Searching for Deleted Objects

Searching for Deleted Objects


You want to search for deleted objects.


Using a graphical user interface
  1. Open LDP from the Windows Support Tools.

  2. From the menu, select Connection Connect.

  3. For Server, enter the name of a domain controller you want to target (or leave blank to do a serverless bind).

  4. For Port, enter 389.

  5. Click OK.

  6. From the menu, select Connection Connect.

  7. Enter credentials of a user that is an administrator for the domain.

  8. Click OK.

  9. From the menu, select Options Controls.

  10. For Windows Server 2003, select the Return Deleted Objects control under Load Predefined. For Windows 2000, type 1.2.840.113556.1.4.417 for the Object Identifier and click the Check In button.

  11. Click OK.

  12. From the menu, select Browse Search.

  13. For BaseDN, enter: cn= Deleted Objects,<DomainDN>.

  14. For Scope, select One Level.

  15. For Filter, enter: (isDeleted=TRUE).

  16. Click the Options button.

  17. Under Search Call Type, select Extended.

  18. Click OK.

  19. Click Run.

Using a command-line interface

To view all of the deleted objects in the current domain, use the following syntax:

	> adfind -default -rb "cn=Deleted Objects" -showdel

Using VBScript

It is currently not possible to search for deleted objects with ADSI or ADO.


When an object is deleted in Active Directory, it is not completely deleted. The original object is renamed, most of its attributes are cleared, and it is moved to the Deleted Objects container within the naming context that it was deleted from. See the "Introduction" in this chapter for more on tombstone objects.

Both the Deleted Objects container and tombstone objects themselves are hidden by default in tools such as ADUC and ADSI Edit. To query tombstone objects, you need to enable the Return Deleted Objects LDAP control, which has an OID of 1.2.840. 113556.1.4.417. When that control is enabled, you can perform searches for tombstone objects by specifying a search filter that contains (isDeleted=TRUE) in it. Only members of the administrator groups can perform searches for tombstone objects.

See Also

MSDN: Retrieving Deleted Objects

 Python   SQL   Java   php   Perl 
 game development   web development   internet   *nix   graphics   hardware 
 telecommunications   C++ 
 Flash   Active Directory   Windows