Active Directory
A set of directory-based technologies included in Windows Server.
6,910 questions
restore ad objects
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(169.60000000000002, 54%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENK%3C/text%3E%3C/svg%3E)
Nitzan Kravzov
5
Reputation points
Hello,
How do I give delegation for domain user to restore objects from ad?
I used the following command:
dsacls dc=<your domain>,dc=<com> /g "restore_objects:ca;Reanimate Tombstones"
dsacls "cn=deleted objects,dc=<your domain>,dc=<com>" /takeownership
dsacls "cn=deleted objects,dc=<your domain>,dc=<com>" /g "restore_objects:LCRP"
https://nettools.net/how-to-delegate-object-restoration-rights/
domain admins are able to restore object
domain users in the group: restore_objects are able to restore object from recycle bin only if the object is in ou that Protected from accidental deletion is unchecked, they receive error "access is denied".
Thanks
Sign in to answer