Restore AD objects using Recycle Bin Feature of Server 2008 R2
How
to restore the Object using Recycle Bin Feature of Windows Server 2008
R2
To Import the
Active directory commands in the powershell we need to run the
following
command in powershell
PS>
Import-Module activedirectory
Once all the
Active directory cmdlets are imported after that you need to get
the
functional
level of the forest up to the level of Windows Server 2008 R2.
As the Active
directory Recycle Bin features only come under this functional
level.
You can do this
from Active Directory Domains and Trusts that is very easy
way
to do this. As
you can see below that the current functional level is Windows
Server
2003 and we
need to raise it to Windows Server 2008 R2.
We can also
raise the functional level from the powershell. The
Get-ADForest
cmdlet will
return information about your forest and the Set-ADForestMode
cmdlet will
enable you to raise the current functional level.You will be
prompted
to confirm that
you wish to go ahead.
PS>
Get-ADForest | Set-ADForestMode –ForestMode
Windows2008R2Forest
Now our
functional level is set to Server 2008 and now we can enable the Recycle
Bin.
Now that our
forest is at the correct functional level we can enable the Recycle
Bin,
To enable this
feature you can run the following command. It will also ask you
about
the
confirmation.
PS> Enable-ADOptionalFeature 'Recycle Bin Feature'
-Scope ForestOrConfigurationSet
-target 'test.local'
Now that we
have the Recycle Bin enabled and now we can check by deleting some
object from our
AD structure.
There is a new
feature included in Windows 2008 Server that is ‘Protect object
from
accidental
deletion’. So it may happen that you going to delete OU but got a
Access is
denied response and the administrator will actually have to remove
the
tick from that
checkbox before the OU can be deleted.Below is the error that you
will get if the
‘Protect object from accidental deletion’ is checked.
To do this you
need to select the Advance Features, you can get this by following
way.
Then you can go
to the properties the OU and go to the Object tab and uncheck the
”Protect
object from accidental deletion”
So now we have
removed the checkbox and now we can remove the OU from the AD.
We have removed
the Team OU and now you can see below that there is no
Team OU in the
structure.
To see all the
deleted objects, we can run the below Powershell command
PS>
Get-ADObject –SearchBase “CN=Deleted
Objects,DC=test,DC=local”
–ldapFilter
“(objectClass=*)” -includeDeletedObjects | Format-List
Name,ObjectClass,ObjectGuid
We can see from
the resultant output that we have both the Users OU in
there
and the two
user accounts. So now we will restore the objects
Note:-
To restore the Users ,you first need to restore the Parent OU otherwise is will
give you error.
PS>
Restore-ADObject -identity
280befcd-6937-4030-a33c-1ba0a9d40c24
The above
command will restore the OU Team but that will be empty as we need
to
restore the
User objects as well.
Now we need to
restore the objects in Team OU. We can do this by the above
method we used
to restore the OU.But the problem is that if we will have 1000
users
in that OU that
will be so tough to use this command to restore every single object
related to that
OU Team.So to fix this we will make a search for all the deleted
users
that are
related to that OU Team and then will restore them.
To do that we
can run the following command.
PS> Get-ADObject -ldapFilter
"(lastKnownParent=OU=Team,DC=test,DC=local)"
-includeDeletedObjects |
Restore-ADObject
After this
command will finish you will see that all the users that will be related to
this
Team OU will be
restored.Check the below screen shot.
The user
accounts are back in the Users OU.
This is very
Nice and easy feature of Windows Server 2008 R2 to restore the deleted
Objects.
No comments:
Post a Comment