Colleague at work deleted 300 user accounts – PowerShell saves the day.

Story in short – An individual at work authorizated one of my colleagues to deleted AD user accounts and email mailboxes, older than a set period of time. I was currently consulting onsite at the client effected.

Come in for my normal days work on client site and users start calling in saying they can’t login. The first responce guys were in a panic stating that they couldn’t find the users accounts in AD.

After a bit of poking around it had become clear that they had been deleted a week ago by someone trying to clear space to stop a backup from requiring 2 tapes drives instead of 1.

The overall feeling from my colleagues and the client was panic and anger.

In came PowerShell to save the day. Using Restore-ADObject, it was a breeze to restore the users based on the time of deletion and re-connect their Exchange mailboxes. Luckily most of the accounts aren’t active (being used) so the number of people needing their AD attributes re-input aren’t too high so first-line on site are able to handle the steady stream of people calling, wondering if they have “forgotten there passwords”.

It was so impressed at PowerShells advantages over using LDAP’s gui or third party software, I decided to do some research and create a little how to on my website, https://sysadminguides.org/2017/04/20/restore-ad-objects-and-users-using-powershell-restore-adobject/.

All in all as a result of the swift work of the consultants and PowerShell the client isn’t to hurt about the situation and the situation has become manageable.

What you all came for – simple but glorious!

$time = New-Object Datetime(2009, 8, 22, 1, 40, 00)

Get-ADObject -filter ‘whenChanged -gt $time -and isDeleted -eq $true’ -IncludeDeletedObjects -properties * | Foreach-Object {Restore-ADObject $.objectguid -NewName $.samaccountname -TargetPath $_.LastKnownParent}

submitted by /u/pluto098
[link] [comments]

Leave a Reply