How to Get Back a Deleted Domain_6 Account

If an object has been deleted in your Active Directory, and you want it recovered, there are a number of things you can do. This article will take you through some background information on what happens to deleted Active Directory objects and what your options are when it comes to restoring them.

Cycle of Deleted Objects

Take a look at the following images of the cycle of a deleted object in the Active Directory before and after enabling "Active Directory Recycle Bin":

Figure 1: Life cycle of a deleted Active Directory Object before enabling Recycle Bin

Figure 2: Lifecycle of a deleted Active Directory Object after enabling Recycle Bin

Enabling the Active Directory Recycle Bin gives you more leeway when it comes to restoring a deleted object. Best to enable it!

How to Enable Active Directory Recycle Bin

Active Directory Recycle Bin can be activated only where all domain controllers are running Windows Server 2016, Windows Server 2012 R2, Windows Server 2012 or Windows Server 2008 R2. Note: Enabling Active Directory Recycle Bin is irreversible.

Execute the following command to enable Active Directory Recycle Bin:

              Enable-ADOptionalFeature –Identity 'CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=www,DC=domain,DC=com' –Scope ForestOrConfigurationSet –Target 'www.domain.com'            

If you are using Windows Server 2016, Windows Server 2012 R2, or Windows Server 2012, you can use the Active Directory Administrative Center to enable the Recycle Bin.

What happens to a Deleted Active Directory Object?

The following table compares the cycle of a deleted object before and after enabling "Active Directory Recycle Bin":

The tombstone lifetime is between 60 days for Windows Server 2000/2003 and 180 days for Windows Server 2003 SP1/ 2008 (in later versions this can be modified using the ADSIEdit tool).

Connect to the "Configuration" partition, navigate to "CN=Configuration,DC=www,DC=domain,DC=com" and expand it.

Right-click "CN=Directory Service" and access its properties. You can edit the "tombstoneLifetime" attribute in "Properties" dialog box and change its value accordingly.

Native Methods to Restore Deleted Active Directory Objects

Reanimating deleted objects in Active Directory can be done using several methods. The following are some of the most commonly used native methods for restoring deleted objects in the Active Directory.

Test Case – In this scenario, a user ("testuser3") has been deleted from the Active Directory. You can use following methods to restore a deleted object:

• Method 1 – Using PowerShell commands
• Method 2 – Using LDP utility
• Method 3 – Using Active Directory Administrative Center

Method 1. Using PowerShell Commands

Perform the following steps:

• Step 1 – Execute the following command in the Active Directory Module for Windows PowerShell and press "Enter". Run this command to show you the object that has been deleted:

                    Get-ADObject -ldapFilter:"(msDS-LastKnownRDN=*)" – IncludeDeletedObjects                

  

  Figure 3: Command displaying the deleted object

• Step 2 – Copy the displayed value of "Distinguished Name" (you get the name of the deleted user/users from this list):

  DistinguishedName:CN=testuser3\0ADEL:64f1e4dc-7722-4839-9fec90347ad708cb,CN=Deleted Objects,DC=www,DC=domain,DC=com

• Step 3 – Execute the command given below in Windows PowerShell to restore the deleted object:

  Get-ADObject -Filter {displayName -eq "testuser3"} IncludeDeletedObjects | Restore-ADObject

  The object gets restored to its previous location in the Active Directory after it is retrieved from the "Deleted objects container"

Method 2. Using LDP Utility

Perform the following steps:

The object can be restored to the root domain but cannot be restored to its parent Organizational unit. After recovering the object, you have to move the object to its parent container manually.

Method 3. Using Active Directory Administrative Center

Follow the below given steps to recover deleted objects in Windows Server 2012 and Windows Server 2012 R2:

• Step 1 – Navigate to start and type dsac.exe. Open "Active Directory Administrative Centre".
• Step 2 – In the left pane click domain name and select the "Deleted Objects" container in the context menu.
• Step 3 – Right-click the container and click "Restore" to restore the deleted objects.
  

  

  Figure 9: Deleted object displayed in the "Deleted Objects" container

The Limitations of Restoring Objects by Using Native Methods

The backup and restoration capabilities of Active Directory are limited. Here are just a few of those limitations:

• No in-built report function goes into granular detail.
• Native methods do not allow you to restore deleted objects that have entered "Recycled" or "Physically deleted" state.
• You need solid understanding of PowerShell commands and the steps for the LDP.exe. The latter is more complex than former.
• It does not guarantee the availability of backup anytime and anywhere. The backup locations for the data are local drives and network shares only.
• It offers only hourly/daily backups.
• You cannot restore a specific object or attribute.
• The local policies of objects cannot be restored.
• Searching for specific objects in the backup is quite time-consuming.
• It is a daunting task to extract the right set of attributes to be restored from the vast tranche of logs

How Lepide Helps to Restore Deleted Active Directory Objects

There are instances when objects you need are accidentally or intentionally deleted from the Active Directory. In such cases, the Lepide Object Restore Wizard (part of Lepide Data Security Platform) enables you to roll-back those changes to their original state in a single click.

It is able to do this by automatically capturing backup snapshots of Active Directory and Group Policy Objects and saving their state at regular intervals. Administrators can use these snapshots to restore the deleted and modified objects.

Using these snapshots, you can restore even those objects which are in a physically deleted or recycled state. After starting the wizard, Lepide Data Security Platform lets you select the backup snapshot with which you want to compare the current state of Active Directory. The user reaches at the following page after this comparison and it shows the list of deleted and modified objects in Active Directory.

Figure 10: Lepide Object Restore Wizard

The solution also allows you to recover the Active Directory objects from their tombstone state.

Figure 11: Select Deleted Items to Restore

You can also right click on any unwanted change or object deletion in Active Directory and click "Rollback Change" to restore the change with a single-click. Click here to read more about Lepide Object Restore Wizard

Download Lepide Object Restore

How to Get Back a Deleted Domain_6 Account

Source: https://www.lepide.com/how-to/restore-deleted-objects-in-active-directory.html

Share this post