Recycle Bin
The AD Recycle Bin is enabled in the WolfTech Active Directory Domain. If you really want a computer object restored, please submit a SNow ticket to AD Tech queue (activedirectory_technical@help.ncsu.edu) and include the object name, the containing OU, and approximate deletion date. There can be multiple deleted objects with the same name.
Microsoft Documentation:
- The AD Recycle Bin: Understanding, Implementing, Best Practices, and Troubleshooting
- Active Directory Recycle Bin Step-by-Step Guide
AD Recycle Bin from the Powershell command line:
Pretend this OU and everything in it was deleted:OU=Teaching Labs,OU=BAE,OU=CALS,OU=NCSU,DC=wolftech,DC=ad,DC=ncsu,DC=edu
- Login to DC as Domain Admin.
- Run powershell from quick launch. Right click and RUN AS ADMIN or you’ll be wondering why you’re not getting results.
Import-Module ActiveDirectory
Getting help:
Get-Command *ad* -CommandType cmdlet
Get-Help Get-ADObject -examples
Searching for an object named duck:Get-ADObject -SearchBase "CN=Deleted Objects,DC=wolftech,DC=ad,DC=ncsu,DC=edu" -LDAPFilter "(Name=*duck*)" -includedeletedobjects
Output (only last one listed for brevity):Deleted : True
DistinguishedName : CN=Duckwall010\0ADEL:2f9e780e-837e-41ac-b7ab-012e37fc8386,CN=Deleted Objects,DC=wolftech,DC=ad,DC=ncsu,DC=edu
Name : Duckwall010
DEL:2f9e780e-837e-41ac-b7ab-012e37fc8386
ObjectClass : computer
ObjectGUID : 2f9e780e-837e-41ac-b7ab-012e37fc8386
Dan recommends that you add -Properties Created to the end of the cmd above so you can see when the object was created and differentiate it from others of the same name.
Find out what the parent ou of an object named duck was in:Get-ADObject -SearchBase "CN=Deleted Objects,DC=wolftech,DC=ad,DC=ncsu,DC=edu" -LDAPFilter "(Name=*Duckwall010*)" -includedeletedobjects -properties LastKnownParent
Output:Deleted : True
DistinguishedName : CN=Duckwall010\0ADEL:2f9e780e-837e-41ac-b7ab-012e37fc8386,CN=Deleted Objects,DC=wolftech,DC=ad,DC=ncsu,DC=edu
LastKnownParent : OU=OU Admins,OU=Departmental Users,OU=CNR,OU=NCSU,DC=wolftech,DC=ad,DC=ncsu,DC=edu
Name : Duckwall010
DEL:2f9e780e-837e-41ac-b7ab-012e37fc8386
ObjectClass : computer
ObjectGUID : 2f9e780e-837e-41ac-b7ab-012e37fc8386
Restoring Duckwall010$ (get-help Restore-ADObject -examples):Restore-ADObject -Identity 2f9e780e-837e-41ac-b7ab-012e37fc8386
Search for everything in an existing OU that was deleted (run this after restoring the OU):Get-ADObject -SearchBase "CN=Deleted Objects,DC=wolftech,DC=ad,DC=ncsu,DC=edu" -LDAPFilter "(LastKnownParent=OU=Teaching Labs,OU=BAE,OU=CALS,OU=NCSU,DC=wolftech,DC=ad,DC=ncsu,DC=edu)"