ADRestore.NET rewrite

Last month I had couple of clients that needed to restore accidentally deleted user and computer account. Though there is a command line version of tombstone reanimation tool called adrestore, the clients were not CLI savvies and having a GUI version of this functionality could really help them out. Some time ago I wrote a GUI version just for the case in VB.NET, but as it turned out it was quite buggy (well, it was one of my first .NET GUI apps), so I set down and rewrote the application from scratch in C#.

Now, if you are not familiar with the concept of tombstone reanimation, I would suggest that at this point you go and read Gil Kirkpatrick's article at Techent - it explains what tombstones are and how does the tombstone reanimation process works.

So, if you are aware of tombstone reanimation limitations (only a small set of attributes is restored), still willing to restore a deleted object and prefer a GUI version, you will probably find this little tool useful.

Main features:

  • Browsing the tombstones
  • Domain Controller targeting
  • Can be used with alternative credentials (convenient if you do not logon to your desktop as Domain Admin, which you should never do anyway)
  • User/Computer/OU/Container reanimation
  • Preview of tombstone attributes

Here are some sceenshots:

Enumerating tombstones

 image

Previewing the tombstone attributes

image

Restoring a deleted user account

image

Notice that if you delete an OU with accounts in it, you will have to restore first the OUs the accounts were in, otherwise the reanimation of the child object will fail. It is not enough to create an OU with the same name as this will be a totally new object in AD and child object's lastKnowParent attribute will still reference the deleted OU. Here is a walthrough:

Initial state:

image 


TestOU organizational unit is deleted:

image 


State of tombstones (notice that lastKnownParent attribute of user and computer accounts reference the deleted OU):

image

OU is restored (lastKnowParent points to the restored OU's distinguished name):

image

Both computer and user accounts that resided in TestOU are reanimated:

image

Download ADRestore.NET

Published Saturday, December 15, 2007 4:48 AM by Guy Teverovsky
תגים:,

Comments

Wednesday, January 23, 2008 8:57 AM by fmustafa

# re: ADRestore.NET rewrite

Seems good tool, but it gives error "Fails to Enumerate available domains" although I use Enterprise Admin and Domain Admin account!! Any idea on how to fix this??

Wednesday, January 23, 2008 5:23 PM by Paul Slager

# re: ADRestore.NET rewrite

I get a failed to enumerate availbe domains.  The error was logon failure unknown username or bad password.  I am a schema admin and running the tool both off my domain connected client and directly off the DC and I get the same message.  I also try to use a different schema admin account but nothing shows up when I hit enemuerate the Domain list isnt populated.  

Friday, January 25, 2008 11:41 AM by Edwin Bakkes

# re: ADRestore.NET rewrite

I get the same error when i start de application

Friday, January 25, 2008 2:57 PM by Guy Teverovsky

# re: ADRestore.NET rewrite

Thanks guys, I'm looking into it.

Sunday, January 27, 2008 2:43 AM by Guy Teverovsky

# re: ADRestore.NET rewrite

Guys, looks like you downloaded the version from Daniel Petri's website and the one there was an old version with a bug. I have updated the version on www.petri.co.il server, so you might want to give it another shot: www.petri.co.il/ADRestore.NET.zip

Sorry for inconvenience,

Guy

Tuesday, February 05, 2008 10:21 PM by Aviad Avisar

# re: ADRestore.NET rewrite

נחמד.

כמה שאלות :

האם זה יודע לשחזר גם ססמא של המשתמש?

האם יודע לשחזר רק ATTRIBUTE אחד של אבוייקט?

Wednesday, February 06, 2008 12:17 AM by Guy Teverovsky

# re: ADRestore.NET rewrite

Hi Aviad, nice to see your here too ;)

As for your questions:

Q: "Can the tool restore the password?"

A: No. The tool does not restore the object to the state it was before the deletion. All it does is to reanimate the tombstone (which has a very limited number of attributes left). I suggest that you read Gil's article at Technet about tombstones for better understanding the difference between authoritative restore of an object and tombstone reanimation: www.microsoft.com/.../default.aspx

Q: Can the tool restore a single attribute ?

A: No. All it does is to bring the tombstone alive. If you change an attribute of on object and want to roll it back, there is no tombstone of the object, so the tool won't even see it. Again, this has to do with the way the tombstones work.

The tool is not supposed to be a full recovery tool, but in certain situations all you need is the account and the SID (i.e.: deleted service account) - this is where the tool comes useful and saves you the time needed for authoritative restore.

Wednesday, March 26, 2008 12:50 PM by Jorge 's Quest For Knowledge!

