News We Recently Launched SysTools Email Decryptor , SysTools Data Recovery Toolkit , SysTools Video Converter , SysTools Email Address Checker , SysTools MBOX Splitter , SysTools MBOX Merge , SysTools CSV Split & Merge , SysTools Excel Split & Merge | News SysTools Commitment to Child Safety: Upholding the Fight Against CSAM |
News We Recently Launched SysTools Email Decryptor , SysTools Data Recovery Toolkit , SysTools Video Converter , SysTools Email Address Checker , SysTools MBOX Splitter , SysTools MBOX Merge , SysTools CSV Split & Merge , SysTools Excel Split & Merge | News SysTools Commitment to Child Safety: Upholding the Fight Against CSAM |
Home » HowTo » Active Directory » How to Restore a Deleted Active Directory User Account?

How to Restore a Deleted Active Directory User Account?

  Mohit Kumar Jha
Written By Mohit Kumar Jha
Anuraag Singh
Approved By Anuraag Singh  
Modified On July 21st, 2025
Reading Time 8 Minutes Reading

User management is one of the core aspects of any Active Directory setup. Moreover, it is during these user management requests that admins ask how to restore a deleted Active Directory user account.

Table of Contents Hide

The process is not as simple as it sounds. Depending on how your AD is set up, the restoration process may vary quite a lot. Don’t worry, as here we have assembled a bunch of methods that cover all possible scenarios. Plus, we also introduce you to a tool that can automatically detect AD objects in your environment, which you can use to see the restored users.

Let us start by discussing the reasons for restoration.

Why Admins Restore Deleted Active Directory Users?

Here is a list of situations that call for a user restoration process.

Undoing Accidental Deletion. This is perhaps the most common cause. When there are users with similar names, it is possible that admins might delete the wrong one. In such a scenario admin may find empty groups in Active Directory.

Reversing a malicious deletion. Disgruntled employees/ external hackers, or wrongly deployed scripts, may cause the user account to be deleted. There, too, admins have to do a restoration.

Return of an employee from a long leave or rehiring an old employee. Moreover, when an employee stays inactive for a significant amount of time, like during a sabbatical, admins usually put the account in a deleted state to prevent accidental misuse. When that employee returns to admission have to restore the account.

These are just some of the real-life situations where admins have to restore users. Before we begin the restoration process, it is important to understand the lifecycle of a deleted AD Object, as it is impossible to restore an object after a point.

Explaining the Lifecycle of a Deleted Active Directory Object

The cycle is different in environments where admins enable the Active Directory Recycle Bin than in those where they don’t. Let’s see what the difference is via a diagram.

Lifecycle of a Deleted Active Directory Object

 

By default, all objects exist in a Live state. When you delete those objects, they switch to the Deleted state. It is possible to restore all user objects that are in this state without any loss of data.

Now, if the IsDeleted flag is changed to True, then the object is permanently removed from the AD. After this, the object is said to be physically erased from the server.

Lifecycle of a Deleted Active Directory Object with Recycle Bin

In an AD where the Recycle Bin is being used, a second Recycled state is added to the lifecycle. This extends the period you have to restore an AD object like a user. Now that we know the object behavior, let us restore.

How to Restore a Deleted Active Directory User Account Using ADAC?

To attempt the following procedure, you must

Step 1. Launch ADAC, find and select the Deleted Objects container (It is usually present below your domain)

Step 2. If you have more than one deleted user, you will see a list. You can select a contiguous list of users by holding the shift key or a non-contiguous list by holding the Ctrl key and using your cursor to pick the users.

Step 3. Then Right-click and select Restore. Every user will be put back into the OU/Container they were assigned to before their deletion.
Other than the “Restore” option, there is also a “Restore to” option, which lets you decide where in the AD you want these user objects to exist.

How to Restore a Deleted User Account in AD Using PowerShell Cmdlets?

Given below is a sample PowerShell cmdlet that will restore the user accounts in those Active Directory environments that use the Recycle Bin facility.

