Restoring erroneously modified objects using PowerShell

In small environments RMAD is often used as simple tool for undelete since accidental deletions are most probable scenario here.

But in large enterprises where can be hundreds of different interconnected and automatically synchronizing systems there is another reason to have RMAD. Different synchronization engines like Quest Quick Connect can sufficiently reduce amount of manual work, but they can also become great danger because some erroneous synchronization can easily break functioning of your AD infrastructure. So in this case RMAD can help to quickly rollback environment to safe state.

For such modification scenarios you can use built-in comparison reports and for most cases they will give all necessary information about changes.

But If you have some auditing tool like Change Auditor or some sync report from QC, you already know what to restore and the only problem is to select same objects in RMAD. And it looks that the best way to do so is to use Powershell.

For example we have csv file with DNs of objects we want to restore.

Let's get all backups available for our domain and sort them by date so we can select last available or we can use where cmdlet with date-time condition to choose backup containing objects before sync.

$backup=Get-RMADBackup -Domain atsvetko4.msk.qsft |
where {$_.Date -lt 'time of modification'} | Sort-Object -Property Date

Now we can import DNs from csv and restore users from latest available backup.

import-csv C:\userlist.csv -Delimiter : | %{Restore-RMADObject -Object $_.DN -backup $backup[0].Path}

Anonymous