# Free AD Objects Recovery Tools

A while ago, I wrote about the new feature within Windows Server 2008 to reanimate and populate the attributes

Wednesday, March 26, 2008 10:09 PM by Yann

# re: ADRestore.NET rewrite

Very awesome tool !

I get used of using adrestore in command line, but for a GUI-guy as I am, it is just awesome.

Thanks for sharing your tool.

Cheers,

Yann

Friday, April 18, 2008 3:49 PM by Nieuwe versie ADRestore.net « Microsoft Engineer - Core Infrastructuur.

# Nieuwe versie ADRestore.net « Microsoft Engineer - Core Infrastructuur.

Pingback from  Nieuwe versie ADRestore.net « Microsoft Engineer - Core Infrastructuur.

Thursday, April 24, 2008 2:44 PM by IT-Professional Community Blog

# Nieuwe versie ADRestore.net

A. Schmidt stuurde de volgende handige tip: Er is recent een nieuwe versie van ADRestore.net uitgebracht

Friday, May 30, 2008 2:34 PM by Ian

# re: ADRestore.NET rewrite

This tool is fantastic! It’s just made restoring some accidently deleted computer accounts a piece of cake. Thank you very much!

Tuesday, June 10, 2008 12:28 PM by FutureFuust

# re: ADRestore.NET rewrite

hey, i just tried your tool for an assignment no school (restoring an OU), I installed the GUI version and got the following error:

"Fails to Enumerate available domains"

I read in the reply's above this is a know issue, just wanted to let u know it is still there

ps. the command line version did the job just fine

FutureFuust

Tuesday, July 01, 2008 12:42 AM by Jeremy Stump

# re: ADRestore.NET rewrite

Using Ldp i can see dns node entries which get deleted from our env. I dont see in this tool where we can display those too. Is that coming?

Wednesday, July 02, 2008 4:16 PM by Guy Teverovsky

# re: ADRestore.NET rewrite

Jeremy,

The tool currently filters out the object classes other than user/computer/organizationalUnit/container. I did not see much value in making it support all available object classes.

Btw, why would you want to restore DNS records? Unless those were static, it's easier to let the hosts re-register dynamically (if allowed).

Tuesday, July 22, 2008 12:51 AM by Dan

# re: ADRestore.NET rewrite

Hi Guy,

I've accidentally deleted a user with the administrative rigths on my laptop. Can I restore it by using your tool?

I would grately appriciate any help you can provide.

Thank you

Tuesday, July 22, 2008 1:14 AM by Guy Teverovsky

# re: ADRestore.NET rewrite

Dan,

The tool works only with Active Directory accounts. In order to restore local account you will probably have to revert to a Restore Point dated before the account deletion.

Thursday, September 11, 2008 1:38 AM by faq-o-matic.net » ADRestore.NET: Gelöschte AD-Objekte wiederbeleben

# faq-o-matic.net » ADRestore.NET: Gelöschte AD-Objekte wiederbeleben

Pingback from  faq-o-matic.net  » ADRestore.NET: Gelöschte AD-Objekte wiederbeleben

Thursday, September 11, 2008 2:24 AM by Nils Kaczenski

# re: ADRestore.NET rewrite

Guy,

awesome. Just for your information and for everyone who needs it: I created a small script-based tool ("Werding") that helps in tombstone recovery.

It does an attribute export of AD objects (when they still exist) and can write those attributes back to re-animated tombstones. That way you can recover additional data such as address data, but most importantly group membership of recovered objects. (The password will not be recovered, though. You have to set a new one, but that's better anyway.)

See the international version at:

[faq-o-matic.net » Werding v2 (English version): Online data recovery for Active Directory]

www.faq-o-matic.net/.../werding-v2-english-version-online-data-recovery-for-active-directory

Bye, Nils

Friday, September 19, 2008 4:19 AM by Ernst

# re: ADRestore.NET rewrite

Hi Guy,

Is it necessary to boot the server in ad restore mode?

Thanks,

Ernst

Friday, September 19, 2008 4:19 AM by Ernst

# re: ADRestore.NET rewrite

Hi Guy,

Is it necessary to boot the server in ad restore mode?

Thanks,

Ernst

Friday, September 19, 2008 9:16 AM by Guy Teverovsky

# re: ADRestore.NET rewrite

Ernst, no need to boot into DSRM. This is tombstone reanimation and not authoritative restore

Thursday, October 16, 2008 4:05 PM by 2K3 - 2003 SBS - OU gel?scht! - MCSEboard.de MCSE Forum

# 2K3 - 2003 SBS - OU gel?scht! - MCSEboard.de MCSE Forum

Pingback from  2K3 - 2003 SBS - OU gel?scht! - MCSEboard.de MCSE Forum

Monday, November 10, 2008 1:50 PM by Nugita

# re: ADRestore.NET rewrite

Hy Guy

Great tool, it helpded me restoring OU and workstations because a stupid AD especialist deleted all of them.

One question .... Is there any way we can do a bulk restore (ie. workstations within the same OU)?

Thanks,

N.

Wednesday, November 12, 2008 1:08 AM by publicity services

# publicity services

I guess this is what every successful entrepreneur goes through and i hope this article will give a picture of what being an entrepreneur really is like, the before and after effects and how busy it will get when ur business is transiting from small

Friday, January 09, 2009 12:46 AM by Ed

# re: ADRestore.NET rewrite

Hey Guy,

Great tool!  Is there a way to select multiple objects?  I need to restore over 100 computers...

Thanks,

Ed

Wednesday, February 04, 2009 9:07 PM by Carlos

# re: ADRestore.NET rewrite

I run the tool and I was able to see the computers recovered, just after I restored the OU. BUT, I can't log the PCs in the AD domain... am I missing something?

Thursday, February 12, 2009 12:23 AM by Business IT Solutions » Active Directory Undelete tool

# Business IT Solutions » Active Directory Undelete tool

Pingback from  Business IT Solutions » Active Directory Undelete tool

Friday, February 20, 2009 9:14 PM by Recovering Deleted Items in Active Directory

# Recovering Deleted Items in Active Directory

Pingback from  Recovering Deleted Items in Active Directory

Thursday, March 12, 2009 6:51 PM by Tools I Can't Live Without | The Egotistical Admin

# Tools I Can't Live Without | The Egotistical Admin

Pingback from  Tools I Can't Live Without | The Egotistical Admin

Thursday, May 21, 2009 7:34 PM by Sysinternals “AdRestore” | Server Talk

# Sysinternals “AdRestore” | Server Talk

Pingback from  Sysinternals “AdRestore” | Server Talk

Saturday, July 11, 2009 12:19 AM by ???????????????????????????? ?????????????????? ?????????????????? (???????????????? "tombstone") ?? Active Directory

# ???????????????????????????? ?????????????????? ?????????????????? (???????????????? "tombstone") ?? Active Directory

Pingback from  ???????????????????????????? ?????????????????? ?????????????????? (???????????????? "tombstone") ?? Active Directory

Monday, July 20, 2009 1:39 PM by Restore missing Standard TCP/IP Port type for Printer « Manojdarbar’s Blog

# Restore missing Standard TCP/IP Port type for Printer « Manojdarbar’s Blog

Pingback from  Restore missing Standard TCP/IP Port type for Printer « Manojdarbar’s Blog

Thursday, August 13, 2009 10:58 AM by faq-o-matic.net » Active-Directory-Daten online wiederherstellen

# faq-o-matic.net » Active-Directory-Daten online wiederherstellen

Pingback from  faq-o-matic.net  » Active-Directory-Daten online wiederherstellen

Wednesday, August 19, 2009 5:00 PM by faq-o-matic.net » Werding v2 (English version): Online data recovery for Active Directory

# faq-o-matic.net » Werding v2 (English version): Online data recovery for Active Directory

Pingback from  faq-o-matic.net  » Werding v2 (English version): Online data recovery for Active Directory

Sunday, September 20, 2009 9:43 AM by credit advice

# credit advice

WOW the time just flies on this site. I got so wrapped up in reading everything!

Monday, September 28, 2009 9:04 PM by Enable Active Directory Object Restore With Windows Server 2008 R2 | Weblog.BassQ.nl

# Enable Active Directory Object Restore With Windows Server 2008 R2 | Weblog.BassQ.nl

Pingback from  Enable Active Directory Object Restore With Windows Server 2008 R2 | Weblog.BassQ.nl

Tuesday, October 06, 2009 3:03 PM by EXCH - Exchange 2007 Benutzer aus AD gel?scht - MCSEboard.de MCSE Forum

# EXCH - Exchange 2007 Benutzer aus AD gel?scht - MCSEboard.de MCSE Forum

Pingback from  EXCH -  Exchange 2007 Benutzer aus AD gel?scht - MCSEboard.de MCSE Forum

Wednesday, November 18, 2009 8:37 AM by ..::\\ www.christiano.ch //::.. » Recovering accidentally deleted Items in Active Directory

# ..::\\ www.christiano.ch //::.. » Recovering accidentally deleted Items in Active Directory

Pingback from  ..::\\ www.christiano.ch //::.. » Recovering accidentally deleted Items in Active Directory