How to Easily Recover Deleted Objects From Active-Directory
As soon as your Active-Directory gets bigger and bigger, as more and more you need to be ready to partially or entirely recover it. As a good domain admin, you should always have a reliable backup/restore strategy in place to safeguard your domain data and, in worse case scenarios, restore your entire directory on a disaster recovery scenario. The most common and basic strategy is backing up the system state of your PDC emulator, which grants you a consistent backup of your entire directory that can be used if all needs to be restored.
However, what happens if you need to restore a single user or group? or a small set of computers within a disappeared OU? Depending on your scenario, dealing with tools like ntdsutil and repadmin can be a real headache. If you don’t believe me, check How to restore deleted user accounts and their group memberships in Active Directory from Microsoft.
Fortunately, to keep Active-Directory replication consistent across all domain controllers, when an object is deleted it is not really deleted; it is converted to a “tombstone”. A tombstone is an object whose IsDeleted property has been set to True, and consequently it is there but cannot be seen using regular LDAP queries. So, as long as it is there it can be recovered, but only during 180 days before it was deleted (The Active Directory database garbage collection process).
But how it can be done? The tombstone reanimation process can be done using two tools. The first one, ADRestore.exe, a command line tool belonging to the well known SysInternals Suite and available to download in here. The second one, ADRestore.NET, a .NET GUI app developed by Guy Teverovsky and available to download in here. Personally, considering how stressful is a directory object restore, I would recommend you to opt for the second one; it is extremely user-friendly and has demonstrated to be 100% effective (ADRestore.NET rewrite).
Finally, just a mention to Active-Directory’s Recycle Bin, which is a new feature in Windows Server 2008 R2 that can be used to keep and recover deleted objects from your directory. Although it is disabled by default it can be easily activated and used by following the Active Directory Recycle Bin in Windows Server 2008 R2 Step-by-Step Guide.
Thanks for reading.