Who Deleted AD Account
Missing user accounts from AD, any way to tell what happen?
Without Auditing enabled , it is impossible to check who has deleted the account.
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/ba11d5a2-f30b-4163-913e-21f3941593c3/
If you want to restore the deleted the user account , please use the LDP.exe tool to do it , since each object in AD has some Thumstone life
http://technet.microsoft.com/en-us/library/dd581644(WS.10).aspx#restore_deleted_object_LDP
1.Log on to the Windows Server 2008 domain controller DC1 with Enterprise Admin or Domain Admin credentials.
2.Click Start, click Run, type ldp.exe, and then click OK.
3.Click Connection, and then click Connect.
4.Because you are logged on to the domain controller that hosts the forest root domain, click OK.
5.Click Connection again, and then click Bind.
6.Under Bind type, ensure that Bind as currently logged on user is selected, and then click OK.
7.Click View, and then click Tree. In BaseDN, type DC=Fabrikam,DC=com, and then click OK.
8.Click Options, and then click Controls. In the Load Predefined menu, click Return Deleted Objects, click Check Out, click Check In, and then click OK.
9.In the console tree, expand DC=Fabrikam,DC=com, double-click CN=Deleted Objects,DC=Fabrikam,DC=com
10.Right-click CN=Arlene Huff\0ADEL:objectGUID,CN=D
11.In the Modify dialog box, do the following:
a.In Edit Entry Attribute, type isDeleted.
b.Under Operation, click Delete, and then click Enter.
c.Return to Edit Entry Attribute, and then type distinguishedName. (If the text isDeleted is still present in the box, remove it.)
d.In the details pane, under Dn: CN=Arlene Huff\0ADEL:objectGUID,CN=D
CN=Arlene Huff,OU=Finance,DC=Fabrika
12.Under Operation, click Replace, click Enter, ensure that the Extended check box is selected, and then click Run. You will see a confirmation message.
13.Click Close to close the Modify dialog box, and then minimize LDP.
14.Open the Active Directory Users and Computers snap-in. To open Active Directory Users and Computers, click Start, click Run, type dsa.msc, and then click OK.
15.Click the Finance OU, and ensure that the user Arlene Huff is present.
Regards,
_Prashant_
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/ba11d5a2-f30b-4163-913e-21f3941593c3/
If you want to restore the deleted the user account , please use the LDP.exe tool to do it , since each object in AD has some Thumstone life
http://technet.microsoft.com/en-us/library/dd581644(WS.10).aspx#restore_deleted_object_LDP
1.Log on to the Windows Server 2008 domain controller DC1 with Enterprise Admin or Domain Admin credentials.
2.Click Start, click Run, type ldp.exe, and then click OK.
3.Click Connection, and then click Connect.
4.Because you are logged on to the domain controller that hosts the forest root domain, click OK.
5.Click Connection again, and then click Bind.
6.Under Bind type, ensure that Bind as currently logged on user is selected, and then click OK.
7.Click View, and then click Tree. In BaseDN, type DC=Fabrikam,DC=com, and then click OK.
8.Click Options, and then click Controls. In the Load Predefined menu, click Return Deleted Objects, click Check Out, click Check In, and then click OK.
9.In the console tree, expand DC=Fabrikam,DC=com, double-click CN=Deleted Objects,DC=Fabrikam,DC=com
10.Right-click CN=Arlene Huff\0ADEL:objectGUID,CN=D
11.In the Modify dialog box, do the following:
a.In Edit Entry Attribute, type isDeleted.
b.Under Operation, click Delete, and then click Enter.
c.Return to Edit Entry Attribute, and then type distinguishedName. (If the text isDeleted is still present in the box, remove it.)
d.In the details pane, under Dn: CN=Arlene Huff\0ADEL:objectGUID,CN=D
CN=Arlene Huff,OU=Finance,DC=Fabrika
12.Under Operation, click Replace, click Enter, ensure that the Extended check box is selected, and then click Run. You will see a confirmation message.
13.Click Close to close the Modify dialog box, and then minimize LDP.
14.Open the Active Directory Users and Computers snap-in. To open Active Directory Users and Computers, click Start, click Run, type dsa.msc, and then click OK.
15.Click the Finance OU, and ensure that the user Arlene Huff is present.
Regards,
_Prashant_
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
mo_patel! THANK YOU
http://blogs.technet.com/b/brad_rutkowski/archive/2006/09/21/hey-who-deleted-that-user-from-ad.aspx