Ramblings From The Litter Tray of Life

A Quick Method of Recovering Deleted User Accounts

Posted by graycat on 15 May 2011

Now I’m sure it’s all happened to us before that an active user account has been deleted by accident at some point. Sometimes it’s due to inactivity or an admin taking their eye off the ball at the wrong moment. Regardless though, it happens and you’ve got to get it back.

The worst case scenario is that the account was actually in use at the time and you have to get that user back and working RTFN. This isn’t so tough if you’re in a contingious network where AD, server OS and Exchange versions all match up. If not, it’s a bit trickier.

Here’s how I do it:

1. Download a copy of ADRestore and install it on the relevant machine.

ADRestore is a fantastic little app that is provided “as is” by one of Microsoft’s MVP. It works really well at enumerating usually hidden objects in AD and allowing basic restoration of them.

2. Point ADRestore at your DC of choice and enumerate objects.

This will hopefully find your deleted account for you. It works due to the method that AD deals with deleting an object. Namely that the object is marked for deletion but only actually deleted during it’s scheduled maintenance run. Until then the object is simply hidden so can be reset.

3. Once you’ve restored the account back into AD you’ll need to reset the account’s password and enable it.

4. Reconnect the mailbox

If you’re using Exchange 2000/2003 then you can easily see the orphaned mailbox within the store and reconnect it via a right-click. However, if you’re using Exchange 2007/2010 you may find that the mailbox does not display under the “disconnected mailbox” section. This is again reliant on scheduled maintenance runs however if you’re in a rush you can run the following PowerShell command:

Clean-MailboxDatabase “Database Name”

Though if you have a few mailbox databases on the server, you may need to run Get-MailBoxDatabase to get the full name of the target db.

At this point you can right-click the disconnected database and reconnect it to the recovered mailbox.

5. Reset the group memberships.

Due to the tombstone process removing all group membership, you’re going to have to go back into the account and add them back in.

6. Check it all works.

I usually grant myself Full Access to the mailbox and check it through OWA just to make sure the e-mail is up and running. Send a few messages back and forth is always a good idea. You can also try running a CLI or shortcut as the recovered user to make sure it has indeed come back as required. After that all you’ve got to do is wait for replication to take place.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: