KB ID 0000096
Usually if you need to restore something to AD you need to bring the server up in AD restore mode and do an authoritative restore of that object. However 99% of the time you just need to restore 1 user, Computer, Group that has been deleted, you can do that with ADRestore.exe.
There are some limitations,
1. Items restored need their group membership and other attributes i.e. profile paths etc re-creating
2. If you restore an OU and users that were in that OU then you need to locate the users and move them back into the OU. (though if you deleted an OU with multiple users in it you should be doing an authoritative restore anyway)
Just so we are clear – this is just a “Quick and Dirty” method of getting an object back into AD. It works by locating items that have been “tomb stoned” and restoring them. The important part is the user is restored with the same GUID in active directory so all the permissions assigned to that user are restored.
1. Here’s our user
2. And now someone’s accidentally deleted him!
3. So we’ve downloaded ADRestore.exe and dropped in on the C: drive on the domain controller.
4. From command line simply navigate to the C: drive and issue an “adrestore-r” command.
6. We only have one object here you might have to press (n) for no a few times on other deleted items, We only have one so press (y) for yes.
7. Same again.
8. Here’s our user, notice they are disabled, if you try and enable them…….
9. You will get this error, reset the users password then you can enable them, you will also need to add them back into the correct groups, set up profiles and reconnect mailbox’s etc.
Related Articles, References, Credits, or External Links