Chapter 4: Active DirectoryDisaster Recovery <<previous|next>> :Recover deleted AD objects using a daily System State backup
Restoring deleted or 'tombstoned' objects in Active Directory
By Serdar Yegulalp
This tip was submitted to SearchWinSystems.com by expert Serdar Yegulalp. Please let other users know how useful it is by rating it below.
When an object is deleted from Active Directory, it is not immediately erased, but is marked for future deletion. The marker used to designate an AD object scheduled to be destroyed is called, appropriately enough, a "tombstone." Tombstoned objects are deleted whenever the Active Directory database is defragmented online or offline, which generally happens twice a day (once around noon, and once around midnight).
Normally, doing a manual undelete of tombstoned object is a bit of a hassle; it often involves performing an authoritative backup restore, which is not a trivial operation. Thankfully, Mark Russinovich at Sysinternals has created a little command-line freeware application called AdRestore 1.1. AdRestore enumerates all of the currently-tombstoned objects in a domain and allows you to restore them selectively.
To add a little selectivity to the restore operation, you can run AdRestore with a parameter to narrow down the search. For instance:
adrestore -r Serdar
would search for all objects with "Serdar" as part of its name. The -r switch forces the program to prompt the user for each restoration; otherwise, all the objects found matching said criteria will be automatically restored. The default (no criteria supplied) is that all tombstoned objects will be enumerated and restored.
Note that deleted items may no longer be members of specific organizational units or OUs. Restoring these objects from deleted status will not automatically restore them to their respective OUs; this will need to be done manually.
Serdar Yegulalp is the editor of the Windows 2000 Power Users Newsletter. Check out his Windows 2000 blog for his latest advice and musings on the world of Windows network administrators – please share your thoughts as well!
05 Oct 2004
Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.