is there should be an additional ADM coming, or an updated one with these settings.

I did find that you can manipulate these by dropping an XML file into the workstation directory of:

C:\Users\%username%\Application Data\Microsoft\Group Chat\Common\Accounts (on Vista) and by editing or replacing the file at:
C:\Users\chris\Application Data\Microsoft\Group Chat\Group Chat Console\Accounts\_default.account_.xml

So I made a second script:

copy \\2008dc\netlogon\_default.account_.xml "%userprofile%\Application Data\Microsoft\Group Chat\Common\Accounts"
copy \\2008dc\netlogon\Internal.xml "%userprofile%\Application Data\Microsoft\Group Chat\Group Chat Console\Accounts"

Since these folders won't exist until the application is installed, you may want to stagger your install and your configuration GPOs/Scripts.

If anyone has any better way to roll out the configuration, please let me know, I really do feel like these are some non-enterprise level workarounds.

OCS 2007 R2 Group Chat Installation - Part 2, Administrative Tools Installation

Earlier, in Part One, we installed Group Chat Server and now it is time to install the administrative tools. I have already done this a few times and ran into some oddities, that hopefully I can help you not run into!

In this instance, I am installing the tools on my OCS Standard pool server (which is also my group chat server) We can begin by running the 'AdminSetup' installer.

The installer will warn you if you do not already have MS Visual C++ redistributable installed. If you run their installer of this, do note, you will be cleaning up the root of your C drive.

Icky. Easy enough to clean up though. Once this is installed, its easy to click through all the defaults and complete the Admin tool console install.

Once installed, we can launch the Admin tools console. The "proper" name doesn't fit in the start menu, really.

So I attempt to logon:

I see "Connected to OCS server" and then I get this:

"Cannot sign in because of a problem with the chat room service. If the problem persists, please contact your system administrator"

Time to not trust Automatic Configuration. I will come back to this in the client deployment some more, but for the admin console, a manual configuration is OK.

Choosing Edit Accounts here, I made a new Account and used the below settings:

I then chose the Domain.com account and signed in without error. In the screen above, the Host is my OCS std pool, the domain.com is my AD FQDN and note the capitalization on Administrator to match my SIP URI.

Now that I am in the tool - lets create a test channel and set it up.

File>New>Chat Room brings up this dialog:
This gave an error. Channel names cannot have spaces. I removed this moving forward.

Once the room is created you need to add members to the channel. Since this is a lab domain, I decided to add my members to the Root of the server. In a production environment, I would likely be much more careful about security.

Now, Part 3 will come soon, and discuss the client installation, but I will give a brief preview here as the client is obviously needed to test this.


Here, you can see presence integration.

That's all for now. Check back soon for the client deployment, which I hope to include GPO settings to configure the client as well.

Exchange 2007 SP1 RU6 released yesterday

The Exchange team RTW'd SP1 RU6 yesterday.

The KB Article and Download are now available

Some important fixes included in this rollup include: (from the Exchange Team blog )

1. Fix for a security issue which has been assigned a severity rating of critical. More information about the issue can be found in the Microsoft Security Bulletin http://www.microsoft.com/technet/security/bulletin/MS09-003.mspx
   
2. Fix to allow Internet Explorer 8 to be used for Outlook Web Access (OWA) 2007. This does not include the OWA 2007 S/MIME control. We are still working on some changes in the control to make it work better with Internet Explorer 8. We will be releasing an updated version of the S/MIME control in a future rollup. Users using the S/MIME control should continue to use Internet Explorer 7.From the installation perspective, a reminder that the rollup installer will overwrite any OWA script files if required to ensure proper operation of OWA. If you have customized the logon.aspx page or other similar OWA pages, you will need to redo any customization after installation of the rollup.

