This tip was submitted to SearchWinSystems.com by expert Serdar Yegulalp. Please let other users know how useful it is by rating it below.
When an object is deleted from Active Directory, it is not immediately erased, but is marked for future deletion. The marker used to designate an AD object scheduled to be destroyed is called, appropriately enough, a "tombstone." Tombstoned objects are deleted whenever the Active Directory database is defragmented online or offline, which generally happens twice a day (once around noon, and once around midnight).
Normally, doing a manual undelete of tombstoned object is a bit of a hassle; it often involves performing an authoritative backup restore, which is not a trivial operation. Thankfully, Mark Russinovich at Sysinternals has created a little command-line freeware application called AdRestore 1.1. AdRestore enumerates all of the currently-tombstoned objects in a domain and allows you to restore them selectively.
To add a little selectivity to the restore operation, you can run AdRestore with a parameter to narrow down the search. For instance:
adrestore -r Serdar
would search for all objects with "Serdar" as part of its name. The -r switch forces the program to prompt the user for each restoration; otherwise, all the objects found matching said criteria will be automatically restored. The default (no criteria supplied) is that all tombstoned objects will be enumerated and restored.
Note that deleted items may no longer be members of specific organizational units or OUs. Restoring these objects from deleted status will not automatically restore them to their respective OUs; this will need to be done manually.
Serdar Yegulalp is the editor of the Windows 2000 Power Users Newsletter. Check out his Windows 2000 blog for his latest advice and musings on the world of Windows network administrators – please share your thoughts as well!
