Hello. My name is Avril Salter and welcome to this short clip. What we are going to be looking at today is how, if I accidently delete an object from my active directory, how I can recover it by going into my to tombstone container. The first thing I want to check is how long will things be kept in my tombstone container? To do that, I am going to go into ADSIEdit. I am going to select Configuration, then Services, then Windows NT, and then Directory Services. Right click on Directory Services and select Properties, and I can scroll down find my tombstone attribute and you can see that it is kept for 180 days.
Now what we are going to do is actually delete an object. What I am going to do is I am going to delete an object from the organizational unit Engineering. So let’s in our example delete Bruce. Right click him, and Delete. You can now see that he is gone, he is no longer in my organizational unit Engineering. To recover him I am going to use the tool ldp.exe. This tool is very useful if you want to look at objects active directory and you can take a look at their attributes as well. What I am going to do first is I am going to connect to salter.com and then I am going to bind myself. Here you can see bind the current user to that server.
Now I need to find the object that has been deleted. To do that I am going to select Options and then Controls, and what I am looking for here under the Load Predefined is I am looking to Return deleted objects. I select that. I need to make sure that my Control Type is Server because I am trying to recover a deleted object from my server. I hit OK. I now want to view that so I come into View and select Tree at salter.com and now if we look in this left-hand pane you can see I have now one called Deleted Objects. I can double click on this and you can see it has brought me out a very long list of everything that has been deleted. I can look down this list and I can see that Bruce here has been deleted. If I double click on this it will show me over here in the right-hand pane the attributes associated with this deleted object. You can see that it says isDeleted and if we come down further you can see the security ID associated with this object.
What I want to do is I want to recover this object keeping the same security ID. To that I right click on Bruce and select Modify. I am going to bring this pane down here so that I can see the meta data while I am typing. We want to replace the attribute isDeleted. So we want to delete isDeleted, select Enter. We want to add the attribute DistinguishedName and we want to add Bruce back. We add him into the values and you can see the value here of Bruce in the organizational unit Engineering. I select Replace, hit Enter. So I have now replaced the isDeleted to being adding the distinguished name of Bruce. I select Run and you can see in this right-hand pane that I have successfully modified this object.
Let’s go back now and take a look at whether Bruce has reappeared in our users and computers folder. Here you see Engineering folder and you can see that Bruce has indeed been recovered. I have recovered the object Bruce back into my organizational unit Engineering. Remember I have recovered the object with the same security ID but not all of the attributes have been recovered. I will need to go in and I will need to add Bruce back to his various memberships where he need to access computer resources, and also of course I need to go in and of course reset his password as well.
I hope you have enjoyed this short video clip. I have shown you how I can recover an accidently deleted object by using my tombstone container. I was able to recover it with the same SID, but I still have to go in and add all the attributes to make sure this user now has access to all the computer resources. If I didn’t have that capability then I would be better off using my backup to recover this object rather than tombstone. Thanks you for joining me with this short video, I hope you enjoyed it.