A. When an object is deleted from Active Directory (AD), it isn't actually removed but is instead marked as deleted by an internal marker called a tombstone. A Sysinternals freeware product, AdRestore, lets you restore tombstoned objects. AdRestore is a command-line utility that lists and lets you restore deleted Windows Server 2003 AD objects. You can use AdRestore to restore tombstoned objects without performing an authoritative backup restore. You can download the utility at http://www.sysinternals.com/files/adrestore.zip. After you install AdRestore, you can restore an object by running the command

adrestore -r

The -r tells AdRestore to prompt the user before restoring the AD objects to their original location. When you run the command, you'll see messages similar to the following (the message text is enclosed in quotes):

"Enumerating domain deleted objects:

cn: Clark Kent
DEL:26931e28-18f5-4f08-a486-760b199c9d4d
distinguishedName: CN=Clark Kent\0ADEL:26931e28-18f5-4f08-a486
-760b199c9d4d,CN=Deleted Objects,DC=savilltech,DC=com
lastKnownParent: CN=Users,DC=savilltech,DC=com

Do you want to restore this object (y/n)? n
..
Found 99 items matching search criteria."

You can optionally specify a search filter so that AdRestore displays only objects with the specified text in their name, by entering a command similar to the following

adrestore -r kent

The sample command displays only deleted objects with the name "kent". After you enter the command, you'll see a message similar to the following:

"...

Enumerating domain deleted objects:

cn: Clark Kent
DEL:26931e28-18f5-4f08-a486-760b199c9d4d
distinguishedName: CN=Clark Kent\0ADEL:26931e28-18f5-4f08-a486-
760b199c9d4d,CN=Deleted Objects,DC=savilltech,DC=com
lastKnownParent: CN=Users,DC=savilltech,DC=com

Do you want to restore this object (y/n)? n

Found 1 item matching search criteria."