Skip Navigation LinksRestoreAD

How to resotre Active Directory Objects "Restore AD" user (if recycle bin is enable previously)

Restore AD user (if recycle bin is enable previously)

1.       Make sure that Active directory Recycle Bin is enable (by default this feature is disable, and after enable it cannot be disable)

To enable  Active directory Recycle Bin is enable using PS run :

a.       Click Start, click Administrative Tools, right-click Active Directory Module for Windows PowerShell, and then click Run as administrator.

Set-ADForestMode -Identity latam.local -ForestMode Windows2008R2Forest

 
Machine generated alternative text:  Administrator: Active Directory Module for Windows PowerSheII   PS C:XUsersXadministrador) Set—RDForestMode —Identity quesera. local   indows2øø8R2Forest   onf irm   Ree you sure you want to perform this action?   erforming operation "Set" on Target   "CN—Part it ions CN—Conf igurat ion DC—quesera. DC—IocaI " .   Yes to All No   No to All Suspend   (default is "Y"): a   S C: XUsersXadministrador)   —ForestMode

 
b.      And then modify the command bellow with the appropriate domain information and run :

Enable-ADOptionalFeature -Identity "CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=Domain,DC=local" -Scope ForestOrConfigurationSet -TargetDomain.local

 
Machine generated alternative text:  S C: XUsersXadministrador) Enable—RDOptionaIFeature —Identity "CN—RecycIe Bin Fe   ture.CN—OptionaI Features.CN—Directory Service. CN—Windows NT .   f igurat ion DC—quesera. DC—IocaI "   —Scope ForestOrConf igurationSet —Target quesera.   local   WARNING: Enabling ' Recycle Bin Feature' on   ' is an irreversible action!   You will not be able to disable ' Recycle Bin Feature' on   ' CN—Partitions. CN—Conf iguration.DC—quesera. DC—IocaI' if you proceed.   onf irm   re you sure you want to perform this action?   erforming operation "Enable" on Target "Recycle Bin Feature   Yes to All No   No to All Suspend   (default is y

 
2.       To restore the object run:

Get-ADObject -Filter {DisplayName -eq "Displayname of user to be restored"} -IncludeDeletedObjects | Restore-ADObject

 

Then verify that the Object appears in the OU

 
Machine generated alternative text:  ADSI Edit   File Action   ADSI Edit   Default naming context CDCT IL *am. local)   DC—Latam, DC—IocaI   —Builtin   —Computers   —Delete & Recover   OU-   —Domain Controllers   OU-

NOTE: it only apply if the Recycle bin was previously enable in the Windows server 2008R2
Windows server 2003 does not have  this feature

 
Enable Active Directory Recycle Bin
http://technet.microsoft.com/en-us/library/dd379481(v=ws.10).aspx

Step 2: Restore a Deleted Active Directory Object
http://technet.microsoft.com/en-us/library/dd379509(v=WS.10).aspx