Monday, 30 January 2012

Some Hidden facts and Questions

NTDS.dit file location:-

Most of us we know that Ntds.dit file is located on %SystemRoot%\NTDS\Ntds.dit ,But we can also find the Ntds.dit file on %SystemRoot%\System32\Ntds.dit location.Whenever we promote a server to DC the file from %SystemRoot%\System32\Ntds.dit is used and we don't need
any installation media to run dcpromo.

Wednesday, 4 January 2012

How to recover deleted object from Active directory using LDP.exe

Recover deleted object from Active directory using LDP.exe

Hi Guys,

Today I am here going to share the knowledge on how to recover deleted objects from Active directory using LDP.exe tool.

In my scenario I have my domain as a cluster.com and having the user vijay Sharma.

Now you need to download the tools LDP.exe. You can download the same from here.

Now I have deleted the object vijay from the Active directory.



To recover the object vijay , need to open the LDP.exe tool and perform the following


Step 1: click on connection tab and goto connect tab and enter the name of your Domain.
Step 2: Bind the connection by going to connect tab and click on bind and provide the administrator credentials.


Step 4: Now goto options tab and click on control option.


Step 5: Now in the box under load predefined select "Return deleted objects" and click on OK.


Step 6: Click on view and select tree option and in this write the DC=cluster,DC=com.


Step 7:Select the tree from the left side and expand the tree and expand the tree deleted object. (CN=Deleted Objects,DC=Cluster,DC=com)


Step 8: Select the deleted user which you wanna recover (Vijay Sharma)


Step 9: Right click on the selected user and click on modify.
Step10:In the modify box write "isdeleted" in attribute box and select the "delete" operation and click on "Enter" option.
NOTE: Do not click on "Run" option in this step.


Step11:Now write "distinguishedName" in the attribute box and select the "replace" operation and click on "Enter". Select synchronous and extended check box and click on Run.


Step12: Now the user is recovered in the same container but it will be in disable mode.


Step13: Enable the user account.

NOTE: The main limitation of using LDP.exe is that you can not restore the attributes of the objects
             Like in my case the user was member of many groups but after recovering it loose the group
             membership.