If on a Microsoft Server there is no Active Directory Bin active, which happens way too often, and user-  or computerobjects get deleted and do not just get deactivated and pushed to an OU to rest in peace, you will find yourself in the delecate situation to restore Objects from the hidden OU “Deleted Objects”.

This article describes how.


Connecting to LDP

At first you have to start ldp.exe with domain admin credentials.

In LDP you connect to the DC using Hostname or IP.

Now you authenticate over connection > bind.

If you are logged in as Dom-Admin you can use single sign on.
Otherwise provide domain, user and password.

Now connect to the Organisational Unit “Deleted Objets”.
Go to Scope > Subtree

CN=Deleted Objects, DC="Domain", DC="Domainsuffix"

Now you will see the OU on the left hand side.
To show these you have to edit the control elements.

Here you select “Deleted Objects” check it out and in again (yay!) and now the hidden objects are visible.

Afterwards we search for the Object we want to restore.


Restoring the object

We remove the “isDeleted” attrbute  replace the “distinguishedName” attrubute with “CN=SomeName,” followed by the canonical name of the last known parent.


Afterwards the object shoud be visible in Active Directory again, it is deactivated however.
If it is visible just refresh the Active Directory view a few times by pressing F5 or restart AD.

So easy… thanks Peter!