The manual process via LDP by Microsoft
Step 1: Locate the deleted object
run LDP using a Domain Administrator or Enterprise Administrator account >> connect to the correct Domain Controller >> bind using the correct credentials >> browse >> search >> Base Dn = CN=Deleted Objects,DC=domain,DC=domainsuffix >> Filter = (objectclass=user) >> scope = One level >> click Options >> Attributes = * >> Search call type = Extended >> select Display Results >> click Controls >> Load Predefined = Return deleted objects >> control (1.2.840.113556.1.4.417) >> click Check In >> OK >> OK >> rerun LDP Search >> copy and paste the desired object DN onto notepad
Step 2: reanimating a tombstoned object
run LDP using a Domain Administrator or Enterprise Administrator account >> Browse >> Modify >> DN = the DN as found in the prior step >> Operation = Delete >> Attribute = isDeleted >> click Enter >> Operation = Replace >> Attribute = distinguishedName >> Values = User Name,CN=Users,DC=domain,DC=local (the original DN value prior to deletion) >> click Enter >> select check mark next to Extended >> click Run
The Automatic Process via ADRESTORE by Systernals
Step 1: Locate the deleted object
Run CMD as a Domain Administrator >> adrestore {username}
Step 2: Reanimate tombstoned object
Run CMD as a Domain Administrator >> adrestore -r {username}
Notes:
- server objects tombstone would not be moved to the CN=Deleted Objects container when it is deleted
- user object group memberships will need to be re-added after the object has been recovered
Categories:
