3TGKB-0001 : I've just accidentally deleted a user from AD. Is there an easy way to get it back?

[jedi/old/i-menu.htm]

3TGKB-0001
Last Edited :	28-01-05
Revision :	1.0

I've just accidentally deleted a user from AD. Is there an easy way to get it back?

Well, traditionally the answer was that you would have to perform an authoritative restore of the Active Directory object from a recent backup to get it back. What a hassle that was! Luckily that brainiac Mark Russinovich at Sysinternals has written a free tool to allow you to easily restore a deleted object, as long as the tombstone cycle has not elapsed (which is 60 days by default).

Just to explain that in more detail, when you ‘delete’ an object from Active Directory, you don’t actually delete it. You tombstone it, which means it no longer appears in the console, and is no longer valid for use. But it does still exist, and continues to do so until the tombstone period expires and the object is truly deleted by a garbage collection process that trolls through AD every 12 hours permanently removing object whose tombstone period has expired (i.e. they were deleted more than 60 days ago).

So you want the tool don’t ya? Well, you can download it from http://www.sysinternals.com/files/adrestore.zip

I’ve tested it on my home network, and it works just fine. You have to run it on the DC itself though. It doesn’t work running it from a workstation.

Note the screen below. I created a user object called Barry White. I then deleted it and used adrestore to restore it. The –r switch indicates that I wanted to be prompted to perform a restore.

So it’s a recycle bin for Active Directory! What a wonderful thing!

Regards

Paul Eddington

KB Keywords: adrestore, AD, Active, Directory, authoritative, non-authoritative, restore, recover, recovery, disaster, tombstone, accidentally, deleted, user, computer, group, object.