Restore Deleted Objects From Active Directory Using Adrestore And adrestore.net

0 views

Skip to first unread message

Message has been deleted

Taleen Sameh

unread,

Jul 16, 2024, 12:38:07 AM7/16/24

to flopxiaskyweas

Windows Server 2003 introduces the ability to restore deleted("tombstoned") objects. This simple command-line utility enumerates thedeleted objects in a domain and gives you the option of restoring eachone. Source code is based on sample code in the Microsoft Platform SDK.This MS KB article describes the use of AdRestore:

By using AdRestore.exe or ADRestore.NET, you can implement tombstone reanimation method to restore deleted objects from Active Directory database easily. So it basically do the same as using LDP in my previous post, Restore Deleted Objects in Active Directory Database Using Tombstone Reanimation (LDP.EXE)

Restore deleted objects from Active Directory using adrestore and adrestore.net

Download https://tlniurl.com/2yXpnI

AdRestore.exe
Formerly Sysinternals and now Microsoft, Mark Russinovich has created a command-line freeware application called ADRestore. The tool enumerates all of the currently tombstoned objects in a domain and allows you to restore them selectively, and provides a convenient command-line interface for using the Active Directory reanimation functionality.

For preparation to restore the deleted object, you have to install Windows Server 2003 Support Tools. From the Windows Server 2003 Installation CD, it is located on \SUPPORT\TOOLS\SUPTOOLS.MSI
You do not need to follow this step, if using Windows Server 2008.

The result of restoring deleted objects using Tombstone Reanimation procedure is not perfect. You will restore a disabled account with all attributes has been stripped. You have to set the password and enable the account.

If you want to have a successful restore including all attributes of the user, you should consider to do Authoritative Restore that need you to restore from backup. and you can not restore the active directory database from backup without restarting to Active Directory Restore Mode.

AdRestore.exe Formerly Sysinternals and now Microsoft, Mark Russinovich has created a command-line freeware application called ADRestore. The tool enumerates all of the currently tombstoned objects in a domain and allows you to restore them selectively, and provides a convenient command-line interface for using the Active Directory reanimation functionality.

ADRestore.NET Restoring objects with ADRestore.net Guy Teverovsky has written a GUI version that allows you to easily restore deleted AD objects. I found this tool will help you a lot when you need to restore more than one deleted objects, for example, an OU contains some objects.

Here the demo steps: I deleted an OU named Accounting contained some objects including users and groups. Enumerating Tombstones First restore the OU. Then restore the other objects one by one. Until the last object Then view the result You can see from the steps above that using ADRestore.NET will be a lot of easier to restore more than one objects: -reanimation-using-adrestore-exe-and-adrestore-net/

As a global authentication directory service that provides centralized management of IT infrastructure resources, Active Directory (AD) is one of the most critical business applications. This means that during a disruption, swift recovery is essential to reducing service downtime. AD usually contains a multitude of objects that are hierarchically organized, with some objects depending on others. The recovery process can be time-consuming as you need to recover a complex hierarchical structure and recreate some data manually. This blog post explains how to recover Active Directory objects that have been deleted.

Deleted AD objects are not always shown in the Active Directory Users and Computers snap-in. You can see the Deleted Objects container with the deleted AD objects and restore them only using special tools.

There are two approaches to be able to restore deleted objects in Active Directory (AD) by using native Microsoft tools, including built-in tools in Windows Server: with the Active Directory Recycle Bin and without it. There is a big difference between the two approaches.

Open the AD Recycle Bin in Server Manager > Active Directory Administrative Center and select a deleted user. User4 is the object we want to restore from Active Directory Recycle Bin in our case.

Restoring deleted Active Directory objects from a backup is the most reliable method and allows you to restore deleted AD objects regardless of whether the AD Recycle Bin is enabled or not. The backup method involves backing up Active Directory or the entire domain controller running on a physical server or a virtual machine.

Once the process of restoring AD objects has finished by using this method, we can open Active Directory Users and Computers on our Windows Server 2019 and check whether a deleted AD organizational unit (unit1) has been recovered with child objects.

You may need to perform advanced Active Directory recovery and recover deleted Active Directory objects from a backup with highly customized settings. For example, you can export AD objects from a backup to a custom server, edit their parameters, and import them to the needed location.

Where filename.ldif is the path to ldif file, and logfolder is the path to the folder where process logs will be saved. The -t 636 option means the TCP port 636 that is used for secured connection with the AD server. In our case, the command to restore deleted AD objects by importing them is:

The reliable way to protect data and applications, including Active Directory with all the items it contains, is performing proper data backup regularly and storing backups using a rational retention policy. A specialized backup solution helps in this case. NAKIVO Backup & Replication is the universal data protection solution that is application-aware and supports full restore and granular recovery of files and objects, including in Active Directory.

The Active Directory Recycle Bin is a feature in the Active Directory Domain Services (AD DS) that allows administrators to restore deleted Active Directory objects, such as user accounts, groups, and computers, without the need to restore from a backup. This feature provides a safety net for the accidental deletion of objects and helps reduce the effort and cost of restoring from a backup.

The Active Directory Recycle Bin changes this behavior by allowing deleted objects to be restored within a specified time period, even after the tombstone lifetime has passed. When the Recycle Bin feature is enabled, deleted objects are moved to the Recycle Bin instead of the Deleted Objects container, where they can be restored if necessary.

The Recycle Bin feature provides an easy-to-use interface for restoring deleted objects, reducing the effort and cost of restoring from a backup. It also reduces the risk of restoring an older version of an object from a backup, which can introduce inconsistencies into the directory. Additionally, the Recycle Bin is a more efficient solution for restoring objects compared to restoring from a backup, as it does not require a full database restore.

Reanimating deleted objects in Active Directory can be done using several methods. The following are some of the most commonly used native methods for restoring deleted objects in the Active Directory.

Note- The Active Directory Recycle Bin should be enabled if you are using any of the above mentioned method. In case, AD Recycle Bin is not enabled then most object attributes will be removed when the objects were deleted. You have to be manually added them after restoring the objects.

There are instances when objects you need are accidentally or intentionally deleted from the Active Directory. In such cases, the Lepide Object Restore Wizard (part of Lepide Data Security Platform) enables you to roll-back those changes to their original state in a single click.

It is able to do this by automatically capturing backup snapshots of Active Directory and Group Policy Objects and saving their state at regular intervals. Administrators can use these snapshots to restore the deleted and modified objects.

Using these snapshots, you can restore even those objects which are in a physically deleted or recycled state. After starting the wizard, Lepide Data Security Platform lets you select the backup snapshot with which you want to compare the current state of Active Directory. The user reaches at the following page after this comparison and it shows the list of deleted and modified objects in Active Directory.

For those who don't know, the Active Directory Recycle Bin is a pretty sweet feature that allows you to restore deleted AD objects. This is a great alternative to performing an Authoritative AD Restore or un-deleting an object using LDP (as I said in an earlier post today; LDP is also known as Active Directory for Adults).

Customer accidentally deleted objects from AD and users are adversely affected. Let's say an entire OU comprised of 10k user accounts. Instead of performing an authoritative restore, the fearful admin heard about this cool feature called AD Recycle Bin. It's not enabled by default so he enables it. He finds that he cannot restore the OU using the AD Recycle Bin, he then reluctantly tried the Authoritative Restore method from a System State backup of one of his DC's; this also fails. What can he do?

If an object in your Active Directory (AD) environment has been deleted and you need to recover it, Microsoft provides a few different ways to do that. This guide will explain the steps needed to restore deleted AD objects with all their attributes intact.