How to search for deleted objects in Active Directory

Article translations Article translations
Article ID: 284928 - View products that this article applies to.
This article was previously published under Q284928
Expand all | Collapse all

SUMMARY

This article describes how to search for objects in the Deleted Objects container that have been deleted but not yet "garbage collected." These objects are called tombstones. After they are deleted by the garbage collection process, they no longer exist in the directory database.

MORE INFORMATION

When an Active Directory object is deleted, it is stored in the Deleted Objects container for a configurable period of time so that the deletion can replicate. To view tombstone objects in the Deleted Objects container, follow these steps:
  1. Click Start, click Run, and then type ldp.exe.
  2. Connect to a domain controller. Then, bind to the domain controller.
  3. On the Browse menu, click Search.
  4. In the BaseDN box, type the distinguished name of the domain or path for the tombstone that you want to retrieve.

    For example, to retrieve the tombstone for the domain "myDomain.com," type DC=myDomain,DC=com.
  5. In the Filter box, click (isDeleted=*).
  6. In the Scope section, click Subtree.
  7. Click Options.
  8. In the Search Options dialog box, click Extended in the Search Call Type section, and make sure that the Timeout(s) box contains a value that is larger than zero (0).
  9. Click Controls, and then type 1.2.840.113556.1.4.417 in the Object Identifier box.
  10. In the Control Type section, click Server.
  11. To add the control to the Active Controls list, click Check in, and then click OK.
  12. In the Search Options dialog box, click OK.
  13. In the Search dialog box, click Run.
Note After you add the "Control for Deleted Objects" in step 9, you can use the Ldp.exe tool to view the Deleted Objects container in all naming contexts for which your connected domain controller is authoritative. For example, you can view the Deleted Objects container in the following naming contexts:
  • NC Configuration
  • ForestDnsZones
  • DomainDnsZones
For more information about how to use the Ldp.exe tool, refer to the Microsoft Windows 2000 Resource Kit Tools Help file.

Properties

Article ID: 284928 - Last Review: October 11, 2007 - Revision: 4.2
APPLIES TO
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard x64 Edition
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
Keywords: 
kbhowto kbinfo KB284928

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com