Netwrix Active Directory Object Restore has failed to rollback changes\restore object
|Symptoms||When trying to restore an attribute you see the following error:
"The rollback for the attribute Object Path of \com\domain\Mike Johnson from "\com\domain\Disabled Accounts\Mike Johnson" to "\com\domain\Mike Johnson" has failed"
To rollback changes\restore deleted object Active Directory Object Restore uses the account running the program (by default logged in account), and usually the most common reason this happens is due to insufficient rights specified for the account that you used to run the Active Directory Object Restore
|Resolution||To roll back changes\restore deleted object the account which Active Directory Object Restore is being run under must be a member of the Domain administrators user group and have permission to read the Deleted Object container. Sometime despite the fact of account is member of Domain Administrators user group, it does not have rights to read the Deleted Object container.
In order to resolve this issue please check that the account used to run Active Directory Object Restore has enough rights to read the Deleted Objects container.
In order to configure permissions to read the Deleted Object container please follow instructions specified in these articles: