DekGenius.com
[ Team LiB ] Previous Section Next Section

Recipe 16.16 Searching for Deleted Objects

16.16.1 Problem

You want to search for deleted objects.

16.16.2 Solution

16.16.2.1 Using a graphical user interface

  1. Open LDP.

  2. From the menu, select Connection Connect.

  3. For Server, enter the name of a domain controller you want to target (or leave blank to do a serverless bind).

  4. For Port, enter 389.

  5. Click OK.

  6. From the menu, select Connection Connect.

  7. Enter credentials of a user that is an administrator for the domain.

  8. Click OK.

  9. From the menu, select Options Controls.

  10. For Windows Server 2003, select the Return Deleted Objects control under Load Predefined.

  11. For Windows 2000, type 1.2.840.113556.1.4.417 for the Object Identifier and click the Check In button.

  12. Click OK.

  13. From the menu, select Browse Search.

  14. For BaseDN, enter: cn=Deleted Objects,<DomainDN>.

  15. For Scope, select One Level.

  16. For Filter, enter: (isDeleted=TRUE).

  17. Click the Options button.

  18. Under Search Call Type, select Extended.

  19. Click OK.

  20. Click Run.
16.16.2.2 Using a command-line interface

As of this writing, none of the standard command-line tools provide a way to search for deleted objects.

16.16.2.3 Using VBScript

It is currently not possible to search for deleted objects with ADSI or ADO.

16.16.3 Discussion

When an object is deleted in Active Directory, it is not completely deleted. The original object is removed, but a tombstone (deleted) object takes its place in the Deleted Objects container within the naming context it was deleted in. See Introduction in Chapter 16 for more on tombstone objects.

Both the Deleted Objects container and tombstone objects themselves are hidden by default in tools, such as Active Directory Users and Computers and ADSI Edit. To query tombstone objects you have to enable the Return Deleted Objects LDAP control, which has an OID of 1.2.840.113556.1.4.417. When that control is enabled, you can perform searches for tombstone objects by specifying a search filter that contains (isDeleted=TRUE) in it. Only members of the administrator groups can perform searches for tombstone objects.

16.16.4 See Also

MSDN: Retrieving Deleted Objects

    [ Team LiB ] Previous Section Next Section