question

SF-6505 avatar image
0 Votes"
SF-6505 asked OsamaOthman-0863 commented

KRBTGT deleted by mistake

Hi,

Can we restore KRBTGT accounts in case of accidentally remove ?

We have 5 KRBTGT for RODC deleted by mistake in our domain.

A restoration can resolve the issue or we should perform another actions ?

windows-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thameur-BOURBITA avatar image
1 Vote"
Thameur-BOURBITA answered OsamaOthman-0863 commented

Hi,

Can we restore KRBTGT accounts in case of accidentally remove ?

Yes , you can restore them from AD recycle bin or from a backup.

A restoration can resolve the issue or we should perform another actions ?

It should fix the issue , but if it's not the case , you should promote again all RODC impacted by this deletion. The KRBTGT account will be generated during the RODC promotion.

Please don't forget to mark helpful reply as answer

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you for your confirmation

0 Votes 0 ·

thank you for your answer , i faced the same situation yesterday , 3 krbtgt accounts deleted by mistake . restored them all , but still can't them on RODC side , what u suppose to do next ? its really hard to visit the location of the RODC

0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered DSPatrick edited

This tool may sort it, or you can also demote, reboot, promo the problematic one again.
https://docs.microsoft.com/en-us/sysinternals/downloads/adrestore

--please don't forget to upvote and Accept as answer if the reply is helpful--



· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you. he link seems talk about Windows 2003.

0 Votes 0 ·

2003 or later,
https://docs.microsoft.com/en-US/troubleshoot/windows-server/identity/retore-deleted-accounts-and-groups-in-ad


you can also simply demote, reboot, promo the problematic one.

--please don't forget to upvote and Accept as answer if the reply is helpful--



0 Votes 0 ·