Recovering Deleted Items in Active Directory

 

Active Directory is a hierarchical database that holds information about the network’s resources such as computers, servers, users, groups and more. The main purpose of Active Directory is to provide central authentication and authorisation services. Normal administrative tasks when working with Active Directory include creating, managing, moving, editing and sometimes – deleting – various objects such as user accounts, computer accounts, groups, contacts and other objects. The Active Directory database is stored on Domain Controllers (or DCs), in a file called NTDS.DIT

While deleting an object in Active Directory is usually something an administrator would think twice before doing, sometimes mistakes do happen, and then the administrator ends up with one (or more) deleted items that he or she cannot restore anymore.

There are several methods of reanimating tombstoned objects from the Active Directory. Some are simple and easy to perform, some are more cumbersome. Some are freeware, some are more sophisticated and cost (a lot of) money.

Whatever you do, make sure you have a good and working backup of the domain controller’s System State. The System State contains the local Registry, COM+ Class Registration Database, the System Boot Files, certificates from Certificate Server (if it’s installed), Cluster database (if it’s installed), NTDS.DIT, and the SYSVOL folder.

Restoring objects with ADRestore.net

Guy Teverovsky, an MVP from Israel, has written a cool tool that allows you to easily restore deleted AD objects. The tool is provided as freeware and has no kind of support, but from experience it works great. Some of the tools features include:

  • Browsing the tombstones
  • Domain Controller targeting
  • Can be used with alternative credentials (convenient if you do not logon to your desktop as Domain Admin, which you should never do anyway)
  • User/Computer/OU/Container reanimation
  • Preview of tombstone attributes

Enumerating tombstones

Previewing the tombstone attributes

Restoring a deleted user account

Download ADRestore.net

After you have restored the user account, you will be able to restore the mailbox from Exchange 2007 / 2010, and then connecting the the mailbox back to the user account.

Deleted Mailbox not appearing in Disconnected mailbox in Exchange 2007 / 2010

Deleted mailboxes will appear in disconnected mailbox list, but it will not reflect immediately. We have to wait for online maintenance to run and complete.

If we accidentally delete mailbox and if we wanted to reconnect it back then we may not be able to find it Disconnected Mailbox. We have run Clean-MailboxDatabase to get the deleted mailbox.

Exchange Management Shell Commands:

Clean-MailboxDatabase \servername\SGName\Store
Cleaning Database of Individual Store

Get-Mailboxdatabase | Clean-MailboxDatabase
Cleans all the database in the Organization

Get-Mailboxdatabase | Where{ $_.Server –eq “”}| clean-MailboxDatabase
Cleans all the database in the specific store

Get-Mailboxdaatabase | Where{ $_.Name –eq “”}| clean-MailboxDatabase
Cleans all the Database which matches the specific name given in Databasename

I am pleased to say that the above steps have saved my bacon recently, and I am sure it will again in the future.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s