How to Restore Deleted Objects in Active Directory

Discover how to restore deleted objects in Active Directory using the Recycle Bin, PowerShell, or authoritative restore methods. A must-read guide for system administrators.

In this Guide:

When you're managing an Active Directory (AD) environment, it can be a real headache if user accounts, computer objects or organizational units (OUs) get accidentally deleted. The good news is that AD has built-in tools to help you restore those deleted objects.

In this article, we’ll guide you through the various options and methods available for recovering deleted items in Active Directory.

Understanding Deleted Objects in Active Directory

When you delete an object in Active Directory, it doesn’t just disappear right away. Instead, it gets moved to the Deleted Objects container, which serves as a temporary storage space. You have the chance to recover the object during this period before it’s permanently wiped out by garbage collection.

Key points about deleted objects:

  • The object stays in the Deleted Objects container for the tombstone lifetime, which is typically 180 days for Windows Server 2003 SP1 and later.
  • After the tombstone lifetime expires, the object is permanently removed by the garbage collection process.
  • To restore a deleted object, you need to have the right permissions, like being part of the Domain Admins or Enterprise Admins group.

Methods for Restoring Deleted Objects

1. Active Directory Recycle Bin

The Active Directory Recycle Bin offers a straightforward and effective way to bring back deleted objects along with their attributes, all without needing to reboot the system or experience any downtime.

Enabling the Active Directory Recycle Bin

Before you can use the AD Recycle Bin, you need to enable it. Keep in mind that once it's enabled, you can't turn it off.

  1. Start by opening the Active Directory Administrative Center (ADAC).
  2. In the left pane, select your domain.
  3. Then, click on Enable Recycle Bin in the Tasks section.
  4. Make sure to confirm your action. (This change will affect the entire forest.)

Restoring Deleted Objects Using AD Recycle Bin

  1. Open the Active Directory Administrative Center (ADAC).
  2. In the left pane, select your domain and click on Deleted Objects.
  3. Find the deleted object you wish to restore.
  4. Right-click the object and choose Restore to return it to its original location.
    • If you prefer to restore the object to a different container, choose Restore To instead.

2. Using PowerShell to Restore Deleted Objects

PowerShell offers a powerful and efficient way to recover deleted objects.

Steps to Restore Using PowerShell

  1. Open PowerShell with administrative rights.
  2. Execute the following command to see deleted objects: Get-ADObject -Filter 'isDeleted -eq $true' -IncludeDeletedObjects
  3. Locate the Distinguished Name (DN) of the deleted object.
  4. Use the Restore-ADObject cmdlet to bring it back:
    • Make sure to replace <DistinguishedName> with the DN of the object you want to restore.
    • Restore-ADObject -Identity <DistinguishedName> 

Example:

If you’re looking to restore a deleted user object, you can do it like this:

Get-ADObject -Filter 'isDeleted -eq $true' -IncludeDeletedObjects | Where-Object {$_.Name -like "JohnDoe"} Restore-ADObject -Identity "CN=JohnDoe\\0ADEL:abcd1234-5678-90ef-ghij-klmnopqrstuv,CN=Deleted Objects,DC=example,DC=com"

3. Using Authoritative Restore with Ntdsutil

In cases where the AD Recycle Bin isn’t enabled, you can perform an authoritative restore using the Ntdsutil tool. This method involves restoring an Active Directory backup.

Steps to Perform Authoritative Restore

  1. Boot into Directory Services Restore Mode (DSRM):
    • Restart the domain controller.
    • During startup, press F8 and choose Directory Services Restore Mode.
  2. Restore the AD Database from Backup:
    • Use your backup software to restore the AD database.
  3. Mark the Object for Authoritative Restore:
    • Open Command Prompt and run:
    • Replace <DistinguishedName> with the DN of the deleted object.
    • ntdsutil activate instance ntds authoritative restore restore object "<DistinguishedName>"
  4. Restart the Domain Controller:
    • Reboot the system normally.

Best Practices for Preventing Accidental Deletion

  1. Enable the Active Directory Recycle Bin: This feature offers a straightforward and dependable way to recover deleted objects.
  2. Use the “Protect from accidental deletion” option: When setting up new Organizational Units (OUs) or objects, make sure to turn on this option to avoid any unintentional deletions.
  3. Regular Backups: It's crucial to back up Active Directory on a regular basis to ensure you can recover from worst-case scenarios.
  4. Limit Permissions: Only give deletion permissions to trusted administrators to reduce the chances of accidental deletions.
  5. Audit Deletions: Turn on auditing to keep track of who deletes objects and when.

Conclusion

Restoring deleted objects in Active Directory can be a breeze if you know the right tools and methods. Whether you’re using the Active Directory Recycle Bin, PowerShell, or an authoritative restore, each method is suited for different situations. By putting preventive measures in place, like enabling the Recycle Bin and protecting objects from accidental deletion, you can make recovery easier and keep your Active Directory environment robust.

Frequently asked questions:

Securing IT Management.

FEATURES

EXPLORE IT Asset Management

RESOURCES

COMPANY

Zecurit © 2025, All rights reserved.

English