Windows optimize

Restore deleted objects in Active Directory

This tip tells you how to use the free AdRestore utility from Sysinternals to restore deleted objects.

Stay on top of the latest WS2K3 tips and tricks with our free Windows Server 2003 newsletter, delivered each Wednesday. Automatically sign up today!

In Active Directory, when someone flags an object for deletion, Windows marks it with an indicator called a tombstone. The process doesn't actually delete the object from the AD database; the object just lives on in this tombstoned state.

But let's say someone accidentally deleted the wrong object. What do you do then? You can still restore the deleted object. Download Sysinternals' free AdRestore utility from its Web site.

To view a list of objects available for restoration, execute AdRestore without any parameters. Here's an example:

C:\>adrestore

AdRestore v1.1
by Mark Russinovich
Sysinternals - www.sysinternals.com

Enumerating domain deleted objects:

cn: Chicken Little
DEL:9c0bce9a-03e5-4037-966f-3d4735866371
distinguishedName: CN=Chicken Little\0ADEL:9c0bce9a-03e5-4037-966f-3d4735866371,
CN=Deleted Objects,DC=example,DC=local
lastKnownParent: CN=Users,DC=example,DC=local

Found 1 item matching search criteria.

To prompt to restore a found object, execute AdRestore with the -r parameter. Here's an example:

C:\>adrestore -r

AdRestore v1.1
by Mark Russinovich
Sysinternals - www.sysinternals.com

Enumerating domain deleted objects:

cn: Chicken Little
DEL:9c0bce9a-03e5-4037-966f-3d4735866371
distinguishedName: CN=Chicken Little\0ADEL:9c0bce9a-03e5-4037-966f-3d4735866371,
CN=Deleted Objects,DC=example,DC=local
lastKnownParent: CN=Users,DC=example,DC=local

Do you want to restore this object (y/n)? y

Restore succeeded.

Found 1 item matching search criteria.

Afterward, you may need to start Active Directory Users And Computers and enable the user account that you restored.

0 comments