Also of note from the Exchange Team blog post, there is a new Technet forum just for Exchange updates:

http://social.technet.microsoft.com/Forums/en-US/exchangesoftwareupdate/threads/

OCS 2007 R2 Group Chat Installation - Part 1, Server Installation

If there is one thing in Group Chat that is similar to OCS, it's definitely the icons. If you were not aware, the Group Chat functionality was an acquisition of a company named Parlano in the summer of 2007. Because of this, the integration with the rest of OCS R2 isnt quite where I would expect it to be. I expect in future SP's and versions this will become more tightly integrated.

A note, on Group Chat pre-requisites. I did this install on my existing standard pool which is not recommended. It should be on a separate server.

This is a screenshot of the IIS features I have installed. I have not yet found any article on group chat pre-requisites on a fresh server. I will need to do this soon and update this post.

Downloads:
ServerSetup
ClientSetup
AdminSetup

I will review OCS 2007 R2 Group Chat in three or possibly four parts.

• Server Installation
  
• Administation Installation and configuration
  
• Client deployment
  
• Usage, recomendations
  

Lets dig in with the Server Setup.exe. I wish that this was more OCS integrated from the start. We begin with a VERY non MS DOS window. This launches the Group Chat Server install, that looks and feels familiar.

From there, Accept terms, enter user/company, choose features� two choices, Chat Server and Compliance Service. Both install by default.

Get a warning about MSMQ not being installed. This might be due to my eval install rather than real standard. Either way, if you plan on using Group Chat, or archiving/monitoring, you need MSMQ.

And then�. I am removing backup files:

And I did this twice to be sure. Yep, that's a window popping under to install. And "Server configuration" with a new icon. Of course, these are the pains of integrating Parlano, whom Microsoft acquired only 2 years ago.

Choose server and DB name:

Note here: You do need to manually create this Database.

Next screen, you can choose a different DB for compliance (likely policy recommended)

I chose the same for technical ease.

It's around this point I noticed the menu on the left gave no knowledge of how many steps remained. Not a big deal, but would be nice to see that the list has a start and a finish.

Here is where we set our Super Users:

Enter your OCS pool name, then choose Browse to select the MTLS cert to use.

The next few screens, I am setting a few service accounts up. For simplicity, I used my Domain Admin account for most of these. In a production environment, I would ABSOLUTELY have separate accounts for these.


For some reason, the browse button on this dialog was not working for me. Not a big deal. This should be a UNC path. I made it on the same machine for my instance.

I did not delve into the Compliance Adapters at all.

Next screen was Web Service Settings. Same deal on the UNC share:

Final Overview before hitting Install:

When you hit Finish, you will be alerted if any of the service accounts are granted the log on locally or log on as a service right.

Then we flip back to the MS installer and we are done!

Once this is installed - you will only have the OCS R2 Group Chat icon in your administrative tools.

Launching this allows you to view status of services and stop/start them as well as modify the service accounts.

I am not yet sure why the Web Service is listed as stopped. The W3SVC is running in the Services control panel, however.

Within this, File - Configure Server Settings allow you to modify pretty much ANY of the settings you specified in the installation. I am not going to review each of these, as I think it would be repetitive.

Next up - the Administrative Tool!

Installing the OCS 2007 R2 administrative tools on an x86 Domain Controller

Took me a bit to find this one. The installers for the admin tools are in \support\i386.

There are 5 files in here, and depending on the state of your DC, you might need them all.

The proper order of operations, I found out the hard way, but each install tells you what it needs for a pre-requisite:

Well, at least they give us warnings!

The proper order of installation is:

1. sqlncli.msi - The SQL Native client
   
2. vcredist_x86.exe - the Visual C++ 2008 redistributable
   
3. .NET framework 3.5 SP1 (not in this directory - download here)
   
4. OCSCore.msi
   
5. AdminTools.msi
   

I kind of wish they wrapped an installer around this all like they did the regular OCS 2007 R2 deployment. The notes above say to run setup.exe, which there is not one of - there is the setupse.exe and setupee.exe, but those are x64 binaries, so they do not apply here.

Keep in mind your mileage may vary, as you may already have some of these installed on your x86 boxes.

