Archive | December 2013

Recovering Deleted AD Users (and other objects) with PowerShell

If you have to recover deleted users in AD, and don’t have the AD Recycle Bin available, PowerShell is perfect for the task.

There’s an article on TechNet http://technet.microsoft.com/en-us/library/dd379509(v=ws.10).aspx  which describes using LDP or PowerShell with the Recycle Bin, but if you don’t have that enabled, there are a few things it leaves out.

If you don’t specify the “-NewName” property when using Restore-ADObject, you get the following error.

Restore-ADObject : Illegal modify operation. Some aspect of the modification is not permitted

This can be for other reasons, such as the parent/former OU being invalid (having been deleted itself), but in this case, deleted items don’t have a displayname, soooo.  Also, in the article, they filter Objects by displayname, but again, deleted objects don’t have one.  Womp Womp.

So you can try something like these commands instead.

Get-ADObject -IncludeDeletedObjects -filter {cn -like "*name*"} | Restore-ADObject -NewName "<newname>"
or
Get-ADObject -IncludeDeletedObjects -filter {objectguid -eq "someguid"} | Restore-ADObject -NewName "<newname>"