Recovering Deleted User Ad account throught Active Directory powershell

We can recover any Active Directory deleted object with in the Tombstone period.
Tombstone lifetime can be found in active directory using below steps

• Load the ADSIEdit snap-in by navigating to start menu, programs, Windows 2000 Support Tools, Tools, ADSI Edit, or simply type adsiedit.msc at the run command.
• Navigate down to CN=Directory Service, through Configuration, CN=Configuration,DC=domainName,DC=com, CN=Services, CN=Windows NT, right-click and choose properties. 
• scroll down to tombstoneLifetime. This will have Tombstone period

Get-QADUser -Tombstone

Will get the list of user accounts which are Deleted and residing in Tombstone

  

Get-QADUser -Tombstone <name> |restore-QADDeletedObject

Will restore the user object in to the OU LOSTANDFOUND

  

Get-QADUser -Tombstone -LastKnownParent ‘<DN of container>’
Restores all user accounts that were deleted from a particular container to OU LOSTANDFOUND.

 

 Get-QADUser –Tombstone –LastChangedOn (get-date -year 2008 -month 9 -day 1)

Restores all user accounts that were deleted on September 1, 2008

 

Get-QADUser –Tombstone  <username> | fl

Gives the complete details of the -Tombstone account which can help in finding detained information of the Tombstoned account

2 thoughts on “Recovering Deleted User Ad account throught Active Directory powershell

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s