OCS 2007 R2 - fresh install - Monitoring service failing to start

I had this happen in a lab domain. For some reason the "Office Communications Server Monitoring Agent" would start, then immediately stop, with no real errors on screen or in the event log.

On screen, I got the "some services stop if there is nothing to do" error.

I found this thread:
http://social.microsoft.com/Forums/en-US/communicationsserversetup/thread/418720e6-4c61-46e2-81ac-21350c19e223/

I installed Message Queuing using:
Servermanagercmd.exe -I MSMQ-Server

Then I was able to start the OCS monitoring agent service without issue.

Hyper-V Sidebar app!

Throwing up the new "Why didn't I think of that" label for this one:

Download:
http://mindre.net/post/Hyper-V-Monitor-Gadget-for-Windows-Sidebar.aspx

Very handy app!!

Immediate dbl click RDP to my VM's!

OCS 2007 R2 Deployment, Part 4

We have already prepared Active directory, Installed OCS 2007 R2, and configured the server and certificate.
In order to have internal IM and LiveMeeting capabilities, we only need to do a few more things.

• Create required DNS entries
  
• Enable users for OCS 2007 R2
  
• Deploy Communicator Clients
  
• Enable Audio/Video on clients with new hardware

So, first off.. If you are only doing internal OCS, you only need to be concerned with your internal LAN DNS.

Communicator looks for several DNS entries. If you turn on event logging in the client, you learn it looks (in this order - replace domain.com with your internal FQDN)

• SRV record for SIP

• sipinternal.domain.com

• sip.domain.com

• sipexternal.domain.com
  
  

I created sip.domain.com as a CNAME to my OCS 2007 R2 server:

Enabling your users is very simple from ADUC once the OCS administrative tools are installed. Since OCS 2007 R2 is 64 bit only, I have yet to find the 32 bit admin tools. (If you find this, please link me and I will update this post!)

Right click the user in ADUC and choose Enable user for OCS

Choose the server or pool, the SIP naming convention (I recommend using email address), then next and finish.

Deploying the Communicator 2007 R2 client (OC 2007 R2, but I find that naming to close to not be confusing) can be done in MANY ways. It is supplied as an MSI, so you can:

• Put the MSI on a file share and email users the instructions
  
• Deploy via GPO
  
• Logon Scripts
  
• Deploy using SMS/SCCM/SCE
  

Once deployed, for domain machines with Communicator installed, it is as simple as launching in order to get the IM and presence functionality. Beyond this, there is audio/video which requires PC's with webcams and headsets with microphones. If this is not pre-existing, I typically budget 80-120$ per node for the addition of hardware as needed.

After installing our webcams and microphones, internally we were able to do VOIP and Video calls immediately after deploying the client.

Windows Server 7 Beta Feature Focus - Migration solutions for WS08 R2

I viewed a LiveMeeting today on migrating to WS08 R2. The full transcript should be available here later:

http://connect.microsoft.com/Downloads/DownloadDetails.aspx?SiteID=488&DownloadID=14733

Benefits of migrating to 2008 R2:

• Clean OS installs exhibit more stability
  
  
  • Reduces risk and downtime
    
  • Performs most of migration tasks while the old server is still operational
    
  • Verifies migration and benchmark performance before switching to the new server
    
  • Rolls back to old server if migration fails
    
• Provides a transition path from
  
  
  • x86 to x64 OS (WS08R2 is x64 only)
    
  • Physical to Virtual (and vice versa)
    
  • Full server to server core (and vice versa)
    

  Windows 2008 R2 migration guides for AD/DHCP/File and more are online now here:
  http://technet.microsoft.com/en-us/library/dd365353.aspx
  

Supported Scenarios:

General Process:

They than ran through exporting DHCP on a 2003 x64 server - the password is used to encrypt the exported data.

And then re-import on the Windows 2008 R2 server with the DHCP feature installed (but not configured)

Then, the importResult variable can be used to review/parse for any warnings or errors from the import. The example they used was the administrator and guest account not being imported because it already existed on the target machine.

