recover deleted AD user
Greetings,
A user was deleted from Exchange 2016 EAC. That deleted the user from AD. Recycle Bin was enabled after the deletion. Going into DSAC then deleted objects shows nothing (account is not there). A global search does not return the user account. Using ldp.exe then connecting and binding to a DC (only 2 in this environment) shows nothing when drilling down to deleted objects (no child objects).
Why would the deleted account not show up anywhere? Where else can we look?
Happy Monday
Thanks
A user was deleted from Exchange 2016 EAC. That deleted the user from AD. Recycle Bin was enabled after the deletion. Going into DSAC then deleted objects shows nothing (account is not there). A global search does not return the user account. Using ldp.exe then connecting and binding to a DC (only 2 in this environment) shows nothing when drilling down to deleted objects (no child objects).
Why would the deleted account not show up anywhere? Where else can we look?
Happy Monday
Thanks
Hi King,
You can easily use following ways with GUI instead of above.
1. Using AdRestore utility written by Gil Kirkpatrick.
2.Using LDAP explorer
ADrestore.net is a powerful and friendly tool.
Please refer this nice article with the screenshots,
https://o365info.com/how-to-restore-active-directory-deleted-user-account-active-directory-recycle-bin-is-not-enabled-using-adrestore-adrestore-net-and-lex-the-ldap-explorer-article-3-4-part-15-23/
You can easily use following ways with GUI instead of above.
1. Using AdRestore utility written by Gil Kirkpatrick.
2.Using LDAP explorer
ADrestore.net is a powerful and friendly tool.
Please refer this nice article with the screenshots,
https://o365info.com/how-to-restore-active-directory-deleted-user-account-active-directory-recycle-bin-is-not-enabled-using-adrestore-adrestore-net-and-lex-the-ldap-explorer-article-3-4-part-15-23/
Hi King daddy,
Please run this command in your DC powershell. This will list the deleted users.
Please run this command in your DC powershell. This will list the deleted users.
Get-ADObject -IncludeDeletedObjects -Filter {objectClass -eq "user" -and IsDeleted -eq $True}ASKER
Thanks, MAS. I ran that command and it just went to a new prompt. It did not list any deleted user objects. I also ran this which also returned nothing:
Get-ADObject -ldapFilter:"(msDS-LastKno
Thanks, Member_2_7965591. I am pretty sure I saw the info in your first post while searching for answers to this. I will look into the adrestore tool you mentioned.
Get-ADObject -ldapFilter:"(msDS-LastKno
Thanks, Member_2_7965591. I am pretty sure I saw the info in your first post while searching for answers to this. I will look into the adrestore tool you mentioned.
Have you tried to use Server Manager to do this?
https://blog.stealthbits.com/how-to-restore-deleted-active-directory-objects/
You can also use ADRestore or Hyena (free fully-functional trial). Just right-click on the domain -> View deleted objects -> choose the object -> Undelete
https://www.systemtools.com/hyena/
And after you recover the account, don't forget to re-attach the mailbox (it's marked as a disconnected mailbox and it will be deleted after 30 days).
https://blog.stealthbits.com/how-to-restore-deleted-active-directory-objects/
You can also use ADRestore or Hyena (free fully-functional trial). Just right-click on the domain -> View deleted objects -> choose the object -> Undelete
https://www.systemtools.com/hyena/
And after you recover the account, don't forget to re-attach the mailbox (it's marked as a disconnected mailbox and it will be deleted after 30 days).
ASKER
Thanks, Hello There. I will look into these options. I turned on recycle bin in case this happens again. Might just recreate the account. The mailbox, luckily, didn't have much and will just attach it to the new account.
Still weird to me that I can't see it anywhere though.
Thanks again all.
Still weird to me that I can't see it anywhere though.
Thanks again all.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks, Kevin. I will try the your suggestions from point one and hope it's not because of what you mention in the second point. I am just lucky that we did not delete a critical account / user - and now recycle bin is enabled so IF it does happen again recovery should be much easier.
I have heard stores that on some Windows versions, the act of enabling the Recycle Bin feature PERMANENTLY DELETES all of the contents of the tombstoned (ie deleted) objects.I read that too some time ago but I couldn't find any official reference to it. But I had time to test it and I can confirm that this is a behavior of DC2016 (I haven't tested it on other OS versions). After you enable AD Recycle Bin, deleted objects are removed and you cannot recover them.
ASKER
Thanks for confirming. Hello There. The client is on 2016 DCs. We just rebuilt the account last night. In this case, it was easier and less time consuming to do that.
Thanks to everyone for the help.
Thanks to everyone for the help.
You are welcome.
In all three methods, you authoritatively restore the deleted objects, and then you restore group membership information for the deleted security principals. When you restore a deleted object, you must restore the former values of the member and memberOf attributes in the affected security principal.
The three methods are:
Method 1: Restore the deleted user accounts, and then add the restored users back to their groups by using the Ntdsutil.exe command-line tool
Method 2: Restore the deleted user accounts, and then add the restored users back to their groups
Method 3: Authoritatively restore the deleted user accounts and the deleted users security groups two times
For details about these methods, please refer this Microsoft Official guide,
https://support.microsoft.com/en-us/help/840001/how-to-restore-deleted-user-accounts-and-their-group-memberships-in-ac