Active Directory Accidental Deletion – Prevention & Cure

                       Accidental deletions in active directory can cause havoc and unfortunately in the past I was in the middle of one such catastrophic event. It resulted in 4000 odd servers and client machines part of an OU to be deleted and the cause was found to be some housekeeping software. Such accidental deletions can be most destructive in critical industries like banking, financial and public sector organizations. This may have been avoided and secondly could have been fixed in less than 10 % of the actual time spent if the environment was using one of the latest features that we included in Windows 2008 R2 ( Active Directory Recycle Bin ). Most critical situations arise due to accidental human /tool interference or configuration and it is important to be able to come out of such situations within minimal down time, Accidental Deletion in Active Directory is one such situation. Below are preventions and recovery methods caused due to accidental deletions in Active Directory.  Some of the preventive measures are listed below and also links to recovery from such catastrophe with minimal downtime.



Preventing Unwanted/Accidental deletions and Restore deleted objects in Active Directory

Windows Server 2008 Protection from Accidental Deletion


Recovery with minimal downtime 

The AD Recycle Bin: Understanding, Implementing, Best Practices, and Troubleshooting 

Windows Server 2008 R2 Quick Look  – Active Directory Recycle Bin ~ video 


AD Recycle Bin – Step By Step Guide

  This is definitely a feature that can save you from nightmares. 

P.S: IT Environments who are already on Windows 2008 R2 Forest Functional Level require the most minimal configuration changes to enable AD Recycle Bin. Once done you can use the Active Directory recycle bin UI in windows 8 /2012 by installing the RSAT tools on a domain joined windows 8 or windows 2012 server.



Its about time you had this feature enabled !

Comments (1)

  1. ITbatman says:

    Accidental deletion of AD object as well as other unwanted operations should never get to a position when they need to be recovered (in an ideal world). A good way to prevent a maximum amount of those is implementing approval-based workflow, so critical
    operations won’t be executed unless approved by a responsible authority. Adaxes is a great example for this

    Approval-based workflow allows to delegate more tasks but retain control over any potentially unwanted operations.