How to Restore Active Directory Users

Native Auditing vs. Netwrix Auditor for Active Directory

We never share your data. Privacy Policy
Native Auditing Netwrix Auditor for Active Directory

In order to restore AD objects, including users, you need to enable the Active Directory Recycle Bin feature. (Note that it cannot be disabled after that!)

  1. Navigate to “Start”, choose “Administrative Tools”, right-click on “Active Directory Module for Windows PowerShell”, and click “Run as Administrator”.
  2. Check the domain and forest functional modes using the following commands.  Both must be Windows Server 2008R2 or higher.


  3. To enable the Recycle Bin feature, run the following script. Once the Recycle Bin has been enabled, any Active Directory object that is  deleted will be stored in the Recycle Bin.

    $cfgNameCtx = (Get-ADRootDSE).ConfigurationNamingContext
    $recBin = "CN=Recycle Bin Feature,CN=Optional Features,"
    $recBin = $recBin + "CN=Directory Service,CN=Windows NT,CN=Services,"
    $recBin = $recBin + $cfgNameCtx
    $target = (Get-ADDomain).Forest
    Enable-ADOptionalFeature -Identity $recBin -Scope ForestOrConfigurationSet -Target $target -Confirm:$false

  4. To restore one or more Active Directory user accounts, use this script:

     $deletedUsers = Get-ADObject -Filter 'name -like "User Name" -and isDeleted -eq $true' -IncludeDeletedObjects
     $deletedUsers | Restore-ADObject

  5. Launch the Active Directory Users and Computers tool to see all the user accounts that were restored. 
  1. Run Netwrix Auditor Object Restore for Active Directory. → Click "Next". → In the “Select Rollback Period” section, specify the period of time when the changes that you want to revert occurred, the rollback source and the monitored domain. → Click “Restore from state-in-time snapshots” and select a snapshot. → Click “Next”. → Wait for the analysis to complete, and click “Next”.
  2. The “Select Changes for Rollback” area will list all changes that occurred during the time period you specified. Select an attribute and click “Details” to see what changes will be applied to this attribute if it is selected for rollback. → Check the changes you want to roll back to their previous state. → Click “Next” and wait for the restore process to complete.
  3. Review the results of the rollback. → Click “Finish” to exit the wizard.

Restore Active Directory Users without Any Downtime

AD admins need to be able to restore Active Directory objects such as user accounts, as well fix incorrect modifications and roll back unwanted changes to AD objects, because unwanted changes or inappropriate deletions can lead to productivity interruptions and system unavailability. For example, if some organizational units (OUs) or Active Directory groups or users are improperly changed or deleted, employees across the organization might not be able to log in, or might experience trouble accessing the applications they need to do their jobs. Native tools provide little help to IT pros who need to recover deleted Active Directory users; they must struggle through a difficult, time-consuming and error-prone process to restore deleted AD accounts. In order to minimize the risk of downtime and business disruption, IT admins need a tool that enables them to quickly and efficiently restore deleted objects from any point in time.

Netwrix Auditor for Active Directory delivers complete visibility into what’s going on in Active Directory and Group Policy. The application tracks changes, generates easy-to-read reports with who-what-when- details, and provides the critical before and after values. And it enables IT pros to recover deleted Active Directory users and other objects. The application helps you quickly identify unwanted Active Directory changes and roll them back to a previous state. And with Netwrix Auditor for Active Directory, IT administrators can easily remediate unwanted changes, for example, restore an Active Directory user, without any downtime or having to restart their Windows Servers.  

Join the discussion