So yesterday my customer want to export user objects on their AD, but only on Deleted Objects container which can be seen from LDP or other tools.

So the simple answer is you can use ldifde

ldifde -f output.txt -s <dc name> -d "cn=deleted objects,dc=domain,dc=com" -r (objectclass=user) -p subtree -x -l DN, samaccountname

-l switch is for limiting amount of information, in this case I use DN and samaccountname. You can export it to txt or csv also. Smile

Btw, they still running Windows 2003 forest, so cannot use AD Recycle Bin, but can reanimate the deleted object.

Advertisements