Undeleting Directory Objects


Microsoft has added (minimal) support for undeleting Active Directory objects in Windows 2003.  A technical article describing the mechanism to 'undelete' can be found in MSDN under the title "Restoring Deleted Objects".  Another good technical article detailing how to restore deleted AD objects is Microsoft KB 840001: How to restore deleted user accounts and their group memberships in Active Directory. Hyena implements the 'undelete' functionality exactly as documented by Microsoft in this article.


To view and attempt undeletion of Active Directory object, right click on a Windows 2000/2003 domain entry in Hyena's left window, and select the View Deleted Objects... function.  


To attempt undeletion of any object, select one or more entries, right click, and select Undelete.  Hyena will prompt for the destination container for any 'undeleted' objects to be placed in.


Microsoft has imposed several limitations to undeletion of AD objects:

Undeleted user and groups will have the original SID restored before the object was deleted, thereby ensuring that pre-existing security settings will be unaffected by the deletion.