16.16. Searching for Deleted Objects

Problem

You want to search for deleted objects.

Solution

Using a graphical user interface

  1. Open LDP.

  2. From the menu, select Connection Connect.

  3. For Server, enter the name of a domain controller you want to target (or leave blank to do a serverless bind).

  4. For Port, enter 389.

  5. Click OK.

  6. From the menu, select Connection Connect.

  7. Enter credentials of a user that is an administrator for the domain.

  8. Click OK.

  9. From the menu, select Options Controls.

  10. For Windows Server 2003, select the Return Deleted Objects control under Load Predefined.

  11. For Windows 2000, type 1.2.840.113556.1.4.417 for the Object Identifier and click the Check In button.

  12. Click OK.

  13. From the menu, select Browse Search.

  14. For BaseDN, enter: cn=Deleted Objects,<DomainDN>.

  15. For Scope, select One Level.

  16. For Filter, enter: (isDeleted=TRUE).

  17. Click the Options button.

  18. Under Search Call Type, select Extended.

  19. Click OK.

  20. Click Run.

Using a command-line interface

As of this writing, none of the standard command-line tools provide a way to search for deleted objects.

Using VBScript

It is currently not possible to search for deleted objects with ADSI or ADO.

Discussion

When an object is deleted in Active Directory, it is not completely deleted. The original object is removed, but a tombstone (deleted) object takes its place in the Deleted Objects container within the naming context it was deleted in. See Introduction in Chapter 16 for more on tombstone objects.

Both the Deleted Objects container and tombstone objects themselves ...

Get Active Directory Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial