Is it possible to find deleted objects in active directory without the assistance of a DLP software?

Question

It seems like a large number of security groups have been deleted from the organization's AD.

I was able to find the tombstones but I see there 1400 objects from the last 180 days and I know for certain that the important groups which have been deleted, have been deleted somewhere between last night and now.

Is there a way, maybe by using PowerShell, to extract the names of all objects which have been deleted throughout the night?

https://support.microsoft.com/en-us/help/840001/how-to-restore-deleted-user-accounts-and-their-group-memberships-in-ac — joeqwerty, Jan 31 '18 at 22:47

SamErde · Answer 1 · 2018-02-07T19:14:42.047

2

For your 2003 domain, use a tool such as Softerra's LDAP Administrator to view and recover deleted items from Active Directory.

You would need a Windows Server 2008 or newer domain controller in order to use PowerShell for that query. Raising the domain functional level to 2008 also allows you to turn on a new Active Directory Recycle Bin feature.

edited Feb 07 '18 at 19:14

answered Mar 29 '12 at 16:49

SamErde

3,409
3
24
44

score 0 · Answer 2 · answered Mar 30 '12 at 04:36

read the following links.

http://technet.microsoft.com/en-us/library/cc978013.aspx

http://www.petri.co.il/manually-undeleting-objects-windows-active-directory-ad.htm

and yes this all could be done with powershell, unfortuantely I'm not at work so I can't test any powershell commands that I would use.

Is it possible to find deleted objects in active directory without the assistance of a DLP software?

2 Answers2