Server 2008 R2 Recycle Bin: Restoring a deleted object
To follow up on an earlier posting about how to enable the new recycle bin feature in AD, this post will outline how to perform an object restore. Once the recycle bin has been successfully enabled you can use the ldp.exe tool or PowerShell to view the deleted objects container (hidden in ADUC) as well as recover anything contained within.
Via LDP
Get connected and expose the domain tree: Type ldp into the start search bar, click Connection—>Connect—>enter applicable DC information—>once connected click Connection—>Bind. Next click View—>Tree and enter the AD root as BaseDN you want to work within: dc=domain,dc=com. Drill down into your AD tree and look for CN=Deleted Objects… This is where all your objects go once deleted in AD. Double-click this line and you will see every object currently in a deleted state. Double click on a child object to reveal more details. The CN’s of each should be recognizable as their friendly names and in the details pane the Name value will be visible as well, in my case I deleted a user account named Temp.
To restore, right click the object you want to recover and click Modify. In the “Edit Entry Attribute” box type isDeleted, leave “Values” empty, click the “Delete” radial under Operation, then click the Enter button. You will see the new entry in the Entry List box. Next, go back to the “Edit Entry Attribute” box and type distinguishedName, in the values box type the original DN of the object before it was deleted. The DN of the object in it’s deleted state will not work here. (Look for the “lastKnownParent” line of the deleted object in the details pane and add the object’s CN to it). Click the “Replace” radial under operation then click Enter. You should now have 2 entries in the Entry List box. Tick the “Extended” box at the bottom left and click run. The output window should show that the object was modified with no errors. Go back to ADUC and verify that your object is back from the dead.
Via PowerShell
The PowerShell method is a one line command that pipes a get object operation to a restore object operation. This method is much faster but less gratifying for some reason. The filter criteria can be modified but going by display name should be easy enough. You will get no confirmation of success or failure in the PowerShell display.
Get-ADObject -Filter 'displayName -eq "temp"' -IncludeDeletedObjects | Restore-ADObject
Resource:
No comments: