Hello Friends , Today i will show you how you can
use the Adrestore(Adrestore.exe) tool to restore a deleted user/Group etc. When
you delete a user, The user is not completely deleted from Active directory
however the user is put in to deleted object container and the deleted user
remains in the deleted object container till it's Tomstone period. Recovering a
user using Adrestore doesn't bring back all the attributes of the user however
it bring back only a subset of the attributes.
The main points about Adrestore tool is as below.
1)The Adrestore tool can be used to recover a
user/group.
2)Adrestore doesn't bring back all the attributes
of the user.
3)After the recover, The user will be disabled so
the user has to be enabled.
4)You will have to manually set a password to the
user as the password attribute can't be recovered.
Every user has a "IsDeleted" attribute,
When a user is deleted then the "IsDeleted" attribute is set
to"True" Which implies that the user is deleted.
I have created a user "netadmin", I
have added the below Group membership to the user as the user is an Admin user.
1)Domain Admins.
2)Enterprise Admins.
3)Schema Admins.
4)Domain Users.
Now i accidentally deleted the user netadmin, I will recover the user using Adrestore.
Adrestore is a Microsoft tool which can be
downloaded from the below link.
Download the Adrestore tool and save it on a
folder.
Open command prompt and go the location where
Adrestore resides.
We will be using -r switch to restore the deleted
user.
Type Adrestore.exe -r and hit enter.
Once you hit enter , The Adrestore will show all
the deleted users/Group one by one and will ask your permission if you want to
restore the user/group.
If you know the name of the deleted user and you
don't want the Adrestore tool to check all the deleted user then you can also
use the command "Adrestore.exe
-r Username" to restore the user.
Once the user is restored then it will show up in
Active Directory user and Computers console however the user will be disabled.
We will have to enable the user and then reset
the password to use the user account again.
Now the user is recovered however most of it's Attributes are stripped off.
Now the user is recovered however most of it's Attributes are stripped off.
Before the netadmin user was member of Domain
admins, Schema Admin, Enterprise Admins and Domain users group however after
the restore the user is only a member of Domain users so all the other
attributes of the user has to be added manually.