To restore a deleted Active Directory Object in Server 2008 or 2003 (this can also be preformed also in server 2012 but the active directory recycle bin is much easier and faster) you can perform a using ldp.exe to recover the items as long as the time to live for the deleted objects container hasn't passed.
1. Log in to Active Directory Server as an Domain Administrator
2. Open ldp.exe using Command Prompt or Powershell
3. Select Connection menu, select Connect, then type server name.
4. Select Connection menu, select Bind and Select OK
The Deleted Objects folder is hidden by default you will need to make it visible
5. Select Options menu and Select Controls.
Expand the Load Predefined container list and select Return deletedobjects. Select OK
6. Select the View menu, select Tree, and then use the dropdown to select the distinguished name of the domain. For Example DC=Contoso,DC=com.
7. Expand the Domain Name container and then Expand Deleted Objects container.
8. Right click on the desired account, then click Modify.
9. In the Attribute box, type isDeleted. Under Operation, select Delete, and then select Enter.
10. In the Attribute box, type distinguishedName, in the Values box, type:
CN=User Name,OU= Organizational Unit,DC=domain,DC=name.
Under operation, select Replace and then Select Enter.
11. Select the Extended check box and then Select Run.
You will need to reset password, enable the account and fill in any missing attributes and groups
Done! It is much easier with server 2012 and the active directory recycle bin. But if using server 2008
or below this is the easiest and least disruptive way to restore a deleted user account.
No comments:
Post a Comment