Sharing IT knowledge ...and a little more

Restore Deleted Objects from Active Directory Recycle Bin

by · Published · Updated

There are a couple of ways to restore deleted objects from Active Directory Recycle Bin. The default age that a deleted object stays in the AD Recycle Bin is 180 days. Therefore, you have 6 months to restore the object from the recycle bin before it is gone forever. Unless you are a glutton for punishment, I see no reason to use LDP.EXE to restore AD objects from the Active Directory Recycle Bin. Use the Powershell command below. The Active Directory Recycle Bin is a feature which was first introduced in the Windows Server 2008 R2 functional level. It is a long awaited option that will come in very handy. 

Using Powershell
Get-ADObject -SearchBase “CN=Deleted Objects,DC=mydomain,DC=mydomain,DC=com” -ldapFilter “(cn=*comp123*)” -includeDeletedObjects | Restore-ADObject

Using LDP.EXE

  • Open Ldp.exe from an elevated command prompt. Open a command prompt (Cmd.exe) as an administrator. To open a command prompt as an administrator, click Start. In Start Search, type Command Prompt. At the top of the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, enter the appropriate credentials (if requested), confirm that the action it displays is what you want, and then click Continue.
  • The default is to view 1,000 child items. if you have more than 1,000 deleted objects, then you must increase this buffer size in order to view ALL deleted objects. Select Options, click General. Change Max Children to a large number like 9,999 or more depending on how many deleted objects you want to view. Select OK.


 

  • To connect and bind to the server that hosts the forest root domain of your AD DS environment, under Connections, click Connect, and then click Bind. You should now be connected to your Active Directory database.
  • In the Controls dialog box, expand the Load Predefined pull-down menu, click Return deleted objects, and then click OK.


 

  • Click View, click Tree, and in BaseDN, type DC=<mydomain>,DC=<com>, where <mydomain> and <com> represent the appropriate forest root domain name of your AD DS environment.
  • In the console tree, double-click the root distinguished name (also known as DN) and locate the CN=Deleted Objects, DC=<mydomain>,DC=<com> container, where<mydomain> and <com> represent the appropriate forest root domain name of your AD DS environment.
  • In the console tree, navigate to the CN=Deleted Objects container.
  • Locate and right-click the deleted Active Directory object that you want to restore, and then click Modify.
  • In the Modify dialog box:
    • In Edit Entry Attribute, type isDeleted.
    • Leave the Values box empty.
    • Under Operation, click Delete, and then click Enter.

 

 

  • In Edit Entry Attribute, type distinguishedName.
  • In Values, type the original distinguished name (also known as DN) of this Active Directory object.
  • Under Operation, click Replace.
  • Make sure that the Extended check box is selected, click Enter, and then click Run.


 

Tags:

George Almeida

Welcome to my little corner of the blogosphere. I'm an Information Technology Director. I specialize in Windows operating systems, applications, servers, storage, networks and also have a technical background on the IBM iSeries platform. My only purpose for this blog is the hope that it helps someone, someday, somewhere. Any meager proceeds derived from our sponsors will be donated to charity.

You may also like...

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x