Restore-ADObject

Restore an Active Directory object.

Syntax
      Restore-ADObject [-Identity] ADObject [-AuthType {Negotiate | Basic}]
         [-Credential PSCredential] [-NewName string] [-Partition string]
            [-PassThru] [-Server string] [-TargetPath string]
               [-Confirm] [-WhatIf] [CommonParameters]

Key
   -AuthType {Negotiate | Basic}
       The authentication method to use: Negotiate (or 0), Basic (or 1)
       A Secure Sockets Layer (SSL) connection is required for Basic authentication.

   -Credential PSCredential
       The user account credentials to use to perform this task.
       The default credentials are those of the currently logged on user unless the
       cmdlet is run from an Active Directory PowerShell provider drive.
       If the cmdlet is run from such a provider drive, the account associated with the drive is the default.

       Type a user name, such as "User64" or "Domain64\User64" or specify a
       PSCredential object such as one generated by Get-Credential 

       If a user name is specified, the cmdlet will prompt for a password.

   -Identity ADObject
       An AD object. Most often this will be a Distinguished Name (e.g. CN=sample1,OU=demo,DC=SS64,DC=com)
       The identity may also be given as a GUID.

       Derived types, such as the following are also accepted:
          [Microsoft.ActiveDirectory.Management.]
            ADGroup,ADUser,ADComputer,ADServiceAccount,ADFineGrainedPasswordPolicy,ADDomain

       The cmdlet searches the default naming context or partition to find the object.
       If two or more objects are found, the cmdlet returns a non-terminating error.

       The ADObject may also be passed through the pipeline or set via a variable.

   -NewName string
       The new name of the object.
       This parameter sets the Name property of the AD object.

   -Partition string
       The distinguished name of an AD partition.
       string must be one of the naming contexts on the current directory server.
       The cmdlet searches this partition to find the object defined by the -Identity parameter.
       Examples:
         -Partition "CN=Configuration,DC=EUROPE,DC=TEST,DC=SS64,DC=COM"
         -Partition "CN=Schema,CN=Configuration,DC=EUROPE,DC=TEST,DC=SS64,DC=COM"

       In many cases, a default value will be used for -Partition if no value is specified.

   -PassThru
       Return the new or modified object.
       By default (i.e. if -PassThru is not specified), this cmdlet does not generate any output.
 
   -Server string
       The AD Domain Services instance to connect to, this may be a Fully qualified domain name,
       NetBIOS name, Fully qualified directory server name (with or without port number)

   -TargetPath string
       The new location for the object.
       This location must be the path to a container or organizational unit.

   -Confirm
       Prompt for confirmation before executing the command.

   -WhatIf
       Describe what would happen if you executed the command without actually executing the command.

Restore-ADObject restores a deleted Active Directory object.

The -NewName parameter specifies the new name for the restored object. If the -NewName parameter is not specified, the last known name is used (msDS-lastKnownRDN).

The -TargetPathparameter specifies the new location for the restored object. If the -TargetPath is not specified, the "lastKnownParent" is used.

The -Identity parameter specifies the AD object to restore. Identify an object with its distinguished name (DN) or GUID or set the -Identity parameter to an object variable or through the PowerShell pipeline.
Get-ADObject -IncludedeDeletedObjects will return the distinguished names of deleted objects.

Examples

Restore the deleted object, whose Display Name is 'John Smith':

PS C:\> Get-ADObject -Filter {displayName -eq 'John Smith'} -IncludeDeletedObjects | RestoreADObject

Restore the deleted user object whose SamAccountName is GungiPaterson:

PS C:\> Get-ADObject -Filter 'samaccountname -eq "GungiPaterson"' -IncludeDeletedObjects | Restore-ADObject

Get a list of deleted objects with their Relative Distinguished Name (RDN) and Parent. This will show the parent OU which may need to be restored before any of the content items will successfully restore:

PS C:\> Get-ADObject -Filter {isDeleted -eq $true -and name -ne 'Deleted Objects' } -IncludeDeletedObjects -property * | ft msds-lastknownRdn, lastknownParent -auto -wrap

Restore an OU, with the name 'Zune Sales':

PS C:\> Get-ADObject -Filter {msds-lastknownRdn -eq 'Zune Sales'} -IncludeDeletedObjects | RestoreADObject

Get all the deleted objects, whose 'whenChanged' attribute is greater than the specified date. The clause 'name -ne "Deleted Objects"' makes sure that the Deleted Objects Container is not returned. This will only return objects w hich can be restored:

PS C:\> $changeDate = New-Object DateTime(2016, 11, 23, 1, 40, 02)
Get-ADObject -Filter 'whenChanged -gt $changeDate -and isDeleted -eq $true -and isRecycled -ne $true -and name -ne "Deleted Objects"' -IncludeDeletedObjects

Get all the deleted objects whose 'whenChanged' attribute is greater then the specified date AND at the time of deletion were the children of the specified Organizational Unit:

PS C:\> $changeDate = New-Object DateTime(2011, 11, 23, 1, 40, 02)
Get-ADObject -Filter 'whenChanged -gt $changeDate -and isDeleted -eq $true -and isRecycled -ne $true -and lastKnownParent -eq "OU=Accounting,DC=SS64,DC=com"' -IncludeDeletedObjects

Restore an AD-LDS object using its ObjectGUID:

PS C:\> Restore-ADObject -Identity 'a5dcceeb-76dc-4550-ad76-f31a50aeb2ed' -Server server64:50000

“There are different kinds of justice. Retributive justice is largely Western. The African understanding is far more restorative - not so much to punish as to redress or restore a balance that has been knocked askew" ~ Desmond Tutu

Related PowerShell Cmdlets

Get-adObject - Get one or more AD objects.
Move-adObject - Move an AD object or container to a different container or domain.
New-adObject - Create an AD object.
Remove-adObject - Remove an AD object.
Rename-adObject - Change the name of an AD object.
Set-adObject - Modify an AD object.


 
Copyright © 1999-2024 SS64.com
Some rights reserved