Wednesday, June 24, 2009

So what's a Tombstone Reanimation Feature?

They say that this feature is available in as early as Windows 2000 but this is the only time I am hearing about it. But what is it, anyway? Tombstore reanimation is the process of re-activating a deleted object from Active Directory. When Active Directory deletes an object, say a user or computer, from the directory, it does not physically remove the object from the database. Instead, it marks the object as deleted by setting the object's isDeleted attribute to TRUE, removing most of the attributes from the object, renaming the object, and then moving the object to a special container in the object's naming context (NC) named CN=Deleted Objects. The deleted object is now called a tombstone as is totally invisible from any LDAP tools like Active Directory Users and Computers. Even though the object is invisble, it is still there and readily available for us to salvage the data for the purpose of disaster recovery

This TechNet Magazine article highlights how to reanimate Active Directory tombstone objects in case you need to recover an object that has been accidentally deleted. I can't wait to try it out for myself though
Google