AD perform object- and container-level recovery

To restore an object in Active Directory ldp.exe or the powershell ADObjects cmdlets can be used.


  1. From an elevated command prompt, type ldp.exe
  2. Click on Connection > Connect and type in the name of the server the host the forest root domain
  3. Select Bind from the connection menu
  4. And click  OK
  5. Select controls from the Options menu, this will open the controls dialog box, changing Load Predefined to Return deleted objects, click OK.
  6. Click on View menu > Tree, selecting the BaseDN from the drop down list
  7. Navigate to CN=Deleted Objects, expand it and highlight the deleted object
  8. Select Modify from the Browse menu and do the following
    1. In the Edit Entry Attribute box, type isDeleted.
    2. Select Delete in the Operation area.
    3. Click Enter to move the [Delete]isDeleted item to the Entry List box.
    4. In the Edit Entry Attribute box, type distinguishedName.
    5. In the Values box, type the original DN of the Active Directory Object.
    6. Select Replace in the Operation area and select Extended.
    7. Click Enter and then click Run to restore the deleted object.

This will restore the object in a disabled state, to enable reset the password and enable.




If the Active Directory recycle bin has been enabled, then powershell ADObject cmdlet can be used to restore the object.

Get-ADObject -Filter {displayName -eq “Alastair Hill”} -IncludeDeletedObjects¬† | Restore-ADObject

Leave a Reply