AD Recovery from PowerShell

Want to roll back any Active Directory change with a PowerShell one-liner? We’ve just published an online reference to the cmdlets shipped with Quest Recovery manager for Active Directory.

These cmdlets use backups so they are not limited to tombstone reanimation (as regular cmdlets).

For example, if you restore a user you get all the attributes including group membership and so on.

So to restore a deleted object you simply call Restore-RMDeletedActiveDirectoryObject and have the tool handle everything.

However, what makes it way more cool is that you have full power to restore any attributes of any users. So you are not limited to just undeleting stuff. Let’s say you had some kind of script/tool go wild and corrupt an attribute or two across all user accounts. Good luck restoring just these 2 attributes manually or with any kind of UI tool.

With these cmdlets it is as easy as:

# Select the backup you want - e.g. the latest
$b = (Get-RMBackup –Domain dom1.local | Sort-Object –Property Date)[-1]

# For every user in AD restore extensionattribute1

Get-QADUser | foreach {
Restore-RMActiveDirectoryObject –Backup $b.Path –Object $_.DN –Attribute extensionattribute1

Is it cool or what? 😉

Here’s the full list of cmdlets linked to the help info for each of them:

Note that unlike AD cmdlets these are actually a part of commercial product so there is cost involved. You can get a trial license from the product page. If you are a Microsoft MVP you can also get a free NFR license by applying here.

(Get-RMDeletedActiveDirectoryObject dc1.dom1.lab.local) | Where-Object { $_.Properties["objectclass"] –contains "user" }

C:\PS>foreach ($u in $users) { Restore-RMDeletedActiveDirectoryObject –Name $u.Properties["name"] –DirectoryHost dc1.dom1.lab.local }

Tags: , , , , , , ,

2 Responses to “AD Recovery from PowerShell”

  1. 1 Mike Baker May 24, 2011 at 2:16 pm

    has any of these cmdlets been updated to allow management of backup session lists?

  2. 2 Dmitry Sotnikov May 24, 2011 at 6:33 pm


    What exactly are you trying to achieve?

    There are cmdlets like Get-RMSession: to get you a list of backup sessions.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

My Recent Tweets


The posts on this blog are provided “as is” with no warranties and confer no rights. The opinions expressed on this site are mine and mine alone, and do not necessarily represent those of my employer - WSO2 or anyone else for that matter. All trademarks acknowledged.

© 2007-2014 Dmitry Sotnikov

June 2009

%d bloggers like this: