Some times you deleted a object and want to restore the object from the AD. and yes this can be tricky
You can use ADRestore.NET or but did you know you can enable the recycle.bin for your AD ?
Yes this is possible already in windows 2008r2 but sure in windows server 2012 it is still there an real handy.
First to find out what is the forest level from your AD
In the powershell command:
Get-ADForest my domain name
ah in the forestmode I see windows2008r2forest.
ok I want a 2012 forest and yes I want to upgrade.
Set-ADForestMode –Identity mvp.local -ForestMode Windows2012Forest
Are you sure you want this. In my case YES
I rerun the Get-ADForest mvp.local
Enable Active Directory Recycle Bin feature
get-help Enable-ADOptionalFeature -Examples
————————– EXAMPLE 1 ————————–
C:\PS>Enable-ADOptionalFeature ‘Recycle Bin Feature’ -Scope ForestOrConfigurationSet -Target ‘mvp.local’ -server mvpdc01
Enable the optional feature ‘Recycle Bin Feature’ for the forest ‘mvp.local’. This operation must be performed
on the Domain Controller that holds the naming master FSMO role.
And Yes I’m sure
Full path to the object :CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=ad,DC=mvp,DC=local
Enable-ADOptionalFeature ‘Recycle Bin Feature’ -scope ForestOrConfigurationSet -target DomainName -server DomainControllerName
Restoring deleted Objects with powershell get full help with the objects.
Get-help Get-ADObject –Example
Get-ADObject -Filter {DisplayName -eq "UserName"} -IncludeDeletedObjects | Restore-ADObject
Get-ADObject -Filter {CN -like "Username"} -IncludeDeletedObjects | Restore-ADObject
Using the Windows Server 2012 graphical tool: Active Directory Administrative Center
Open Active Directory Administrative Center
Right-click the domain icon in the console tree and select Enable Recycle Bin.
Restoring deleted Objects with Active Directory Administrative Center At the domain root of the domain appears Deleted Objects container.
Right-click the selected object and select Restore from the shortcut menu.
Depending on your system environment and business practices, you can increase or decrease the deleted object lifetime and the tombstone lifetime. If you want your deleted objects to be recoverable for longer than the default 180 days, you can increase the deleted object lifetime. If you want your recycled objects to be recoverable (through authoritative restore) for longer than the default 180 days, you can also increase the tombstone lifetime.
The tombstone lifetime is determined by the value of the tombstoneLifetime attribute. The deleted object lifetime is determined by the value of the msDS-deletedObjectLifetime attribute. By default, tombstoneLifetime is set to null. When tombstoneLifetime is set to null, the tombstone lifetime defaults to 60 days (hard-coded in the system). By default, msDS-deletedObjectLifetime is also set to null. When msDS-deletedObjectLifetime is set to null, the deleted object lifetime is set to the value of the tombstone lifetime.
So to find out what the current setting is, go to the properties of the
CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,
DC=mvp,DC=local
Find Deleted object lifetime
Get-ADObject "CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,
DC=mvp,DC=local" –Properties TombstoneLifeTime
Change the default 180 Days. to 365
Set-ADObject -Identity "CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,
DC=mvp,DC=local" –Partition "CN=Configuration,DC=mvp,DC=local" –Replace:@
{"TombstoneLifeTime" = 365}
to get a full list of deleted objects
Get-ADObject -filter ‘isdeleted -eq $true -and name -ne "Deleted Objects"’ -includeDeletedObjects -property *
But Remember If the object is already deleted and then turn-on the recycle.bin will not work !
Robert Smit MVP Blog 