locked
Finding Deleted Objects in Active Directory using DirectoryServices RRS feed

  • Question

  • I need to get a collection of "deleted objects" from Active Directory.

    The query I'm using today simply returns 0 (zero) results.  No errors or exceptions.  Just no results.  I'm 100% positive deleted objects exist (I can create and delete objects all day long, but I can never find the deleted ones).  We used to be able to query for deleted objects in the past.  We are in the process of migrating from Exchange 2007 to Exchange 2013.  Active Directory is staying the same, except for whatever changes are made to it due the Exchange upgrade.

    Here is a snippet of code we have used in the past to find deleted objects.  I didn't include our exact server and domain values, but the format of how the rootPath looks after the fact is the same.

    I am using .NET 4.5 Framework with Visual Studio 2013.

    List<ADObject> deletedObjects = new List<ADObject>();
    string rootPath = "LDAP://ourserver.com/<WKGUID=18e2ea80684f11d2b9aa00c04f79f805,DC=pilot,DC=domain,DC=com>";
    DirectoryEntry root = new DirectoryEntry(rootPath);
    root.AuthenticationType = AuthenticationTypes.FastBind | AuthenticationTypes.Secure;
     
    DirectorySearcher srchr = new DirectorySearcher(root);
    srchr.PropertiesToLoad.Add("objectGUID");
    srchr.PropertiesToLoad.Add("whenChanged");
    srchr.PropertiesToLoad.Add("objectClass");
    srchr.PropertiesToLoad.Add("uSNChanged");
    srchr.PropertiesToLoad.Add("cn");
     
    srchr.SearchScope = SearchScope.Subtree;
    srchr.Tombstone = true;
    srchr.PageSize = 1000;
    srchr.Filter = "(&(isDeleted=TRUE)(uSNChanged>=0))";
     
    SearchResultCollection results = srchr.FindAll();
     
    foreach (SearchResult result in results) {
        ADObject obj = new ADObject(result);
        deletedObjects.Add(obj);
    }
     
    return deletedObjects;

    The deletedObjects returns 0 elements.

    Would there be special permissions needed to search this area of Active Directory?  Is there a way I could run a query through ADSI Edit to validate what objects should be returned?  Is the rootPath correct?

    Any help or clues to point me in the right direction or where to look are greatly appreciated.


    Andy Kreider | Principal Financial Group | Des Moines, IA, USA


    • Edited by Kritter Monday, January 13, 2014 7:25 PM
    Monday, January 13, 2014 7:24 PM

Answers

All replies