none
retrieve Deleted User from active directory c#.net

    Question

  • Hi,

    I am doing application on active directory

    I want to recover deleted user account in active directory (tomb stone) with all data using  c#net

    Pl z Help

    Thursday, April 19, 2012 11:57 AM

Answers

  • Hi,

    if I understood you correctly, you want to recover users that was completly deleted (Not just moved to the bin - a feature of 2008R2).

    You can recover them but not with all data. When the user is deleted, some data is lost!

    So first you have to find the object. To find deleted objects, you have to
    a) use FastBind
    b) SetTombstone to true
    c) Maybe add LastKnownParent and cn Property to PropertiesToLoad
    inside the DirectorySearcher

    Once you got the SearchResult, you cam:
    a) Build the new DN:
    var newDn = String.Format(CultureInfo.InvariantCulture, "CN={0},{1}",
                                          result.Properties["cn"][0].ToString().Split(new[] {'\n'})[0],
                                          result.Properties["lastKnownParent"][0]);

    b) You can build the required DirectoryAttributeModification objects:

                var dam = new DirectoryAttributeModification
                              {
                                  Name = "isDeleted",
                                  Operation = DirectoryAttributeOperation.Delete
                              };

                var dam2 = new DirectoryAttributeModification
                               {
                                   Name = "distinguishedName",
                                   Operation = DirectoryAttributeOperation.Replace
                               };
                dam2.Add(newDn);

                var mr = new ModifyRequest(
                    result.Properties["distinguishedName"][0].ToString(),
                    new[] {dam, dam2});

                mr.Controls.Add(new ShowDeletedControl());

    c) You can execute the modify request:

                // Get LdapConnection
                LdapConnection ldapConnection = null;
                try
                {
                    ldapConnection = new LdapConnection(new LdapDirectoryIdentifier(DomainControllerName));
                    var response = (ModifyResponse) ldapConnection.SendRequest(mr);
                    return response.ResultCode == ResultCode.Success;
                }
                finally
                {
                    if (ldapConnection != null) ldapConnection.Dispose();
                }

    And thats it.

    With kind regards,

    Konrad 

    • Marked as answer by prasad26 Friday, April 20, 2012 4:24 AM
    Thursday, April 19, 2012 12:12 PM

All replies

  • Hi,

    if I understood you correctly, you want to recover users that was completly deleted (Not just moved to the bin - a feature of 2008R2).

    You can recover them but not with all data. When the user is deleted, some data is lost!

    So first you have to find the object. To find deleted objects, you have to
    a) use FastBind
    b) SetTombstone to true
    c) Maybe add LastKnownParent and cn Property to PropertiesToLoad
    inside the DirectorySearcher

    Once you got the SearchResult, you cam:
    a) Build the new DN:
    var newDn = String.Format(CultureInfo.InvariantCulture, "CN={0},{1}",
                                          result.Properties["cn"][0].ToString().Split(new[] {'\n'})[0],
                                          result.Properties["lastKnownParent"][0]);

    b) You can build the required DirectoryAttributeModification objects:

                var dam = new DirectoryAttributeModification
                              {
                                  Name = "isDeleted",
                                  Operation = DirectoryAttributeOperation.Delete
                              };

                var dam2 = new DirectoryAttributeModification
                               {
                                   Name = "distinguishedName",
                                   Operation = DirectoryAttributeOperation.Replace
                               };
                dam2.Add(newDn);

                var mr = new ModifyRequest(
                    result.Properties["distinguishedName"][0].ToString(),
                    new[] {dam, dam2});

                mr.Controls.Add(new ShowDeletedControl());

    c) You can execute the modify request:

                // Get LdapConnection
                LdapConnection ldapConnection = null;
                try
                {
                    ldapConnection = new LdapConnection(new LdapDirectoryIdentifier(DomainControllerName));
                    var response = (ModifyResponse) ldapConnection.SendRequest(mr);
                    return response.ResultCode == ResultCode.Success;
                }
                finally
                {
                    if (ldapConnection != null) ldapConnection.Dispose();
                }

    And thats it.

    With kind regards,

    Konrad 

    • Marked as answer by prasad26 Friday, April 20, 2012 4:24 AM
    Thursday, April 19, 2012 12:12 PM
  • Welcome to MSDN forums!
    Ref: http://social.msdn.microsoft.com/Forums/en-US/vbgeneral/thread/25868d4c-b093-4440-9926-f8bb114c6c7c/


    1. When an object is deleted from Active Directory, it is not immediately erased, but is marked for future deletion.The marker used to designate that an AD object scheduled to be destroyed is called "tombstone". A tombstone is an object whose IsDeleted property has be set to True, and it indicates that the object has been deleted but not removed from the directory.

    Trackback: http://www.petri.co.il/recovering-deleted-items-active-directory.htm
    Section: How does Active Directory treat deleted items?


    2. Deleted objects are stored in the Deleted Objects container. The IDirectorySearch interface is used to search for deleted objects.

    To enumerate deleted objects

    1. Obtain the IDirectorySearch interface for the Deleted Objects container. This is accomplished by binding to the Deleted Objects container and requesting the IDirectorySearch interface.
    2. Set the ADS_SEARCHPREF_SEARCH_SCOPE search preference to ADS_SCOPE_ONELEVEL using the IDirectorySearch.SetSearchPreference method. The ADS_SCOPE_SUBTREE preference can also be used, but the Deleted Objects container is only one level, so using ADS_SCOPE_SUBTREE is redundant.
    3. Set the ADS_SEARCHPREF_TOMBSTONE search preference to TRUE. This causes the search to include deleted objects.
    4. Set the ADS_SEARCHPREF_PAGESIZE search preference to a value less than, or equal to, 1000. This is optional, but if this is not done, no more than 1000 deleted objects can be retrieved.
    5. Set the search filter in the IDirectorySearch.ExecuteSearch call to "(isDeleted=TRUE)". This causes the search to only retrieve objects with the isDeleted attribute set to TRUE.

       Trackback: Retrieving Deleted Objects
      
    http://msdn.microsoft.com/en-us/library/ms677927(VS.85).aspx


    3. Additionally, please cjeck this article: Working with Active Directory in VB.NET
    http://www.codeproject.com/KB/system/active_directory_in_vbnet.aspx
    This article discusses working within the Active Directory (AD) using VB.NET, how to query the AD, query groups, members, adding users, suspending users, and changing user passwords.


    There is one specialized forum. You're likely to get better responses there.
    ASP.NET Forums » Data Access » Active Directory and LDAP


    If a post answers your question, please click "Mark As Answer" on that post and "Mark as Helpful"

    Thursday, April 19, 2012 1:17 PM
  • Thanks  Konrad,Its working.

    Now i can restore deleted user .

    But i am unable to load basic  attribute values like first name,lat name,mail,address etc..

    Is it possible to restore permission also for that particular user?

    Thanks and Regards,

    Prasad



    • Edited by prasad26 Friday, April 20, 2012 6:49 AM
    Friday, April 20, 2012 5:33 AM