Utility: Restore deleted AD items

Monday, July 21, 2008
Were you aware of the fact that when you delete something from AD, e.g. User or an OU that there is a way to get it back?! What actually happens when you delete an AD item is that the system removes all traces of the item from all consoles, and moves the item to a special area in AD and turns the object into a "tombstone" (see http://www.microsoft.com/technet/technetmag/issues/2007/09/Tombstones/default.aspx for more info on Tombstones). This tombstone is replicated to all DC's. There is a process that runs which performs a cleanup from time to time, but in the meantime how do you access the tombstone information? Glad you asked!

There is a SysInternals command line tool called ADRestore located here: http://technet.microsoft.com/en-us/sysinternals/bb963906.aspx

There is also a very nice gui tool now available written by Guy Teverovsky available for download from http://blogs.microsoft.co.il/blogs/guyt/archive/2007/12/15/adrestore-net-rewrite.aspx
