Category: AD Recycle Bin



So yesterday my customer want to export user objects on their AD, but only on Deleted Objects container which can be seen from LDP or other tools.

So the simple answer is you can use ldifde

ldifde -f output.txt -s <dc name> -d "cn=deleted objects,dc=domain,dc=com" -r (objectclass=user) -p subtree -x -l DN, samaccountname

-l switch is for limiting amount of information, in this case I use DN and samaccountname. You can export it to txt or csv also. Smile

Btw, they still running Windows 2003 forest, so cannot use AD Recycle Bin, but can reanimate the deleted object.

Advertisements

Thanks God MS already create a built in AD Recycle Bin UI for Windows Server 2012, on Windows Server 2008 R2 it really pain in the arse using LDP.exe though there are plenty free third party UI for it Smile.

OK, lets move on, to make it happen your forest must be 2008 R2 mode, if you not in that mode you have to raise it, and remember raising forest/domain functional not reversible.

To check it just type Get-ADForest

image

After that you have to enable Recycle Bin feature

image

Create user and delete it from ADUC, now open Active Directory Administrative Center (ADAC) then go to Deleted Objects container, you will find deleted user which you delete it a moment ago.

image

Right click the object then you have a choice to Restore or Restore to

image

  • Restore: This option will restore the object directly to its original location.
  • Restore to: This option will ask for a location to restore the deleted object to.
Create a free website or blog at WordPress.com.
[ Back to top ]