Home > Windows Server Tips > Active Directory Administration > Restoring deleted or 'tombstoned' objects in Active Directory
Windows Server Tips:
EMAIL THIS
 TIPS & NEWSLETTERS TOPICS 

ACTIVE DIRECTORY ADMINISTRATION

Restoring deleted or 'tombstoned' objects in Active Directory


Serdar Yegulalp
10.06.2004
Rating: --- (out of 5)


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


This tip was submitted to SearchWinSystems.com by expert Serdar Yegulalp. Please let other users know how useful it is by rating it below.

When an object is deleted from Active Directory, it is not immediately erased, but is marked for future deletion. The marker used to designate an AD object scheduled to be destroyed is called, appropriately enough, a "tombstone." Tombstoned objects are deleted whenever the Active Directory database is defragmented online or offline, which generally happens twice a day (once around noon, and once around midnight).

Normally, doing a manual undelete of tombstoned object is a bit of a hassle; it often involves performing an authoritative backup restore, which is not a trivial operation. Thankfully, Mark Russinovich at Sysinternals has created a little command-line freeware application called AdRestore 1.1. AdRestore enumerates all of the currently-tombstoned objects in a domain and allows you to restore them selectively.


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED CONTENT
Microsoft Active Directory Tools and Troubleshooting
Troubleshooting poor Windows logon performance in Active Directory environments
New Operations Manager 2007 feature allows for automated agent deployments
Taming the LSASS.exe process for Active Directory performance and security
Active Directory FAQs
Troubleshooting Active Directory database errors
Troubleshooting a cross-forest trust in Active Directory
Bad external time source stops Active Directory replication
Time stamps change with daylight-saving time
DNS troubleshooting tips for Active Directory
How the DC locator works in Active Directory

Windows Systems and Network Administration
Common causes of Windows server security vulnerabilities
Cutting the cost of Windows identity and access management
Using NTFS on a non-Windows OS with NTFS-3G
Group Policy Object modeling simplifies network security
Implementing simple Network Access Protection for Windows Server 2008
Immediate steps for Windows disaster recovery
Tips for Windows domain controller optimization
Quick hits: Troubleshooting service account failure, batch job execution
Case Study: Troubleshooting Windows service dependency failures
Troubleshooting common Windows service failures

Active Directory Administration
Using Active Directory to manage Macs in a Windows environment
Troubleshooting poor Windows logon performance in Active Directory environments
Common Active Directory security oversights
Scripting domain controller installations: A must for Server Core
Taming the LSASS.exe process for Active Directory performance and security
Troubleshooting Active Directory database errors
Active Directory database basics: Performing an offline defrag
Branch office security: Pros and cons of read-only domain controllers
Tips for Windows domain controller optimization
How to rebuild the SYSVOL tree when none exists in Active Directory

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


>To add a little selectivity to the restore operation, you can run AdRestore with a parameter to narrow down the search. For instance:

adrestore -r Serdar

would search for all objects with "Serdar" as part of its name. The -r switch forces the program to prompt the user for each restoration; otherwise, all the objects found matching said criteria will be automatically restored. The default (no criteria supplied) is that all tombstoned objects will be enumerated and restored.

Note that deleted items may no longer be members of specific organizational units or OUs. Restoring these objects from deleted status will not automatically restore them to their respective OUs; this will need to be done manually.

Serdar Yegulalp is the editor of the Windows 2000 Power Users Newsletter. Check out his Windows 2000 blog for his latest advice and musings on the world of Windows network administrators – please share your thoughts as well!

Rate this Tip
To rate tips, you must be a member of SearchWindowsServer.com.
Register now to start rating these tips. Log in if you are already a member.




DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.



Server Room Design - Planning, Cooling, Maintenance
HomeTopicsBlogsITKnowledge ExchangeTipsAsk the ExpertsMultimediaWhite PapersIT Downloads
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2004 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts