Well, despite the morbid title, this is not about dead things. Well, not quite. And amazingly its not about Group Policy either.
In my ever increasing thirst for PowerShell knowledge, I thought I would experiment a bit with some Active Directory-based cmdlets this time. The result is two free PowerShell Cmdlets that retrieve and reanimate AD Tombstones (for an excellent backgrounder article on Tombstone Reanimation, check out Gil Kirkpatrick’s piece in TechNet Magazine from last September).
You can optionally register for and download these new AD tombstone cmdlets at www.sdmsoftware.com/freeware. Once you download and install the setup, and launch the console file that comes with it, you’ll have two new cmdlets at your disposal*:
get-SDMADTombstone
restore-SDMADTombstone
The first cmdlet, most obviously retrieves a listing of all deleted objects in a given domain. You can filter the results using the -Filter parameter to search for a given text string within the DN of the deleted object. The 2nd cmdlet, which does the actual restoral work, is meant to be used with the first one. So, for example, if I have a user "Dick Evans" who was deleted, and I want to restore him, I can issue the following command:
get-SDMADTombstone -Filter Evans | restore-SDMADTombstone
The restore- cmdlet also implements the -whatif parameter, so that you can see what objects will be restored prior to pulling the trigger.
So, I encourage everyone to download and check it out and provide feedback. I look forward to hearing your input.
Have fun!
Tags:
Active Directory, PowerShell, Tombstone Reanimation
* Note: This blog post was edited after the initial posting. Thanks to feedback from Dmitry, I renamed the cmdlets to be singular, in keeping with PowerShell convention, and also changed the output format of the date fields. Otherwise, everything is the same!
Darren, this is fantastic!
A few pieces of feedback so you can make them even better:
Please make the nouns nouns singular:
get-SDMADTombstone – not get-SDMADTombstoneS
This is PowerShell guideline really.
Also, right now all object properties including WhenChanged and WhenCreated are strings – please consider changing them to DateTime – this would allow administrators to manipulate those in filters more easily.
Apart from that – great job!
Great feedback Dmitry. Thanks for that. Those are both easy fixes so I will make them!
Darren,
SDM Software does not have the cmdlets posted any longer on their site, do you know where a guy can find them?
Thanks,
Ken
Ken-
We’re no longer officially supporting it but you can still download it here:
http://sdmsoftwarenew.wpengine.com/dev/dl/SetupADTombstoneCmdlets.zip
Darren
Darren, it is 404 error now. 🙁
Yes, that snap-in is no longer available unfortunately.
Darren
It is available here –
http://sdmsoftwarenew.wpengine.com/dl/SetupADTombstoneCmdlets.zip
Yea, we just no longer support it and we don’t advertise the download. We haven’t touched the code or tested it in a couple of years. So, use at your own risk :).
Darren