Share via

Recover Active Directory Deleted Items Using LDP.EXE

  • Article

ldp.exe is a tool which we can use to query information from Active Directory. With the same tool, we can edit the data of the objects in Active Directory. This tool can also be used for deleted objects recovery in Active Directory. With Windows 2008 R2 Active Directory there is one method for recovering deleted items (AD recycle bin). This is another option.

http://darshanaj.files.wordpress.com/2011/11/1_thumb.png?w=583&h=383

 

Here we are deleting the user object (User3). After this we can execute ldp.exe on the Run command to open the tool.

http://darshanaj.files.wordpress.com/2011/11/2_thumb.png?w=593&h=437

 

On ldp.exe click the Connection menu and select Connect. It will prompt with a dialog box and we can type our domain controller name. In this domain it’s lion.mydomain.lk with a default ldap port of 389.

http://darshanaj.files.wordpress.com/2011/11/3_thumb.png?w=644&h=415

Again, click the Connection menu and select Bind.

http://darshanaj.files.wordpress.com/2011/11/4_thumb1.png?w=654&h=459

Click the Options menu and select Controls.

http://darshanaj.files.wordpress.com/2011/11/5_thumb1.png?w=672&h=383

From the Load Predefined list select Return deleted objects. Click OK.

http://darshanaj.files.wordpress.com/2011/11/6_thumb1.png?w=684&h=500

Open the View menu and select Tree View.

http://darshanaj.files.wordpress.com/2011/11/7_thumb1.png?w=694&h=450

Now we can see all the deleted items and at the bottom there will be user3 (last deleted item).

http://darshanaj.files.wordpress.com/2011/11/8_thumb1.png?w=709&h=436

Right-click on the item and select Modify.

http://darshanaj.files.wordpress.com/2011/11/9_thumb.png?w=719&h=382

From this window, type isDeleted in the Attribute text box. Select the Delete radio button from Operation. Click Enter.

http://darshanaj.files.wordpress.com/2011/11/10_thumb.png?w=740&h=412

Type distinguishedName on the Attribute text box., Enter object's connection strings value in the Values text box. (In this example it's CN=user3,OU=Users,OU=BRANCH01,DC=mydomain,DC=lk) Select Replace under Operation. Click Enter.

http://darshanaj.files.wordpress.com/2011/11/12_thumb.png?w=758&h=504

Click the Extended check box on left bottom corner. Click Run.

http://darshanaj.files.wordpress.com/2011/11/13_thumb.png?w=773&h=476

Now we can see the recovered account in AD. We just have to enable and set the password.

http://darshanaj.files.wordpress.com/2011/11/14_thumb.png?w=779&h=393