How to recover deleted objects that have exceeded the tombstone lifetime using RecoveryManager Plus

Problem

When an object is deleted from Active Directory (AD), it enters the deleted state and is moved to the deleted objects container in AD. The object remains in this state for a duration known as the tombstone lifetime, which is typically set to 60 or 180 days, depending on your AD environment's configuration. During this period, the object can still be restored using native tools.

However, once the tombstone lifetime has expired, the object is permanently removed from AD and cannot be restored using native tools. This situation creates a significant challenge if you need to recover critical data or objects after this window has closed.

This guide will explain how you can restore deleted AD users and other objects whose tombstone lifetime has elapsed.

Solution

RecoveryManager Plus simplifies the restoration of AD users and other objects with built-in recycle bin that is enabled by default, unlike the native AD Recycle Bin, which must be manually enabled. RecoveryManager Plus recycle bin feature functions even when the native AD Recycle Bin is not enabled.

1. Login to RecoveryManager Plus as an administrator.
2. Navigate to the Active Directory tab > Active Directory Objects > Quick Recovery > Deleted Objects.
3. Select the domain that contains the deleted objects you would like to restore from the drop-down at the top-left corner.
4. The list of all objects that have been deleted will be displayed.

   Note: If your tombstone lifetime is 60 days, only the objects that were deleted 60 days before the time at which RecoveryManager Plus backed up your AD environment will be displayed.

5. To filter objects, simply click on one of the tiles. The options include Total Deleted Objects, Deleted User Objects, Deleted Group Objects, and Deleted Group Policy Objects. To filter other objects, use the Object Type drop-down menu in the table below.
6. Click Restore Location to choose a location for the object to be restored to. If no location is selected, the object will be restored to its original location.
7. Click a link in the Backup Version field in the table to view the attributes and the value of the object that will be restored.
8. Check the box against the object(s) that you wish to restore and click Restore.

   Note: If RecoveryManager Plus was not installed at the time of object deletion, only a limited number of default attributes will be restored. If you do not restore the object within the tombstone lifetime period, you’ll not be able to restore the objects even using RecoveryManager Plus.

   

   Figure 1: Restoring deleted AD objects using RecoveryManager Plus

Your deleted object will now be restored with all of its attributes intact.

RecoveryManager Plus provides an efficient way for restoring AD objects, even those that have exceeded the tombstone lifetime. With its built-in recycle bin, you can easily recover deleted objects without relying on native AD tools.