They then show the DHCP and user data imported successfully.

I did ask a question if they plan to allow you to scan and export and have the import install the necessary roles and features, and they did intend the import/export to do this in a later version. Apparently they liked this question, because I won something. Yay!

Then they moved on to a file server migration. Basically similar process for file shares, export, then import, and it recreates NTFS and file shares on the target server. Very neat stuff, and nice to finally have some tools for role migrations!

Impact of ESX snapshot backups on Microsoft database servers

Up until Update 2, ESX 3.5 uses a VMWare tool called the Sync Manager as part of the snapshot backup process. The Sync manager quiesces the file system (pauses all incoming I/O requests and dumps dirty data to disk) before the snapshot backup is taken. This allows the backup to file-system consistent.

If you were to take a snapshot without pausing the I/O requests and then restore the snapshot, the virtual machine will start up for the first time thinking that it is recovering from a power failure type of crash. This is because the recovered system will not be able to find the I/O requests that were stored in the memory (RAM) at the time the snapshot was taken.

What does this have to do with database servers? For servers housing databases (Active Directory, Exchange, or SQL servers), stopping I/O requests with the Sync manager halts incoming requests to the database without notifying the database of what is happening. The database is waiting on that information to arrive � so when the data doesn't come in when expected, errors are logged to the event log and in some cases, the databases become corrupt. I happened to find this out on an active directory domain controller, and the sequence of errors looks like this:

First, you'll see event ID 1 logged with source LGTO_Sync. This is the Sync driver starting to do its work quiescing the file system.

On domain controllers, AD requests will begin to fail. The description will differ based on the request, but the Event ID stays the same.

For domain controllers running DNS, dynamic updates will fail as well:

For DHCP servers, you will see this:

On Exchange servers, you'll see Autodiscover errors:

If you are seeing these errors, stop using the sync manager now. Eventually you will corrupt your database.

Workaround
Stop quiescing guest database servers before taking snapshots, and start adding snapshots of virtual machine memory to your backups. Most backup applications allow you to do this. If yours doesn't, you can script it using vimsh.

Example:
vimsh -n -e "vmsvc/createsnapshot [VmId] [snapshotName] [snapshotDescription] [includeMemory]"

vimsh -n -e "vmsvc/createsnapshot XXXX FIRST_SNAPSHOT MY_FIRST_SNAPSHOT_1"

By taking a snapshot of the guest machine's memory, you are creating a full snapshot. When you restore, you restore the memory on top of the file system. When the machine starts, it will be able to access all the necessary information in memory to start normally - no crash.

Resolution
To combat the Sync Manager problem, ESX has released update2, which includes an ESX VSS tool that integrates with Microsoft VSS. It works by using the windows operating system to hold I/O requests, eliminating the need for the sync driver. When the operating system is in charge of halting its own I/O activity, the databases are notified that a backup is taking place. The databases can then pause their own processing of requests, and no errors occur.

This update is relatively new, and many third-party backup applications do not support update 2 yet, which is why I have offered the workaround here.

One last note about Microsoft domain controllers and Vmware snapshot backups
In 2006 (revised in Dec. 2008), Microsoft released KB 888794 (http://support.microsoft.com/kb/888794/en-us), which states that

"Active Directory does not support any method that restores a snapshot of the operating system or the volume the operating system resides on. This kind of method causes an update sequence number (USN) rollback. When a USN rollback occurs, the replication partners of the incorrectly restored domain controller may have inconsistent objects in their Active Directory databases. In this situation, you cannot make these objects consistent. "

In reality, the BURFLAGS registry referred to in Microsoft KB290762 (http://support.microsoft.com/kb/290762) can be set so that the virtual DCs are nonauthoritative, and an existing domain controller can be set to authoritative. This will allow the USN to be overwritten by the authoritative domain controller, and no USN rollback will occur.

