{"id":1117,"date":"2013-04-13T07:54:50","date_gmt":"2013-04-13T12:54:50","guid":{"rendered":"http:\/\/swildow.darktech.org\/wp\/?p=1117"},"modified":"2013-04-13T07:55:14","modified_gmt":"2013-04-13T12:55:14","slug":"restore-deleted-ad-object","status":"publish","type":"post","link":"http:\/\/www.wildow.com\/blog\/?p=1117","title":{"rendered":"Restore deleted AD object"},"content":{"rendered":"<h3 itemprop=\"name\">ADRestore GUI version<\/h3>\n<p><a href=\"http:\/\/askaresh.blogspot.com\/2008\/11\/adrestore-gui-version.html\" target=\"_blank\">http:\/\/askaresh.blogspot.com\/2008\/11\/adrestore-gui-version.html<\/a><\/p>\n<div id=\"post-body-6498225915870399598\" itemprop=\"description articleBody\">\n<p>Accidentally deleted user, computer account or OU\u2019s from Active Directory. Don\u2019t worry, now you can get them back using ADRestore tool using GUI interface.<\/p>\n<p><!--more--><\/p>\n<p>Though there is a command line version of tombstone reanimation tool called\u00a0<a href=\"http:\/\/www.microsoft.com\/technet\/sysinternals\/utilities\/AdRestore.mspx\" target=\"_blank\">adrestore &#8211; sysinternals,<\/a>\u00a0many people are not CLI savvies and having a GUI version of this functionality could really help them out.<\/p>\n<p><strong>Insight on tombstone: Reanimating Active Directory Tombstone Objects &#8211; By Gil Kirkpatrick<\/strong><br \/>\n<a href=\"http:\/\/technet.microsoft.com\/en-us\/magazine\/cc137800.aspx\" target=\"_blank\">Gil Kirkpatrick&#8217;s article at Technet<\/a><\/p>\n<p><strong><span style=\"text-decoration: underline;\">Main features:<\/span><\/strong><\/p>\n<ul>\n<li>Browsing the tombstones<\/li>\n<li>Domain Controller targeting<\/li>\n<li>Can be used with alternative credentials (convenient if you do not logon to your desktop as Domain Admin, which you should never do anyway)<\/li>\n<li>User\/Computer\/OU\/Container reanimation<\/li>\n<li>Preview of tombstone attributes<\/li>\n<\/ul>\n<p>Here are some sceenshots:<\/p>\n<p>Enumerating tombstones<br \/>\n<a href=\"http:\/\/lh6.ggpht.com\/_uisbQjU9j-Q\/SS7tWL-_lDI\/AAAAAAAAA4M\/Q7dPsKwe390\/s1600-h\/1%5B3%5D.png\"><img decoding=\"async\" loading=\"lazy\" title=\"1\" alt=\"1\" src=\"http:\/\/lh4.ggpht.com\/_uisbQjU9j-Q\/SS7tXQHEAEI\/AAAAAAAAA4Q\/GyPvjBnWpho\/1_thumb%5B1%5D.png?imgmax=800\" width=\"644\" height=\"451\" border=\"0\" \/><\/a><\/p>\n<p>Previewing the tombstone attributes<br \/>\n<a href=\"http:\/\/lh3.ggpht.com\/_uisbQjU9j-Q\/SS7tYmNutjI\/AAAAAAAAA4U\/rm7aFryCTI0\/s1600-h\/2%5B3%5D.png\"><img decoding=\"async\" loading=\"lazy\" title=\"2\" alt=\"2\" src=\"http:\/\/lh6.ggpht.com\/_uisbQjU9j-Q\/SS7tZ6YULBI\/AAAAAAAAA4Y\/yNM5iyYVxAk\/2_thumb%5B1%5D.png?imgmax=800\" width=\"561\" height=\"484\" border=\"0\" \/><\/a><\/p>\n<p>Restoring a deleted user account<br \/>\n<a href=\"http:\/\/lh5.ggpht.com\/_uisbQjU9j-Q\/SS7ta_BXMHI\/AAAAAAAAA4c\/zwHN_UcS-_c\/s1600-h\/3%5B3%5D.png\"><img decoding=\"async\" loading=\"lazy\" title=\"3\" alt=\"3\" src=\"http:\/\/lh5.ggpht.com\/_uisbQjU9j-Q\/SS7tcBLSFHI\/AAAAAAAAA4g\/NI7okSGR4tQ\/3_thumb%5B1%5D.png?imgmax=800\" width=\"644\" height=\"451\" border=\"0\" \/><\/a><\/p>\n<p>Notice that if you delete an OU with accounts in it, you will have to restore first the OUs the accounts were in, otherwise the reanimation of the child object will fail. It is not enough to create an OU with the same name as this