How to Restore Deleted AD Objects

Native Solution vs. Netwrix Recovery for Active Directory
{{ firstError }}
We care about security of your data. Privacy Policy
Native Solution Netwrix Recovery for Active Directory
Native Solution
Netwrix Recovery for Active Directory
Steps

The Active Directory Recycle Bin is disabled by default. In order to use it to restore deleted objects, you must enable it. You cannot restore any objects deleted before Recycle Bin was enabled. Note that Recycle Bin can be enabled only once without a possibility to disable it afterwards.

Prerequisite: Enable the Recycle Bin in Active Directory

  1. Open the Server Manager management console -> Click Tools -> Active Directory Administrative Center
    (Alternatively: Open the “run” box (click Start -> Run or use the Win-R keyboard shortcut) -> Type dsac.exe -> Click OK.)
  2. Click on your domain name. In the Tasks pane, click Enable Recycle Bin.
  3. In the confirmation window, click OK.

 

Restore an Object with the Active Directory Administrative Center (ADUC)

  1. Open the Server Manager management console  -> Click Tools -> Active Directory Administrative Center
    (Alternatively: Open the “run” box (click Start -> Run or use the Win-R keyboard shortcut) -> Type dsac.exe -> Click OK.
  2. In the left pane of the ADUC,select the domain in which the deleted object resided. In the center pane, select the Deleted Objects container:
  1. Select the deleted object. Then do one of the following:
  • To restore the object to its original container, click Restore:

 

Restore an Object using PowerShell

Alternatively, you can restore an AD object using the Restore-ADObject PowerShell cmdlet:

Get-ADObject -Filter {displayName -eq "userdel tobegone"} -IncludeDeletedObjects | Restore-ADObject

  1. Open Netwrix Recovery for Active Directory -> Select the object you want to restore (to locate it quickly, use the search function on the left):
  1. Select the object, or the attributes of the object that you want to roll back:
  1. Optionally, provide a note about the operation (such as why it was needed) and set the following options:
  • Force the user to change the account’s password at the next login.
  • Enable the user account.
  • Assign a specific new password to the account.
Learn more about Netwrix Recovery for Active Directory

Ensure business continuity and security with AD recovery software that makes rollback a snap

If an Active Directory user account is improperly deleted or modified, the effect on your business can be significant. A key employee may be unable to complete critical tasks, or a service might be unable to function. You cannot eliminate the risk that an error, miscommunication or runaway script will delete AD objects by mistake, so it’s vital to ensure that you can restore those objects, both promptly and accurately. 

Microsoft provides a quick way to restore some deleted AD objects: the Recycle Bin. Once you enable the Recycle Bin, certain deleted AD objects will be preserved in the Deleted Objects container for a set period of time. (This storage time is defined in the msDS-DeletedObjectLifetime attribute. If that attribute doesn't exist or is empty, the value of the tombstoneLifetime attribute used instead. If there’s also no tombstoneLifetime value, both values default to 60 days.) However, the Recycle Bin has important limitations. In particular, it stores only the last version of a deleted object, and it does not enable you to roll back changes to an object’s attributes. In addition, it’s important to recognize that enabling the Recycle Bin will change your AD schema and delete all existing AD tombstones. 

For the comprehensive recovery capabilities required for business continuity and security, you need recovery software with granular version control and surgical recovery options. Netwrix Recovery for Active Directory enables you to restore objects that are not recoverable via the AD Recycle Bin, as well as changes to objects that are not deleted and are therefore never put into the Recycle Bin. It captures point-in-time snapshots of all AD objects, Group Policy objects and DNS records on a scheduled basis, and provides a complete record of all changes. As a result, you can easily restore any version of an object in its entirety, or granularly roll back specific attributes. You can even restore an entire AD domain to a known good state, minimizing downtime and disruption to your business. 

Related How-tos
How to Detect Changes to Organizational Units and Groups in Active Directory How to Detect Who Deleted a Computer Account in Active Directory How to Monitor Deletions of DNS Records How to Detect Who Deleted a DHCP Reservation How to Detect Who Deleted a User Account in Active Directory How to Detect Deleted User Accounts in Microsoft Entra ID