When we delete a user account from Active Directory, whether on purpose or not, it won’t be removed immediately from AD database. Instead, it is hidden and preserved in someplace called Deleted Objects. However, this tombstoned object don’t hang around indefinitely but 180 days by default (Domain Admin can customize the tombstone data on adsiedit.msc). That’s to say, if you accidently delete users from Active Directory 2008, you can bring it back within 180 days. In the following part, I will show you how to retrieve deleted user account in Active Directory 2008 step by step.
Part 1: How to Find Deleted Users in Active Directory 2008
Part 2: How to Retrieve Deleted User Account in Active Directory
As mentioned above, when Active Directory user accounts are deleted, they are placed in the Deleted Objects which cannot be easily found through either desktop or folders. To display the deleted accounts, you can use the Ldp.exe domain administration tools in Active Directory Domain Services (AD DS). Here is what to do:
1. Press Win + R to open Run dialog and type ldp.exe.
2. To restore a deleted Active Directory object, the first thing is to bind to the 2008 server that hosts the forest root domain of your AD DS environment. Under Connections click Connect and the Bind.
3. Enter the domain admin user name and password and domain environment you need to log in. Click OK and you will see the message saying Authenticated ad dn: ‘Administrator’ and other information.
4. Navigate to Options section and click Controls, then scroll down the Load Predefined menu and choose Return deleted objects. Click OK.
5. Now go back to the main screen and choose View, click Tree and type DC=
6. Double click DN in the console tree and locate the CN=Deleted Objtects, DC=
Now that we have find the deleted object, the next step is to recover deleted active directory user account from the Deleted Objects container.
1. Right click the deleted account in the console tree and choose Modify.
2. In Edit Entry Attribute, type isDeleted.
3. Keep the Values text box empty.
4. Choose Delete from Operations and click Enter.
5. In Edit Entry Attribute, type distinguishedName.
6. Enter Active Directory object original DN in the Values: CN=deleted AD user name, OU= department, DC=domain name, DC=com.
7. Under Operations, choose Replace this time.
8. Check Extended box on the bottom and click Enter, then click Run.
If everything goes smoothly, it will not return any error message. Now go back to Active Directory Users and Computers console and enter original OU, you will find the deleted user account in AD server 2008 has been successfully restored.
However, you may notice that the recovered account is disabled by default. This is because once the AD objects are deleted, all attributes related to this account will also be removed except for the objectGuide, so you will need to add back the group memberships in the AD tree later.
Tip: If you are domain admin user and happen to forget or lose Domain Controller password, or want to self-service reset computer login password, Windows Password Key will be a good assistant to help you recover or reset domain admin password, local user password and Microsoft user password with easiest operations and highest speed. It can even create a new domain account when the DC is hacked. See how to reset Administrator password on Windows Server 2003/2008/2012 AD now.
Copyright © 2007-2021 4WinKey.