Exchange 2007 SP1 rollup 6 expected out Feb 10th.

This update coincides with patch Tuesday and will be a critical rated release for the security update. Also should make IE8 work with OWA 2007. Here's what it looks like for me:

More detail here:

http://msexchangeteam.com/archive/2009/02/06/450583.aspx

Important Licensing changes for OCS 2007 R2

So, there are lots of new features - this is a GREAT screenshot from their Product Overview document that shows what features are enabled by which CALs:

Keep in mind also, that these CAL's are layered, meaning that the Enterprise CAL alone is not enough. To get all features, you must purchase Standard and Enterprise CALs.

OCS 2007 R2 Launch Notes

The Backpack contains:

• OCS 2007 R2 Datasheet (single page glossy on features/benefits
  
• Product Overview PDF (85 pages on features, functionality, licensing, requirements)
  
• Welcome Video from Eric Swift
  

  Keynote Address Highlights:
  

• Stephen Elop opens and announces the general availability of OCS 2007 R2
  
• First Virtual launch in Microsoft history - rightfully so.
  
• Eric Swift shows some demos on how OCS integrates and speeds up business processes
  
• He also performs a live demo of audio and video conferencing extending the normal conference call for better collaboration
  
• Back to Elop for more discussion on business suites that compliment OCS
  
• Video on Schlumberger and how they use UC to help their business processes.
  
• Elop back on cutting costs using OCS
  
  • Microsoft saved 90M in travel costs already
    
  • Swisscom, reducing customer proposal time by 20% and improving responsiveness
    
  • Linebridge, saving 1.3M in costs, saving 120,000 hours per year
    
  • Siemens, 120,000 users on IM, moving to nearly 500K in 2009
    
  • Shell, 100K users on IM, 8000 on VOIP. Retiring 200 PBX's over next few years
    
• Other UC Customers:
  
  • Gregory Bryant, VP at Intel - discussing multi site real time meetings, using lots of voice (1M meeting minutes per day in audio)
    
  • Victor Nunez, CIO at INFONAVIT, using R2 to increase connectivity, productivity. Using attendant features to convert CxO executives to OCS R2.
    
  • Mike Browne, VP at Sprint Nextel, retiring 5-8 PBX's per week moving to OCS VoIP
    
• Other OCS Partners, in hardware, add-on software, and systems integrators such as (incomplete list)
  
  • Audiocodecs
    
  • GE healthcare
    
  • HP
    
  • Enabling Technologies
    
  • Avia
    
  • Gold Systems
    
• Partner discussion with Mark Slaga from Dimension Data
  
  • 85 implementations
    
  • First tamberg implementation
    
  • Largest OCS integration
    
  • Why is OCS not slowing down
    
    • Economic savings to reduce travel and waste in business processes
      
    • Several success stories
      
• Q and A with Gurdeep Singh Pall, Corporate VP of Unified Communications.
  
  • Clint Patterson, Director at Microsoft is collecting and asking questions
    
  • Isn't R2 playing catchup in UC? No, it is setting the pace with unique features and leapfrogging the competition
    
  • Audio Conferencing isnt new, how is this different? Two problems - expensive POTS infrastructure, user experience tied to minimal input tool (keypad) - opening it up to cheaper existing hardware, and opening input to multiple sources.
    
  • Is the PBX dead? No, but it is a dead end. There is no new technology that is appealing within the old systems. A jab here at Callmanager being no more than a PBX.
    
  • Embedding communications into business process across all modalities is what makes it Unified Communications.
    

  Of course, the biggest benefit, is this is a virtual event, so it's going on RIGHT NOW (aka, anytime you read this) at http://www.microsoft.com/communicationsserver/r2-virtual-launch/event/
  

  And of course, with new products, come new documentation. Matthew Wade has a conclusive list of all the links on Microsoft downloads up now.

Windows 2008 R2 recycle bin - how to recover AD objects using Powershell

In my last post on this, I completed the LDP method, but was unable to get the Powershell recovery of a user object to work.

