As the primary authentication service in the majority of organizations worldwide, the health and operational integrity of Active Directory has a direct impact on the overall security of your organization. The capability to rollback and recover from changes to your Active Directory infrastructure, whether accidental or malicious, is an important and often overlooked aspect of your ability to maintain the security and performance of your network
When Active Directory objects are deleted, they are placed in the Deleted Objects container or also known as the AD recycle bin. By default, this container is not displayed to an administrator and it must be enabled manually either using a script or the LDP.exe utility. Following the enabling of the active directory recycle bin, there are several native methods to restore deleted accounts in a windows server such as LDP.exe utility, PowerShell queries, and the Administrative Center. The simplest method to restore deleted users is to utilize the Administrative Center feature. Please see the steps below regarding how to find deleted users in active directory and restore deleted users.
Step 1 – Launch the Active Directory Administrative Center ( or run dsac.exe)
Step 2 – In the Left pane select the domain in which the deleted object resided.
Step 3 – In the center pane select deleted Objects
Step 4 – Navigate and locate the user and click restore
Step 5 – Optionally you can select to restore to a specific Container
StealthRECOVER provides point-in-time rollback and recovery of Active Directory objects, attributes, Integrated DNS, and more, allowing organizations to restore objects in their entirety or just the granular attribute information they need. Please see our step-by-step guide below to recover users in AD using StealthRECOVER.
Step 1 – Navigate and locate the user object you wish to restore or use our quick object search bar located in the left side of the console.
Step 2 – Select the attributes you want to rollback
Step 3 – Optionally, StealthRECOVER allows an administrator to enter a comment/note about the rollback performed and password options to force to change password, assign a new password and/or enable a user account.
If you wish to restore using LDP.EXE utility or a PowerShell script. Please see the article linked below.
Paul is a graduate of William Paterson University with a Bachelors degree in Computer Science. He considers himself to be a computer enthusiast and enjoys learning and being involved with different types of technologies. At STEALTHbits, Paul is part of the Professional Services team, where he gets to work with and assist many clients. Paul also enjoys working on personal development projects and is currently learning the art of data science.
Learn why Active Directory security should be a priority for your organization and ways to mitigate against a data breach with this free white paper!
Read more© 2021 Stealthbits Technologies, Inc.
thanks for your solution, very quick and simple compared to other solutions on the net.
Does this work for 2003 forest functional level?