BATCHman Faces the Distractful Poker and Recovers Deleted Active Directory Items

Doctor Scripto

Summary: In today’s gripping episode, BATCHman squares off with the Distractful Poker and recovers items deleted from Active Directory Domain Services using Windows PowerShell.

 

Microsoft Scripting Guy Ed Wilson here. Windows PowerShell MVP Sean Kearney is with us again today with part 3 of the BATCHman series.

BATCHman and Cmdlet graphic

Whenever trouble happens in systems and people will call,
And darkness rolls out causing your fall,
Creatures of bits roam in the night,
Shine to the sky, the bright bluish light,

and call to…BATCHMAN!

…and, oh yes, his sidekick Cmdlet too.

 

In Today’s Episode: BATCHman encounters the Distractful Poker

A travesty has hit Redmond City! The mayor and his staff are unable to log in to Active Directory Domain Services!

“Quick! Get the chief to fire up the BATCHSignal and call BATCHman! We need his help now!”

Shining up to the sky, a gleaming Windows PowerShell signal cutting through the sky and the flight patterns of a few seagulls—the BATCHSignal! Within moments the WinMobile pulls up precariously holding up BATCHman and Cmdlet. The Mayor looks over. “Just how do the pair of you fit on that?” “Very carefully,” quips BATCHman. “So what has happened here today?”

“Oh BATCHman!” the mayor sobbed. “It was the Poker! He came behind the systems administrator, poked him in the side, distracted him, and deleted our user accounts! We can’t get into the system to issue paychecks to any of our staff! If we don’t solve this soon, we’ll have a major disaster on our hands!”

“Holy irritants, BATCHman! Not the Poker! Why the last time he was around…”

“Yes, Cmdlet, I know the story. Clippy was born. The Poker is truly a cruel one. But never mind that. Mayor! Quick take make to your datacenter! We don’t have one second to spare.”

In moments, BATCHman and Cmdlet stood before a console. BATCHman thought, “I could go dig up tapes and do an authoritative restore, but time is of the essence.” Quickly, he spun on his feet.

“Mayor, did you upgrade to Windows Server 2008 R2 as we suggested last time I chatted with you?”

“Why, yes. Yes, I think we did, BATCHman, but why do you ask?”

BATCHman smiled. “if we’re lucky, your administrator enabled the Active Directory Recycle Bin. I can check in moments.” On one of the Windows Server 2000 R2 domain controllers, BATCHman typed:

GET-ADOPTIONALFEATURE ‘Recycle Bin Feature’

“The results of this on the screen, Cmdlet, not only tell us about the feature, but also about what scope it applies to. By default, in a system where it’s not enabled, the EnabledScopes property will have no value.”

Image of EnabledScopes property

“As we can see, it has been enabled here. So now, what we need to do is determine just how much damage has been done by this evil villain. With the ActiveDirectory module, we can key this in to show all objects in Active Directory, including anything that is in the Active Directory Recycle Bin.”

Get-ADObject -filter * –IncludeDeletedObjects

“But BATCHman!” Cmdlet spoke up. “Wouldn’t that be too much? What if we’re dealing with 50,000 objects? There must be a way to only show what was deleted!”

BATCHman nodded. “Correct. So now if we run the GET-MEMBER cmdlet against the output like this…”

Get-ADObject -filter * –IncludeDeletedObjects | GET-MEMBER

“…we’ll see there is a property called DELETED which contains a Boolean TRUE if that value is deleted. For this, we will add a filter to the statement.”

Get-ADObject –filter ‘Deleted –eq $TRUE’ –IncludeDeletedObjects

“Now we can see only deleted items in Active Directory so…”

“Holy undo, BATCHman! Is there a restore we can just pipe the output to?”

BATCHman nodded. “Yes. But what we need to do is restore the tree first. At this point, let’s pipe the output into the Out-GridView cmdlet to have an easier way of viewing the data.”

Get-ADObject –filter ‘Deleted –eq $TRUE’ –IncludeDeletedObjects | OUT-GRIDVIEW

BATCHman cautiously examined the list. “It appears we should be able to pull out all members of the tree by filtering on ObjectClass and pulling down those with the property OrganizationalUnit. So we just need to add an extra filter to our statement.”

Get-ADObject –filter ‘Deleted –eq $TRUE –and Objectclass –eq “OrganizationalUnit”’ –IncludeDeletedObjects | OUT-GRIDVIEW

“Now all we need to do is pipe this output into the Restore ADObject to get the tree back.”

Get-ADObject –filter ‘Deleted –eq $TRUE –and Objectclass –eq “OrganizationalUnit”’ –IncludeDeletedObjects | RESTORE-ADOBJECT

“Now with the tree restored, we can just restore the rest of the objects remaining using a simpler statement because we’ve already restored the tree. The rest of the objects we have are probably users, so we can drop the second filter and just restore.

Get-ADObject –filter ‘Deleted –eq $TRUE –and Objectclass’ –IncludeDeletedObjects | RESTORE-ADOBJECT

In moments, the task was complete. “Cmdlet, have somebody try to log in to the system!” The mayor quickly logged in to verify all worked well. Quickly he called up the accounting department to let them know they could log in to the systems. Paychecks would be out today!

“BATCHman! How can we ever thank you?”

“Just keep doing things the way you are with Windows PowerShell: it was the true superhero today!”

 

Thank you, Sean, for today’s spell-binding article. Sean will be back next weekend with the concluding episodes of BATCHman. Same BATCHtime, same BATCHchannel.

I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at scripter@microsoft.com, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.

Ed Wilson, Microsoft Scripting Guy

 

 

0 comments

Discussion is closed.

Feedback usabilla icon