Restoring a Deleted AD Object Using PowerShell (4036112)

Should you inadvertently delete one or more AD objects, you can restore them using PowerShell rather than performing a complete Domain Controller (DC) restore.

PowerShell Scripting Disclaimer:

This script is provided "as is" for the purpose of illustrating how product tasks may be performed in conjunction with PowerShell. Support shall not be liable for any direct, indirect, incidental, consequential, or other damage alleged in connection with the furnishing or use of this script or of the principles it demonstrates. See PowerShell Scripting Support for more information.

1. Open an elevated PowerShell command prompt on the DC.
2. Type: PS C:\>Import-Module ActiveDirectory
• NOTE: If using the Active Directory Module for Windows PowerShell, this step is unnecessary.
3. Ensure the AD Forest is set to Windows2008R2 mode.
• To find the AD Forest Functional Level, type PS C:\>Get-ADForest
• Find the Forest Functional Level Property and ensure that it is set to Windows2008R2Forest.
4. You can elevate the Forest Functional Level by running PS C:\>Set-ADForestMode -Identity support.test.local -ForestMode Windows2008R2Forest.
5. Ensure that the AD Recycle Bin feature is enabled by running PS C:\>Get-ADOptionalFeature -Filter{*}.
6. Search for the Distinguished Name Property of the displayed objects. It should contain “Recycle Bin Feature.”
7. Enable the Recycle Bin Feature by typing PS C:\> Enable-ADOptionalFeature -Identity ‘CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows Nt,CN=Services,CN=Configuration,DC=support,DC=test,DC=local’ -Scope ForestOrConfigurationSet -Target ‘support.test.local’
• NOTE: The AD Recycle Bin is disabled by default. Once enabled, it can not be disabled again.
8. Select Y when asked for permission to proceed.
9. Obtain the list of deleted objects in AD by typing PS C:\> Get-ADObject -SearchBase “CN=Deleted Objects,DC=Support,DC=test,DC=local” -Filter {*} -IncludeDeletedObjects -Properties LastKnownParent >C:\DeletedADObjects.txt
10. Collect the aforementioned list of deleted objects in a text file, as the list may be fairly lengthy.
11. To restore the AD, type PS C:\Get-ADObject -SearchBase “CN=Deleted Objects,DC=support,DC=test,DC=local” -Filter {DisplayName -EQ ‘TestUser1′} -IncludeDeletedObjects -Properties LastKnownParent | Restore-ADObject
• NOTE: The AD “TestUser1” is used an example here. This name will change based on the configuration of your environment.
12. After the command is executed, please check that the object has been restored and force an AD replication.