Home > Active Directory > Restoring A deleted Active Directory Object using ADRESTORE (Windows 2003 Domain\Exchange 2007 Mailbox)

Restoring A deleted Active Directory Object using ADRESTORE (Windows 2003 Domain\Exchange 2007 Mailbox)

Windows Server 2003 introduces the ability to restore deleted ("tombstoned") objects. This simple command-line utility enumerates the deleted objects in a domain and gives you the option of restoring each one.   When an object is deleted AD, it isn’t actually removed but is instead marked as deleted by an internal marker called a tombstone.  You can use AdRestore to restore tombstoned objects without performing an authoritative backup restore.  Source code is based on sample code in the Microsoft Platform SDK. This MS KB article describes the use of ADRESTORE:   The ADRESTORE tool was created SYSINTERNALS, which has been acquired by Microsoft.   
In this example, we have a mail enabled user object named "Tonya Long".  I deleted the object from AD and Exchange 2007 using the Active Directory Users and Computers mmc. 
 
I then use the ADRESTORE tool to enumerate the "tombstoned" objects in AD.  Fetch the tool, export it to the root of any machine that is a member of the domain.  In my case, I performed this step from a Domain Controller with a credential with Domain Admin rights.  Depending on how big your Forest\Domain infrastructure is, I would pipe the file to a text document.
 
1.) c:\Adrestore > adrestore_output.txt
· Open the file with notepad:
· You should find an entry for the deleted object, such as:
cn: Tonya Long
DEL:02cf4aa2-f1d1-46d8-8c3a-c10283ad3467
distinguishedName: CN=Tonya LongADEL:02cf4aa2-f1d1-46d8-8c3a-c10283ad3467,CN=Deleted Objects,DC=EDM-Users,DC=com
lastKnownParent: CN=Users,DC=EDM-Users,DC=com
2.) Restoring the object.   C:\>adrestore "Tonya Long" /r    -Note the key here is the CN: name.
· Enumerating domain deleted objects:
cn: Tonya Long
DEL:02cf4aa2-f1d1-46d8-8c3a-c10283ad3467
distinguishedName: CN=Tonya LongADEL:02cf4aa2-f1d1-46d8-8c3a-c10283ad3467,CN=Deleted Objects,DC=EDM-Users,DC=com
lastKnownParent: CN=Users,DC=EDM-Users,DC=com
· Do you want to restore this object (y/n)?  Click "Yes"
Restore succeeded.
Found 1 item matching search criteria.
3.) Checking the object in Active Directory Users and Computers (ADUC)
· Note the object is in a Red State, meaning it is disabled. It will also have a blank password.
· You must enable the object and give it a new password that meets your Domain PSW requirements.
clip_image002 
4.) Restoring the Exchange Mailbox.
Launch the Exchange 2007 console and select the Disconnected Mailbox option under the Recipient Configuration section.
· Right Click the object and select Connect.
· Select which Matching User, in this case LongT, which will restore the alias and SMTP aliases.
5.) Populate SAM Account (NT ID Name), Logon Domain, Display Name and User Info using the Exchange 2007 console.
· Unfortunately the ADRESTORE tool does not re-populate this info…
· You will also have to repopulate any DL\Security Groups
clip_image010
 

image

Advertisements
Categories: Active Directory
  1. October 29, 2012 at 11:20 AM

    Amazing steps – thanks so much. This solved a MAJOR crisis.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: