How to Restore Active Directory Users

Native Auditing

Netwrix Auditor for Active Directory

Steps

In order to restore AD objects, including users, you need to enable the Active Directory Recycle Bin feature. (Note that it cannot be disabled after that!)

Navigate to “Start”, choose “Administrative Tools”, right-click on “Active Directory Module for Windows PowerShell”, and click “Run as Administrator”.
Check the domain and forest functional modes using the following commands. Both must be Windows Server 2008R2 or higher.
(Get-ADDomain).DomainMode

(Get-ADForest).ForestMode

To enable the Recycle Bin feature, run the following script. Once the Recycle Bin has been enabled, any Active Directory object that is deleted will be stored in the Recycle Bin.

$cfgNameCtx = (Get-ADRootDSE).ConfigurationNamingContext
$recBin = "CN=Recycle Bin Feature,CN=Optional Features,"
$recBin = $recBin + "CN=Directory Service,CN=Windows NT,CN=Services,"
$recBin = $recBin + $cfgNameCtx
$target = (Get-ADDomain).Forest
Enable-ADOptionalFeature -Identity $recBin -Scope ForestOrConfigurationSet -Target $target -Confirm:$false

To restore one or more Active Directory user accounts, use this script:

$deletedUsers = Get-ADObject -Filter 'name -like "User Name" -and isDeleted -eq $true' -IncludeDeletedObjects
$deletedUsers | Restore-ADObject

Launch the Active Directory Users and Computers tool to see all the user accounts that were restored.

Run Netwrix Auditor Object Restore for Active Directory → Click "Next" → Select the period when the changes that you want to roll back were made and click “Next” → Select the rollback source: either state-in-time snapshots taken by Netwrix Auditor or Active Directory tombstones and click “Next” → Wait for the analysis to complete and click “Next”.
The “Select Changes for Rollback” section will list all changes that occurred in the specified time range. Select the attributes you want to be restored to the previous state by ticking the corresponding checkboxes → To see what changes will be applied to the selected attribute, highlight it and click the “Details” button → Click “Next” and wait for the restore process to complete.

Review the results of the rollback → Click “Finish” to exit the wizard.

Restore Active Directory Users without Any Downtime

AD admins need to be able to restore Active Directory objects such as user accounts, as well fix incorrect modifications and roll back unwanted changes to AD objects, because unwanted changes or inappropriate deletions can lead to productivity interruptions and system unavailability. For example, if some organizational units (OUs) or Active Directory groups or users are improperly changed or deleted, employees across the organization might not be able to log in, or might experience trouble accessing the applications they need to do their jobs. Native tools provide little help to IT pros who need to recover deleted Active Directory users; they must struggle through a difficult, time-consuming and error-prone process to restore deleted AD accounts. In order to minimize the risk of downtime and business disruption, IT admins need a tool that enables them to quickly and efficiently restore deleted objects from any point in time.

Netwrix Auditor for Active Directory delivers complete visibility into what’s going on in Active Directory and Group Policy. The application tracks changes, generates easy-to-read reports with who-what-when- details, and provides the critical before and after values. And it enables IT pros to recover deleted Active Directory users and other objects. The application helps you quickly identify unwanted Active Directory changes and roll them back to a previous state. And with Netwrix Auditor for Active Directory, IT administrators can easily remediate unwanted changes, for example, restore an Active Directory user, without any downtime or having to restart their Windows Servers.

Previous How-to

How to Detect Who Created a Scheduled Task on Windows Server

Next How-to

How to Detect Every Active Directory User’s Last Logon Date