HOWTO: Restore AD Object from 2008 R2 Domain

I am in a situation where I need to delete a critical production Database server computer object in Active Directory for an upgrade but in the event that upgrade fails, I will need to restore the original computer object.

To that end I found an excellent Technet blog on the subject at http://blogs.technet.com/b/askds/archive/2009/08/27/the-ad-recycle-bin-understanding-implementing-best-practices-and-troubleshooting.aspx.

But for those of you that don’t want to read and just want the shortest possible answer, check out below:
Note: The recycle bin must be enabled in advance. If you’ve deleted something before enabling it and wish to restore, I’m afraid you’re not going to be happy

Identify the object to restore

# Identify which objects are available in your recycle bin.
# Note in our case we have many Domain Controllers and so to speed up the process and because I know which DC the object was deleted on, we’re going to specify a specific DC
# This will produce a list of all objects where the most recently deleted object will be at the very end of the list

Get-ADObject -server CORPDC1 -filter ‘isdeleted -eq $true -and name -ne “Deleted Objects”‘ -includeDeletedObjects -property * |
Where {$_.samAccountName -ne $null} | select samaccountname, whenChanged | sort whenChanged

 

Restore the object

# Once you have confirmed the samaccount name of the object you wish to delete, specify it and pass it to the Restore-ADObject cmdlet

Get-ADObject -server CORPDC1 -filter ‘isdeleted -eq $true -and name -ne “Deleted Objects”‘ -includeDeletedObjects -property * |
Where {$_.samAccountName -eq ‘john.smith’} | Restore-ADObject 

 

Tada! The object is now restored.

 

Leave a Reply

Your email address will not be published.