We help IT Professionals succeed at work.

recover deleted AD user

98 Views
Last Modified: 2020-04-21
Greetings,

A user was deleted from Exchange 2016 EAC. That deleted the user from AD. Recycle Bin was enabled after the deletion. Going into DSAC then deleted objects shows nothing (account is not there). A global search does not return the user account. Using ldp.exe then connecting and binding to a DC (only 2 in this environment) shows nothing when drilling down to deleted objects (no child objects).

Why would the deleted account not show up anywhere? Where else can we look?

Happy Monday

Thanks
Comment
Watch Question

Udara PeirisSystem Engineer
CERTIFIED EXPERT

Commented:
The following three methods can be used when AD recycle bin has not enabled.
In all three methods, you authoritatively restore the deleted objects, and then you restore group membership information for the deleted security principals. When you restore a deleted object, you must restore the former values of the member and memberOf attributes in the affected security principal.
The three methods are:
Method 1: Restore the deleted user accounts, and then add the restored users back to their groups by using the Ntdsutil.exe command-line tool
Method 2: Restore the deleted user accounts, and then add the restored users back to their groups
Method 3: Authoritatively restore the deleted user accounts and the deleted users security groups two times

For details about these methods, please refer this Microsoft Official guide,
https://support.microsoft.com/en-us/help/840001/how-to-restore-deleted-user-accounts-and-their-group-memberships-in-ac 
Udara PeirisSystem Engineer
CERTIFIED EXPERT

Commented:
Hi King,
You can easily use following ways with GUI instead of above.
1. Using AdRestore utility written by Gil Kirkpatrick.
2.Using LDAP explorer

ADrestore.net is a powerful and friendly tool.

Please refer this nice article with the screenshots,
https://o365info.com/how-to-restore-active-directory-deleted-user-account-active-directory-recycle-bin-is-not-enabled-using-adrestore-adrestore-net-and-lex-the-ldap-explorer-article-3-4-part-15-23/ 


MASEE Solution Guide - Technical Dept Head
CERTIFIED EXPERT
Most Valuable Expert 2017

Commented:
Hi King daddy,
Please run this command in your DC powershell. This will list the deleted users.
Get-ADObject -IncludeDeletedObjects -Filter {objectClass -eq "user" -and IsDeleted -eq $True}

Open in new window

Author

Commented:
Thanks, MAS. I ran that command and it just went to a new prompt. It did not list any deleted user objects. I also ran this which also returned nothing:
Get-ADObject -ldapFilter:"(msDS-LastKnownRDN=*)" –IncludeDeletedObjects. Very weird.

Thanks, Member_2_7965591. I am pretty sure I saw the info in your first post while searching for answers to this. I will look into the adrestore tool you mentioned.
Hello ThereSystem Administrator
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
Have you tried to use Server Manager to do this?
https://blog.stealthbits.com/how-to-restore-deleted-active-directory-objects/

You can also use ADRestore or Hyena (free fully-functional trial). Just right-click on the domain -> View deleted objects -> choose the object -> Undelete
https://www.systemtools.com/hyena/

And after you recover the account, don't forget to re-attach the mailbox (it's marked as a disconnected mailbox and it will be deleted after 30 days).

Author

Commented:
Thanks, Hello There. I will look into these options. I turned on recycle bin in case this happens again. Might just recreate the account. The mailbox, luckily, didn't have much and will just attach it to the new account.

Still weird to me that I can't see it anywhere though.

Thanks again all.
Lead Developer
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Thanks, Kevin. I will try the your suggestions from point one and hope it's not because of what you mention in the second point. I am just lucky that we did not delete a critical account / user - and now recycle bin is enabled so IF it does happen again recovery should be much easier.
Hello ThereSystem Administrator
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
I have heard stores that on some Windows versions, the act of enabling the Recycle Bin feature PERMANENTLY DELETES all of the contents of the tombstoned (ie deleted) objects.
I read that too some time ago but I couldn't find any official reference to it. But I had time to test it and I can confirm that this is a behavior of DC2016 (I haven't tested it on other OS versions). After you enable AD Recycle Bin, deleted objects are removed and you cannot recover them.

Author

Commented:
Thanks for confirming. Hello There. The client is on 2016 DCs. We just rebuilt the account last night. In this case, it was easier and less time consuming to do that.

Thanks to everyone for the help.
Hello ThereSystem Administrator
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
You are welcome.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.