Restoring Objects

Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS) objects in systems running versions of Windows Server earlier than 2008 R2 can be restored in three ways.

Where Objects Go When They Die

In Windows Server versions 2003 through 2008, a deleted AD object is not immediately deleted from the database. Instead, the object is converted to a tombstone by modifying the object’s Distinguished Name (DN) and moving the object to a Deleted Objects container of AD. Tombstones are not visible in AD DS and ongoing directory operations are not applied to tombstones, but a tombstone can be reanimated (restored while the domain controller is still online) or restored from backup anytime within the tombstone lifetime (typically 180 days).

Tombstone reanimation cannot recover all of the information about an object. In particular, the tombstone creation process clears or removes an object’s attributes. Therefore, administrators could not rely on tombstone reanimation for full recovery of an accidentally deleted object.