I was unable to use Get-ADObject to return any data for me.

I finally had some more time to work on this, and since then, I have found more people blogging on this and some are hitting similar issues.

Chad sent me this, some additional information and confusion on the Get-ADObject CMDlet and confusion with another third party extension using this as well.
http://iwasblogging.blogspot.com/2009/01/get-adobject-cmdlet-confusion-intro.html
http://iwasblogging.blogspot.com/2009/01/get-adobject-cmdlet-confusion-continued.html

So I began googling about Get-ADObject and found this article my Niraj Kumar:
http://blogs.technet.com/niraj_kumar/archive/2009/02/03/new-feature-active-directory-recycle-bin-in-windows-2008-r2.aspx - he had his Get-ADObject working, but this helped me find my missing link when I saw he used the ldapfilter!

He was using -ldapFilter "(objectClass=*)" and I hadn't tried that. As it turns out, if you do NOT use the -filter or the -ldapfilter, you will NOT get results. Examples:

So that being discovered, I can now go about restoring my user! I create a new user named "Another Test" and immediately deleted him. Then I ran one of the above commands, and found my user.

Now, obviously, in a production AD, you are NEVER going to filter for * and pipe it all to Restore-ADObject like this, you are going to want a single item in most cases. So by using the filters, and piping to fl using:

Get-Adobject -SearchBase "CN=Deleted Objects,DC=2008beta,DC=com" -IncludeDeletedObjects -ldapFilter "(objectClass=user)" fl

I am returned with:

Now, I can take my idea from Niraj's blog and use this single GUID to restore the object:

I can now F5 my ADUC and see my test user in all it's glory!

OCS R2 Launch - TODAY

Cannot be happier that they decided to do a virtual event. With half the country in economic straights, and the other half under feet of snow, this is the perfect recipe for two things� selling OCS and using OCS! Weather and economics has been the reason a LOT of our current OCS projects are happening. More companies are looking for bigger returns on their investments (ROI) and eliminating the need for travel is a large cost reduction for a lot of companies, even if it is just the reduction in time spent getting to a meeting. I have blogged for Simpler-Webb on the benefits many of our customers are finding using OCS 2007, and this will only improve with the R2 product offerings. As we lead up to this event today, many of us have been watching the newest features and getting excited about implementing them. I already have 2-3 customers lined up to use OCS R2, and one of them already kicked off!

Some of the most exciting new features to look forward to:

• Dial-in audioconferencing - OCS 2007 R2 enables businesses to manage their own on-premise audioconferencing bridge as part of their overall communications infrastructure.
  
• Desktop sharing - This feature enables users to seamlessly share their desktop, adding a support channel to help each other, or allowing internal IT to assist from remote.
  
• Persistent group chat - This enables geographically dispersed teams to collaborate with each other by participating in topic-based discussions that persist over time. Think of this as somewhat similar to IRC channels, but with archiving, compliance, and more business rules associated.
  
• Attendant console and delegation - This allows receptionists, admins, and others to manage calls and conferences on behalf of other users, set up workflows to route calls, and manage higher volumes of incoming communications through a software-based interface.
  
• Session Initiation Protocol trunking - This feature enables businesses to set up a direct VoIP connection between an Internet telephony service provider and Communicator clients without requiring on-premise gateways.
  
• Response groups - This workflow design application manages incoming calls based on user-configured rules (e.g., round-robin, longest idle, simultaneous), providing a simple-to-use basic engine for call treatment, routing and queuing.
  
• Mobility and single-number reach - This extends Microsoft Office Communicator Mobile functionality to additional phones as well as the Windows Mobile platform, allowing users to communicate using presence, IM and voice as an extension of their PBX from a unified client.
  

  I'll be watching, you should too!
  

  9:30am PST, 10:30 MST, 11:30 CST, 12:30 EST for US readers.
  

  You can join the event live here:
  

  http://www.microsoft.com/communicationsserver/r2-virtual-launch/event/