I was surfing while installing Windows 2003 servers today, and came across AD Explorer. This utility is from Sysinternals (now owned by Microsoft), that allows you to view a whole slew of information regarding your Active Directory tree. You can even take snapshots of your tree and save them for offline viewing.
Note: The domain names shown in images this blog entry have been edited out to protect my client’s privacy.
Using AD Explorer, I saved a current snapshot of my tree.
After the snapshot completed I verified user 5-9 exists at this time. Next, I deleted user 5-9, and used AD Explorer’s search function to verify the user is gone from the tree. I also browsed the tree within Active Directory Users and Computers and verified the object really was gone.
Next, I downloaded Sysinternals’ ADRestore program, which is a command line based utility that can restore AD tombstoned objects. The documentation is very limited, what I found was KB840001 and this blog entry.
I saved ADRestore to my Windows 2003 server’s hard drive, then searched for tombstoned objects containing the character ‘5’ (as in user object 5-9)
The user object 5-9 was found by ADRestore, and since I specified the -r switch I was asked if I wanted to restore the object, rather than the utility automatically restoring all tombstoned objects that matched the search filter.
I loaded both AD Explorer and Active Directory Users and Computers, and verified user object 5-9 was restored to it’s original location, the students OU. After the restore process, the user account was disabled, so I had to re-enable the account, reset the password, and restore group membership.
The whole process worked great, but I wondered, how could I do this without console access to a domain controller, either by physically working on the machine or via Remote Desktop or some other remote control program? So I deleted user object 5-9 again, and went searching for a solution.
I used PSExec, a part of the PSTools suite from Sysinternals (they make good stuff). PSExec executes processes on a remote machine while redirecting output to your local system. Interestingly enough, PSExec is command line based, but a GUI for it was found on the Novell Cool Tools website of all places. I haven’t checked it out, so I’d love to know how well it works if anyone tries it.
Back to executing ADRestore with PSExec. Below you will see the syntax I used to remotely run adrestore.exe, as administrator, from the root of the server’s C drive.
I went back into AD Explorer and ADUC, and saw that user object 5-9 had been restored once again. Now you know how to use ADRestore to restore AD objects, both locally and remotely.