Home Windows Server Active Directory Recover a Deleted Active Directory Object

Recover a Deleted Active Directory Object

1134
0
Reading Time: 3 minutes

In the previous post, I covered the principles of enabling the Active Directory Recycle Bin.
Now is this post, I will cover how to utilise the recycle bin and restore some accidentally deleted users and computer objects.
NOTE: This will all take place under the Active Directory Administrative Center – Not the Users and Computers MMC Window.

So in the ad.hypervlab.co.uk domain, we currently have some example computers and users which will be used for testing, there are HYPERVLAB-PC01 and HYPERVLAB-USER01 and 02, Each has been placed within its own OU to show the ability to restore to the same place.

As shown in the previous post, Once the Active Directory Recycle bin has been enabled there is an extra Organisational Unit created ‘Deleted Objects’ this is where we will go to recover the deleted objects.

Example One: Restoring a Computer Object

The HYPERVLAB-PC01 computer object currently resides under:
ad.hypervlab.co.uk/HypervLAB/Computers/HYPERVLAB-PC01
It was brought to our attention that a user couldn’t log onto the machine and was prompted with a trust relationship error. On investigation when searching for the computer we were unable to find it under the current ‘live’ domain directory.

Logging onto HYPERVLAB-PC01.

Now we can delete the Computer Object from under Users and Computers.

Confirm the prompt for Subtree Deletion.

Trying to log in with HYPERVLAB-USER02.

Now open then ‘Active Directory Administrative Center’ and Navigate to the ‘Deleted Objects’. As we can see if the graphic below is the computer which was accidentally deleted from the domain.

To Restore the Computer back to its original OU, Rightclick on the Object and select ‘Restore

If you wanted to change the restore location then select the ‘Restore To…‘ this will open a select window. Select the restore location and select ‘Ok‘.

Going back to Active Directory USer and Computers refreshing the Computers OU we can see that the computer object has been restored.

Finally, we can try logging in as HYPERVLAB-USER02 to ensure that the object has been restored and all the configuration is correct.

Example One: Restoring a User Object

Shown in the graphic below are two users which will be used for this example.

A Junior Administrator has accidentally deleted ‘HYPERVLAB-USER01’ to be able to restore the user account once again we will need to open the ‘Active Directory Administrative Center‘ and navigate to the Deleted Objects Organisational Unit.

Once again to be able to restore the HYPERVLAB-USER01 to the original location, we can right-click the object and click ‘Restore‘.

The user account is restored with all the correct settings and security permissions.

LEAVE A REPLY

Please enter your comment!
Please enter your name here