PowerShell Cmdlets

PowerShell as an Active Directory restoration tool

Active Directory is a tier 0 service, which means that it's a critical infrastructure component that has to be available at all times. The deletion of any object within your AD environment, be it a user, group, GPO, or any other type of object, can cause unnecessary disruptions to your network.

Microsoft’s native administrative tool PowerShell provides commands to help you restore deleted or modified objects from existing backups to solve your basic restoration needs.

Note: You have to enable Active Directory Recycle Bin before you can restore deleted objects using PowerShell. Once enabled, Recycle Bin cannot be disabled.

Below are some commonly used PowerShell scripts that you can use to restore AD objects. Look too complicated? Read on to learn about a tool that makes AD restorations even easier by helping you carry out AD tasks in just a few simple clicks.

PowerShell as an AD user restoration tool

PowerShell script to restore a deleted user object:

Restore-ADObject -Identity $dn

Here, $dn is the distinguished name of the user object to be restored. To find the distinguished name of the user object, enter the script below in PowerShell.

(Get-ADObject -SearchBase (get-addomain).deletedobjectscontainer -IncludeDeletedObjects -filt er "samaccountname -eq '%OLD_NAME%'") | Restore-ADObject -NewName "$.Name"

PowerShell as an AD group restoration tool

PowerShell script to restore a deleted group object: 

Here, $dn is the distinguished name of the user object to be restored. To find the distinguished name of the group object, enter the script below in PowerShell.

(Get-ADObject -SearchBase (get-addomain).deletedobjectscontainer -IncludeDeletedObjects -filt er "samaccountname -eq '%OLD_NAME%'") | Restore-ADObject -NewName "$.Name"

PowerShell as an AD GPO restoration tool

PowerShell script to back up a GPO:

Backup-GPO -Name '$GPOName' –Path $path

Here, $GPOName and $path refer to the name of the GPO to be backed up and the path to the location where the backup of the GPO must be stored, respectively. 

PowerShell script to restore a GPO: 

Restore-GPO -Name ‘$GPOName' –Path $path

Here, $GPOName and $path refer to the name of the GPO to be restored and the path to the location where the backup of the GPO is stored, respectively.

The RecoveryManager Plus way

While theoretically these cmdlets might work and provide the desired results, the scenarios that occur in organizations are not as straightforward as the examples above. Administrators are often required to restore an AD object to any of its past states and not just restore the deleted object from the Recycle Bin.

PowerShell does not allow you to manage multiple backup versions of the same object and furthermore, you have to restart your domain controller after each restoration for the changes to take effect, causing even more downtime.

Here's how you can save yourself from the burden of restoring AD objects to any of their past states without having to write complex PowerShell scripts: use RecoveryManager Plus.

RecoveryManager Plus is a simple, hassle-free web-based solution for all your Active Directory backup and restoration needs.

The very idea of it gets you excited, doesn't it?

RecoveryManager Plus has:

  • A self-explanatory and straightforward user interface that eliminates the need for complex PowerShell scripts.
  • A backup system that can maintain multiple backup versions of each object and the ability to restore them to any of their past states.
  • An unending list of features, including granular restoration of AD objects, scheduled backups, incremental backups, backup retention, and bare-metal restoration of domain controllers.

Granular AD object restoration

RecoveryManager Plus backs up each AD object in your domain—including users, groups, computers, contacts, GPOs, OUs, and more—and allows you to restore them to any of their past states easily in just a few simple clicks. All this without having to enable the native Recycle Bin in your AD domain controllers.

You can customize a backup scheduler to run each day, scan your AD for any changes made to objects after the last backup, and back up just those changes. This ensures that any change made to AD objects is stored as a different version of a backup, and you can restore any object to any version at a moment’s notice.

Bare-metal restoration

Back up all parts of your domain controllers, including the system state (Sysvol folder), boot volume, and AD database (Ntds.dit); restore entire domin controllers from scratch in case of emergenices. 

Still not convinced? Try our web-hosted version of RecoveryManager Plus and check it out for yourself.

Download RecoveryManager Plus and eliminate the need to write complex PowerShell scripts to perform the simplest AD restoration actions.

Couldn't find the feature you wanted? Raise a feature request 
Need a full-fledged demonstartion of the product? Request a personalized demo

A single pane of glass for Active Directory and Exchange Backup