will be a totally new object in AD and child object&#8217;s lastKnowParent attribute will still reference the deleted OU. Here is a walthrough:<\/p>\n<p>Initial state:<br \/>\n<a href=\"http:\/\/lh5.ggpht.com\/_uisbQjU9j-Q\/SS7tc6n3RkI\/AAAAAAAAA4k\/F5eeUG4FjYI\/s1600-h\/4%5B3%5D.png\"><img decoding=\"async\" loading=\"lazy\" title=\"4\" alt=\"4\" src=\"http:\/\/lh3.ggpht.com\/_uisbQjU9j-Q\/SS7teUIHBmI\/AAAAAAAAA4o\/dwfQVp5wZjQ\/4_thumb%5B1%5D.png?imgmax=800\" width=\"644\" height=\"362\" border=\"0\" \/><\/a><\/p>\n<p>TestOU organizational unit is deleted:<br \/>\n<a href=\"http:\/\/lh6.ggpht.com\/_uisbQjU9j-Q\/SS7tfZ-GVjI\/AAAAAAAAA4s\/yDdBbV1YcOQ\/s1600-h\/5%5B3%5D.png\"><img decoding=\"async\" loading=\"lazy\" title=\"5\" alt=\"5\" src=\"http:\/\/lh5.ggpht.com\/_uisbQjU9j-Q\/SS7tg9m_ZUI\/AAAAAAAAA4w\/-ZOgGFvD0Lo\/5_thumb%5B1%5D.png?imgmax=800\" width=\"644\" height=\"360\" border=\"0\" \/><\/a><\/p>\n<p>State of tombstones (notice that lastKnownParent attribute of user and computer accounts reference the deleted OU):<br \/>\n<a href=\"http:\/\/lh4.ggpht.com\/_uisbQjU9j-Q\/SS7thgszM9I\/AAAAAAAAA40\/3wfUskuso-U\/s1600-h\/6%5B3%5D.png\"><img decoding=\"async\" loading=\"lazy\" title=\"6\" alt=\"6\" src=\"http:\/\/lh4.ggpht.com\/_uisbQjU9j-Q\/SS7tjO3l5oI\/AAAAAAAAA44\/EACcYMHzgtM\/6_thumb%5B1%5D.png?imgmax=800\" width=\"644\" height=\"452\" border=\"0\" \/><\/a><\/p>\n<p>OU is restored (lastKnowParent points to the restored OU&#8217;s distinguished name):<br \/>\n<a href=\"http:\/\/lh6.ggpht.com\/_uisbQjU9j-Q\/SS7tkWbGNZI\/AAAAAAAAA48\/SVVw45BuylA\/s1600-h\/7%5B3%5D.png\"><img decoding=\"async\" loading=\"lazy\" title=\"7\" alt=\"7\" src=\"http:\/\/lh5.ggpht.com\/_uisbQjU9j-Q\/SS7tlnKo9GI\/AAAAAAAAA5A\/uXIzxlY8opI\/7_thumb%5B1%5D.png?imgmax=800\" width=\"553\" height=\"484\" border=\"0\" \/><\/a><\/p>\n<p>Both computer and user accounts that resided in TestOU are reanimated:<br \/>\n<a href=\"http:\/\/lh3.ggpht.com\/_uisbQjU9j-Q\/SS7tmr6CFtI\/AAAAAAAAA5E\/v_MVGgw4DWI\/s1600-h\/8%5B3%5D.png\"><img decoding=\"async\" loading=\"lazy\" title=\"8\" alt=\"8\" src=\"http:\/\/lh6.ggpht.com\/_uisbQjU9j-Q\/SS7tn0Q8N9I\/AAAAAAAAA5I\/cCYiQsipfRc\/8_thumb%5B1%5D.png?imgmax=800\" width=\"551\" height=\"484\" border=\"0\" \/><\/a><\/p>\n<h5><a href=\"http:\/\/blogs.microsoft.co.il\/files\/folders\/guyt\/entry40811.aspx\" target=\"_blank\">Download ADRestore.NET<\/a><\/h5>\n<p>Don&#8217;t forget to post your comments \ud83d\ude42<\/p>\n<p>&nbsp;<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>ADRestore GUI version http:\/\/askaresh.blogspot.com\/2008\/11\/adrestore-gui-version.html Accidentally deleted user, computer account or OU\u2019s from Active Directory. Don\u2019t worry, now you can get them back using ADRestore tool using GUI interface.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1117"}],"collection":[{"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1117"}],"version-history":[{"count":2,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1117\/revisions"}],"predecessor-version":[{"id":1119,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1117\/revisions\/1119"}],"wp:attachment":[{"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1117"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1117"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1117"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}