Solved

Restore AD Objects from Recycle Bin

Posted on 2014-07-23
5
458 Views
Last Modified: 2014-07-23
We are running Windows Server 2012 and I'm almost certain that the AD recycle bin was enabled during deployment.

Yesterday, one of the technicians deleted an OU along with all of the group objects that are contained within the object and we're trying to restore it.

I can't seem to find the "Deleted Objects" container when opening Active Directory Administrative Center like my research has led me to believe it would have so I have resorted to the CLI in trying to restore the objects.

In the attached screenshot, you will see that I ran the Get-ADObject command and successfully found the folder I want to restore. I then piped the command into the "Restore-ADObject -whatif" command which didn't error out. When I removed the "-whatif" option, it started to error.

Any reason why this is giving me so many issues?
Screenshot.png
0
Comment
Question by:Adeste
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 19

Accepted Solution

by:
Miguel Angel Perez Muñoz earned 500 total points
ID: 40214209
You can not use * to recover bulk items without add recover name:
Get-ADObject -IncludeDeletedObjects -filter {cn -like "*name*"} | Restore-ADObject -NewName "<newname>"

I think you must use one by one to recover all lists or uses any GUI tool to do this: http://technet.microsoft.com/en-us/library/dd392261(v=ws.10).aspx
0
 

Author Comment

by:Adeste
ID: 40214269
Thank you! You are a gentleman and a scholar!

I was able to recover the OU itself and one AD group (so far). Is there a way to restore the AD groups with the original group membership?
0
 
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
ID: 40214316
Thanks!.

IMHO restored groups are same before deleting. Have you checked membership of this? ensure you recover all deleted groups (forgetting one group causes no appears on membership). On this link you can review entire process: http://blogs.msdn.com/b/dsadsi/archive/2009/08/26/restoring-object-from-the-active-directory-recycle-bin-using-ad-powershell.aspx

The other way is doing a authoritative restore of deleted objects.
0
 

Author Comment

by:Adeste
ID: 40214382
I've tried going through the outline of that link you sent but the group membership still comes out blank.

In that article, It used the command to restore AD objects:
$deletedOU | Restore-ADObject

Open in new window


This command didn't work because as you mentioned above, I need to use the "NewName" parameter. Why do all of the articles online never make mention that this is a requirement?
0
 

Author Comment

by:Adeste
ID: 40214496
I just realized that AD recycle bin was actually not enabled and this is the reason why it wasn't restoring the object's group membership

Reference: http://social.technet.microsoft.com/Forums/windowsserver/en-US/8c774486-3d30-4c4d-821a-6de3c2a95f9f/whats-wrong-with-this-command
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In previous parts of this Nano Server deployment series, we learned how to create, deploy and configure Nano Server as a Hyper-V host. In this part, we will look for a clustering option. We will create a Hyper-V cluster of 3 Nano Server host nodes w…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question