Home > Uncategorized > restore OU, group in AD when Deleted

restore OU, group in AD when Deleted

October 5, 2010 dinosg Leave a comment Go to comments

ADRestore.NET rewrite

Last month I had couple of clients that needed to restore accidentally deleted user and computer account. Though there is a command line version of tombstone reanimation tool called adrestore, the clients were not CLI savvies and having a GUI version of this functionality could really help them out. Some time ago I wrote a GUI version just for the case in VB.NET, but as it turned out it was quite buggy (well, it was one of my first .NET GUI apps), so I set down and rewrote the application from scratch in C#.

Now, if you are not familiar with the concept of tombstone reanimation, I would suggest that at this point you go and read Gil Kirkpatrick’s article at Techent – it explains what tombstones are and how does the tombstone reanimation process works.

So, if you are aware of tombstone reanimation limitations (only a small set of attributes is restored), still willing to restore a deleted object and prefer a GUI version, you will probably find this little tool useful.

Main features:

Browsing the tombstones
Domain Controller targeting
Can be used with alternative credentials (convenient if you do not logon to your desktop as Domain Admin, which you should never do anyway)
User/Computer/OU/Container reanimation
Preview of tombstone attributes

Here are some sceenshots:

Enumerating tombstones

Previewing the tombstone attributes

Restoring a deleted user account

Notice that if you delete an OU with accounts in it, you will have to restore first the OUs the accounts were in, otherwise the reanimation of the child object will fail. It is not enough to create an OU with the same name as this will be a totally new object in AD and child object’s lastKnowParent attribute will still reference the deleted OU. Here is a walthrough:

Initial state:

TestOU organizational unit is deleted: