How to restore objects from AD ind Windows 2008 R2. Things in Windows 2008 Server R2 are different. In Windows 2008 R2 AD there is a new feature called „Active Directory Recycle Bin“.
When enabled (see Enabling Active Directory Recycle Bin - Windows Server 2008 R2), Active Directory Recycle Bin, all link-valued and non-link-valued attributes of the deleted Active Directory objects are preserved and the objects are restored in their entirety to the same consistent logical state that they were in immediately before deletion. For example, restored user accounts automatically regain all group memberships and corresponding access rights that they had immediately before deletion, within and across domains, which, compared with restoring of user account in Windows Server 2003 (previous article), is not the case.
Note:
By default, Active Directory Recycle Bin in Windows Server 2008 R2 is disabled. To enable it, functional level the forest of your AD DS or AD LDS environment must be set to Windows Server 2008 R2, which in turn requires all forest domain controllers or all servers that host instances of AD LDS configuration sets to be running Windows Server 2008 R2.
In a next few steps, I will explain how to restore deleted user account. For restoring I will use LDP.EXE tool (Objects can also be restored using Get-ADObjects and Restore-ADObjects cmdlets of Windows PowerShell).
Let's see how it's done.
Note: You should replace CONTOSO.LOCAL with your own domain and user TEST USER with your own user.
1. In AD DS, we have a user named Test User. The user gets deleted (accidentally or on purpose). In this case, we'll delete the user manually.
When enabled (see Enabling Active Directory Recycle Bin - Windows Server 2008 R2), Active Directory Recycle Bin, all link-valued and non-link-valued attributes of the deleted Active Directory objects are preserved and the objects are restored in their entirety to the same consistent logical state that they were in immediately before deletion. For example, restored user accounts automatically regain all group memberships and corresponding access rights that they had immediately before deletion, within and across domains, which, compared with restoring of user account in Windows Server 2003 (previous article), is not the case.
Note:
By default, Active Directory Recycle Bin in Windows Server 2008 R2 is disabled. To enable it, functional level the forest of your AD DS or AD LDS environment must be set to Windows Server 2008 R2, which in turn requires all forest domain controllers or all servers that host instances of AD LDS configuration sets to be running Windows Server 2008 R2.
In a next few steps, I will explain how to restore deleted user account. For restoring I will use LDP.EXE tool (Objects can also be restored using Get-ADObjects and Restore-ADObjects cmdlets of Windows PowerShell).
Let's see how it's done.
Note: You should replace CONTOSO.LOCAL with your own domain and user TEST USER with your own user.
1. In AD DS, we have a user named Test User. The user gets deleted (accidentally or on purpose). In this case, we'll delete the user manually.
