In this blog post we will be learning on how to restore deleted objects which was deleted accidentally.
In the past we have to restore system state backup by either performing Authoritative or Non Authoritative Restore.
For more Information on Authoritative and Non-Authoritative Restore please check the TechNet article here.
Before we begin
The account with we are going to perform this steps should be a member of Domain Admins and Enterprise Admins Group.
We will walk you through the steps involved in restoring AD User Object with scenarios.
The tool with which we are going to perform this action is called as AD Restore. Amazing tool and must to have handy with all system administrators. The tool is available on Mark Russinovich site.
Always ensure that AD System state backup has been taken at least once in a week and have them tested.
We will be working on Windows Server 2003, 2008 and 2008 R2 Domain and Forest Functional Level.
For testing purpose I have created three different forest with same domain name with different functional levels on a different subnets.
Figure 1 : Windows Server 2003 Domain Controller.
Figure 1.1 : Windows Server 2008 Domain Controller.
Figure 1.2 : Windows Server 2008 R2 Domain Controller.
We will be deleting the entire OU along with users and other objects in the container.
Download the tool AdRestore.exe and place in the root of system drive.
Post which open command prompt and type the below command.
Figure 2.1 : Command with /r
Now “r” stands for restore.
This command will first try to restore user objects and other objects in the OU=All Company Users. Which wont help us initially. To avoid that we have to first select “N” for all other objects in the OU. For doing that please follow the below command.
Figure 2.2 : Showing the option what we have to select for restoring the OU=All Company Users.
In the above command we have still not selected Y to restore the OU first.
Figure 2.3 : Restored OU successfully.
Figure 3.1 : The OU is restored with no objects in it.
Figure 4.1 : All Users and Distribution Group Restored.
After restoring the account you have to reset password and enable the account.
Figure : 5.1 : All Users and Groups are restored.
The above tool is very old and it is really helpful for all Administrator who want to save their precious time.
Note :- The tool will work only if the deleted objects have not crossed the default tombstone limit of 60 Days. Also the display name and logon name field will show empty. You might have to add them manually.
In the next part series we will learn how to configure Active Directory Recycle Bin in Windows Server 2008 R2 Domain and Forest Functional Level.
MSEXCHANGETEAM | Ideas That Clicks