How to access container in Active Directory using PowerShell

Hello,

I would like to restore the deleted objects from the Deleted Objects container. I'm looking for a PowerShell script cmdlet or script.

Appreciate for the help in advance.

Thanks 

  • First I need to get the users from the Deleted Objects container and then restore.

  • Specify the distinguishedname of the deleted objects container in the '-searchbase' of a get-aduser command.

    (You can get this name by looking at the properties of the container in ADUC).

    Pipe (|) that output to your restore command.

  • 1.Get-ADUser -Filter * -SearchBase "CN=AboutTo Expire\0ADEL:44065d56-356d-4f1a-a90c-b0ae8cd2fa2c,CN=Deleted Objects,DC=nammcal,DC=dev"

    2. Get-QADUser -SearchRoot "CN=AboutTo Expire\0ADEL:44065d56-356d-4f1a-a90c-b0ae8cd2fa2c,CN=Deleted Objects,DC=nammcal,DC=dev"

    I tried above cmdlets but I see below respective errors

    1. Get-ADUser : Directory object not found
        At C:\Users\kkumar\Desktop\Testing Scripts\DeletedObjContainer.ps1:5 char:1
       + Get-ADUser -Filter * -SearchBase "CN=AboutTo Expire\0ADEL:44065d56-35 ...
       + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       + CategoryInfo : ObjectNotFound: (:) [Get-ADUser], ADIdentityNotFoundException
       + FullyQualifiedErrorId :       ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADUser

    2. Get-QADUser : The object does not exist.
        At C:\Users\kkumar\Desktop\Testing Scripts\DeletedObjContainer.ps1:7 char:1
       + Get-QADUser -SearchRoot "CN=AboutTo Expire\0ADEL:44065d56-356d-4f1a-a ...
       + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       + CategoryInfo : NotSpecified: (:) [Get-QADUser], DirectoryAccessException
       + FullyQualifiedErrorId :      ActiveRoles.ManagementShell.DirectoryAccess.DirectoryAccessException,ActiveRoles.ManagementShell.Powershell.Cmdlets.GetUserCmdlet

  • Turns out you have to do it like this:

    NOTE:  Sub in your domain information.

    get-adobject -SearchBase 'CN=Deleted Objects,DC=MyDomain,DC=Com' -filter {Objectclass -eq 'User'} -IncludeDeletedObjects