What
Is a Tombstone
When Active Directory deletes an object from the directory, it does not physically remove the object from the database. Instead, Active Directory marks the object as deleted by setting the object’s isDeleted attribute to TRUE, stripping most of the attributes from the object, renaming the object, and then moving the object to a special container in the object’s naming context (NC) named CN=Deleted Objects. The object, now called a tombstone, is invisible to normal directory operations.
From the Windows Server 2003 Installation CD, it is located on \SUPPORT\TOOLS\SUPTOOLS.MSIWhen Active Directory deletes an object from the directory, it does not physically remove the object from the database. Instead, Active Directory marks the object as deleted by setting the object’s isDeleted attribute to TRUE, stripping most of the attributes from the object, renaming the object, and then moving the object to a special container in the object’s naming context (NC) named CN=Deleted Objects. The object, now called a tombstone, is invisible to normal directory operations.
You do not need to follow this step, if using Windows Server 2008.
Process to Restore the Deleted Object
Run LDP.exe.
On LDP window, click Connection menu, click Connect, type the appropriate server name and port.
Click Connection menu, click Bind, and type the Administrator account and password.
Run LDP.exe.
On LDP window, click Connection menu, click Connect, type the appropriate server name and port.
Click Connection menu, click Bind, and type the Administrator account and password.
Click Options menu, click Controls.
On Load Predefined, select Return deleted objects.
This option will show the Deleted Objects container that is hidden by default.
On Load Predefined, select Return deleted objects.
This option will show the Deleted Objects container that is hidden by default.
Click View menu, click Tree, and then select the distinguished name of the domain name.
On the left, select DC=Microship,DC=com.
Then expand the Deleted Objects container, and find the deleted object.
On the left, select DC=Microship,DC=com.
Then expand the Deleted Objects container, and find the deleted object.
Right click on the nameoftheuser account, then click Modify.
In the Attribute box, type isDeleted. Under Operation, click Delete, and then click Enter.
In the Attribute box, type distinguishedName, in the Values box, type CN=name of the user ,OU=OUName,DC=DCName,DC=com. Under operation, click Replace, and then click Enter.
Select the Extended check box, and then click Run.
In the Attribute box, type distinguishedName, in the Values box, type CN=name of the user ,OU=OUName,DC=DCName,DC=com. Under operation, click Replace, and then click Enter.
Select the Extended check box, and then click Run.
The result of restoring deleted objects using Tombstone Reanimation procedure is not perfect. You will restore a disabled account with all attributes has been stripped. You have to set the password and enable the account.
No comments:
Post a Comment