Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 284
  • Last Modified:

View Deleted Users In Active Directory?

Does anyone know how I might go about viewing a deleted user account within Active Directory??? We have some auditors in house and they want me to prove that someone has been deleted:(

I will award some big points if someone can help me out:)
1 Solution
Drew LakeCommented:
Mabey this will help:  http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/maintain/opsguide/part1/adogd03.mspx

Deleting an object from Active Directory is a two-step process. When an object is deleted in Active Directory, the object gets converted into a tombstone, which is then replicated to the other domain controllers in the environment to inform them of the deletion. Active Directory purges the tombstone when the tombstone lifetime is reached.

Or mabey here: http://www.comptechdoc.org/os/windows/win2k/win2kauditing.html

Hello Rrose987,

It depends how long ago did you delete the object, if the "deletion" has not replicated to other DCs, then its still considered under the "tombstone period" . If it has past this period, then the only option would be an Active Directory restore. Have a look at this article:


Thanks and Good Luck!

You could look at the Directory Service log in Event Viewer under a domain controller to see when some object was deleted.  

rrose987Author Commented:
This object would have been deleted months ago. I have never had an auditor request this kind of information before but what can I do:( I was aware of the tombstone period but I knew it would be an option. I was just hoping that there was some place where you could peek under the hood at deleted objects.
Drew LakeCommented:
Did you check the event viewer?

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now