Recovering deleted objects that have exceeded the tombstone lifetime

Problem

When an Active Directory object is deleted, and it stays in the deleted state for longer than the tombstone lifetime, then the object cannot be restored using native methods.

This post will explain how you can restore objects whose tombstone lifetime has elapsed.

Solution

Using RecoveryManager Plus, you can restore these objects easily. RecoveryManager Plus comes with an in-built Recycle Bin. Unlike the native Recycle Bin of AD, this does not have to be manually enabled. Also, you do not have to enable the native Recycle Bin for RecoveryManager Plus's Recycle Bin to work.

• Login to RecoveryManager Plus with an administrator's credentials.
• Navigate to the Active Directory tab → Active Directory → Recycle Bin.
• Select the domain that contains the object to be restored in the Domain drop-down box.
• You can use RecoveryManager Plus to recycle the deleted object to the same location or to a new location.
  • To recycle the object to its previous location, select the Recycle radio button at the top of the screen.
  • To recycle the object to a new location, select the Recycle to at the top of the screen radio button. In the pop-up that appears, select the location to which you recycle the object and click Save.
• Click the icon to narrow the search for the object to be restored.
  • Type the name of the deleted object in the Object Name field. If you are not sure of the name, use the filters such as Contains, Starts With, Ends With, and Equals.
  • Click the icon in the OUs field to select the OU.
  • Specify the approximate time period within which the object was deleted in the Backup Date field and click Apply.
  • In the Object Type field, select the type that fits from the drop-down box and hit Search.
• Mark the check box against the objects that you would like to recycle.
• Click Restore.

  

  Your deleted object will now be restored with all of its attributes intact.

  Note: When you restore a deleted object that has been removed from the deleted object container, the object will be recreated with a new GUID and SID. If you wish to retain a user's last set password in Active Directory, mark the checkbox against Preserve Object Password, in recovery settings.