Restoring Deleted Active Directory Objects/Users can be done with a few quick steps.

At Bobcares, we often get requests from our customers using windows servers to restore active directory objects/users

Today let’s, see how our Expert Support Techs get this done as part of our Server Management Services.

How to Restore Deleted Active Directory Objects/Users?

After removing any objects/users in Active Directory we can restore them using PowerShell and graphical tools.

Enabling Active Directory Recycle Bin ensures to  keep all attributes and memberships while removing any object/user

Here the removal of an object is not done physically but shown as deleted and moved to a special Deleted Objects container.

Generally, we can restore a removed object within 180 days by default. And if the period is over, the object will be available in the Deleted Objects container.

Enabling Active Directory Recycle Bin

AD Recycle Bin is available in Active Directory starting from Windows Server 2008 R2 functional level.

In the older versions also we can restore with the help of some additional tools.

With the AD Recycle Bin, we will not lose object attributes and group membership.

Steps to follow are given below:

We must ensure that the Active Directory for PowerShell module is available before giving the following commands

1. First check the AD forest functional level:

Get-ADForest |Select-Object forestmode

2. Then check whether AD Recycle Bin is enabled for our domain:

Get-ADOptionalFeature “Recycle Bin Feature” | select-object name,EnabledScope

When we see that the EnabledScope value is not empty, we can understand that Active Directory Recycle Bin is enabled.

3. To enable the Active Directory Recycle Bin, use the Enable-ADOptionalFeature cmdlet:

Enable-ADOptionalFeature –Identity ‘CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=ConfigurationDC=bob,DC=com’ –Scope ForestOrConfigurationSet –Target ‘bobcares.com’

Restoring Deleted Active Directory User Account

We can see how restoring deleted Active Directory Objects/Users is done by our Support Techs with the help of AD Recycle Bin

Now, Let’s try to delete an AD user and then restore it from the AD Recycle Bin.

Steps to follow are given below:

1. Firstly by using the Get-ADUser cmdlet, display the value of the IsDeleted attribute of a user (it is empty):

get-aduser jsanti -Properties *| Select-Object IsDeleted,whenDeleted

2. Then remove the user account:

Remove-ADUser jsanti</code

3. To find the user account in the AD Recycle Bin, we can  use the Get-ADObject cmdlet with the IncludeDeletedObjects parameter:

Get-ADObject -Filter 'Name -like "*santi*"' –IncludeDeletedObjects

We will be able to see the user in the Deleted Objects container.

4. Next we can check the value of the IsDeleted attribute

Get-ADObject -Filter 'Name -like "*santi*"' –IncludeDeletedObjects -Properties *| select-object Name, sAMAccountName, LastKnownParent, memberOf, IsDeleted|fl

In order to  display a full list of objects available in the Active Directory Recycle Bin:

Get-ADObject –filter {Deleted -eq $True -and ObjectClass -eq "user"} –includeDeletedObjects

To restore a user account, copy the ObjectGUID value, and run the following command:

Restore-ADObject -Identity ‘aa704b7f-b003-4a21-8f62-53c75caa67b2

Or we can restore a user using its SAMAccountName:

Get-ADObject -Filter 'SAMAccountName -eq "jsanti"' –IncludeDeletedObjects | Restore-ADObject

We can also restore the user account object from the graphical console of the Active Directory Administrative Center.
1. First run the dsac.exe
2. Then find the Deleted Objects container.
3. After that click the object we want to restore and select Restore.

In the same way, we can restore a deleted group, a computer, or a container in Active Directory.

1. Restoring security group:

Get-ADObject -Filter { Deleted -eq $True -and ObjectClass -eq 'group' -and Name -like '*Allow*' } –IncludeDeletedObjects| Restore-ADObject –verbose

2. To restore a computer:

Get-ADObject -Filter { Deleted -eq $True -and ObjectClass -eq 'computer' -and Name -like '*PCCA-sdd9302*' } –IncludeDeletedObjects| Restore-ADObject –verbose

3. Restore OU and Its Nested Objects Using PowerShell

First, we must restore the root OU:

Get-ADObject -Filter {Deleted -eq $True -and ObjectClass -eq 'organizationalunit' -and Name -like '*California*'} –IncludeDeletedObjects| Restore-ADObject

Then restore all nested OUs:

Get-ADObject -Filter {Deleted -eq $True -and ObjectClass -eq 'organizationalunit' -and LastKnownParent -eq 'OU=California,DC=woshub,DC=com'} –IncludeDeletedObjects| Restore-ADObject

After that, we can restore all deleted objects in the OUs using the LastKnownParent parameter (users, computers, groups and contacts):

Get-ADObject -Filter {Deleted -eq $True} –IncludeDeletedObjects -Properties *| Where-Object LastKnownParent -like '*OU=California,DC=woshub,DC=com'| Restore-ADObject

[Need assistance? We can help you!]

Conclusion

In short, we saw the method used by our Support Engineers for Restoring Deleted Active Directory Objects/Users.