Restoring objects with

For windows server 2008 R2 there are a new feature of "Recycle pin" which is not our subject today.

A cool tool that allows you to easily restore deleted AD objects. The tool is provided as freeware and has no kind of support, but from what I've seen, it works great. Some of the tools features include:

  • Browsing the tombstones
  • Domain Controller targeting
  • Can be used with alternative credentials (convenient if you do not logon to your desktop as Domain Admin, which you should never do anyway)
  • User/Computer/OU/Container reanimation
  • Preview of tombstone attributes

Enumerating tombstones

Previewing the tombstone attributes

Restoring a deleted user account

For more information on Guy's tool, please see Guy's blog entry announcing
Restoring objects with Microsoft ADRestore (previously Sysinternals)

Formerly Sysinternals and now Microsoft, Mark Russinovich has created a command-line freeware application called ADRestore. The tool enumerates all of the currently tombstoned objects in a domain and allows you to restore them selectively, and provides a convenient command-line interface for using the Active Directory reanimation functionality. If you run it from the command line you will be prompted to choose which object you want to restore, and since there could be quite a few tombstoned objects, this process might take some time as you answer NO to each and every prompt.
To add a little selectivity to the restore operation, you can run ADRestore with a parameter to narrow down the search. For example:

adrestore -r daniel would search for all objects with "daniel" as part of its name.
The -r switch forces the program to prompt the user for each restoration. Otherwise, all the objects found matching said criteria will be automatically restored. The default (no criteria supplied) is that all tombstoned objects will be enumerated and restored.
Note that deleted items may no longer be members of specific organizational units or OUs. Restoring these objects from deleted status will not automatically restore them to their respective OUs; this will need to be done manually.
Download ADRestore
How to restore deleted user accounts and their group memberships in Active Directory - 840001