Active Directory Lightweight Directory Services – Recycle Bin

To enable the AD LDS Recycle Bin, open a command prompt, navigate to C:\Windows\ADAM, and run:

ldifde.exe -i -f MS-ADAM-Upgrade-2.LDF -s localhost:389 -j . -$ adamschema.cat

Where “localhost:389” is the host and port where AD LDS is running. If the currently logged on user does not have access to the AD LDS instance, specify the –b switch with a username and –p switch with a valid password. Note that before running this command, all members involved in AD LDS instance replication should be online.

The output should look like this:

Verifying file signature
Connecting to "localhost:389"
Logging in as current user using SSPI
Importing directory from file "MS-ADAM-Upgrade-2.LDF"
Loading entries...............................
30 entries modified successfully.

The command has completed successfully

Now, delete a user via ADSI Edit (or any other method). Next, from an elevated command prompt, run ldp.exe. Go to Options –> Controls and select Return deleted objects from the Load Predefined drop down menu and click OK.

image19

Next, under Connection, Connect, then Bind as an Administrative user to the AD LDS instance. Finally, under the View menu, show the Tree of the Domain BaseDN. There is a new container for Deleted Objects:

image10-e1400646610266

Right click a Deleted object. Add the Attribute “isDeleted” and under Operation select “Delete”, then click on Enter. Next, add the Attribute “distinguishedName” and enter the full DN to where the object should be recovered to, change the Operation to “Replace” and click on Enter. Select the Extended check box. It should look similar to this:

image14

Click Run. The object will then be moved to the desired location and removed from the Deleted Objects container.

image18

Finally, in ADSI Edit, reset the user’s password and set the msDS-UserAccountDisabled attribute to False. Set the attribute used for the user’s login (e.g. mail). Once completed, the user will be able to log back into SharePoint.

Trevor Seward is a Microsoft Office Apps and Services MVP who specializes in SharePoint Server administration, hybrid scenarios, and SharePoint Online. He has been working with SharePoint for 16 years from SharePoint 2003 on up, managing environments with terabytes of content for 150,000+ user organizations. Trevor is an author of Deploying SharePoint 2016 and Deploying SharePoint 2019. You can find him on Twitter and in /r/sharepoint.