Open a new PowerShell instance to view the list of users that are deleted. Type:

Get-ADObject -Filter 'isDeleted -eq $true' -IncludeDeletedObjects -Property * | Format-List Name, ObjectGUID, Deleted, DistinguishedName

You can modify the cmdlet to format the list with your own set of parameters. Just keep the “Get-ADObject -Filter ‘isDeleted -eq $true’ -IncludeDeletedObjects” part unchanged.

After this, copy the ObjectGUID or the Distinguished Name for the user you want to restore and type:

Restore-ADObject -Identity

This works similarly to the Restore button in the ADAC. Both of the methods we discussed until now require you to have the Recycle Bin. However, what to do if you dont? Enabling it now won’t be of any use. If you are in a similar situation, go through these steps.

How to Restore a Deleted Active Directory User using LDP.exe Step by Step?

LDP.exe is the GUI version of the Lightweight Directory Access Protocol. To use it, follow these steps:

Step 1. Press the Windows + R keys together and type ldp.exe. Press Enter.

Step 2. This will launch a new LDP window on the Connection menu. Click Connect. Type in your domain controller name and hit OK.

Step 3. Then, go back to the Connection menu and click Bind. There, select Bind as currently logged-on user and click OK.

Step 4. Under Options >> Controls >> expand the Load Predefined dropdown and select Return deleted objects. Press OK to confirm. You can now see the User objects that are in the AD tombstone.

Step 5. Now in the View menu, click on Tree, select your domain from the BaseDN dropdown, and hit OK.

Step 6. Then, a tree pane opens on the left side of your screen, where you expand your domain >> You should see a CN=Deleted Objects container. Double-click it.

Step 7. Find the user you wish to restore. Right-click >> Modify. Add these two parameters from the Modify dialog to your list:

  • Attribute: Type isDeleted.
  • Operation: Select the Delete radio button.
  • Click Enter
  • Attribute: Type distinguishedName.
  • Values: Enter the original, full, distinguished name of the user.
  • Operation: Select the Replace radio button.
  • Click Enter

Step 8. Make sure that the two operations are in the list, mark the Extended box at the bottom, and hit Run.

Step 9. This process will restore the User, but it will be in the disabled state. So, export disabled users from Active Directory. Plus, you must manually reattach to all the groups it was in before being deleted.

Apart from These Usual tactics that work at the object level, we also have a domain-wide restoration called Authoritative Restore. So let’s see what it is and how it can be used to get back any deleted AD users.

Perform an Authoritative Restore in Active Directory to Recover User Accounts

Unlike previous methods, you can’t start an authoritative restore out of the blue. As an admin, you must first ensure that the following conditions are met.

Pre-requisites:

  • First, there should exist a healthy system state backup of the DC that was made at the time when the user was still in the AD.
  • Second, you should possess knowledge of the user object’s distinguished name that was being used before it was deleted.

Steps:

Step 1. Restart the AD, and while it’s restarting, press F8 to toggle the “Directory Services Restore Mode (DSRM)”; you will be prompted to use your DSRM administrator account and password. This is different from the regular AD login password.

Step 2. Then, launch the Command Prompt(in admin mode) and use ntdsutil to mark the user object as authoritative. And Type:

ntdsutil
activate instance ntds
authoritative restore
restore object "CN=User Name, OU=Department, DC=yourdomain, DC=com"

Step 3. Click Yes to confirm. Then, type quit twice to exit the ntdsutil tool, and then reboot the domain controller back into normal mode.
The user will now be restored and replicated to other DCs.

Best Practices to Follow While Restoring a Deleted Active Directory User Account

Download Now Purchase Now

  • Use the restoration method applicable for your Active Directory environment.
  • Start using the Recycle bin in your AD.
  • Document the process for future reference.

Conclusion

Here we saw how to restore a deleted Active Directory user account in many different ways. We discussed what to do in environments where there is a Recycle bin and what to do if you dont use it. We taught you everything from PowerShell and admin center restoration to using LDP and even performing an authoritative restoration. Moreover, you can use our automated utility that will help you distinguish between the pre- and post-restoration status of user objects in AD.

  Mohit Kumar Jha

By Mohit Kumar Jha

With 6+ years of experience, Mohit is a Microsoft Certified expert known for his expertise in cloud migration, cybersecurity, and digital forensics. He specializes in Microsoft 365, Exchange Server, and Azure AD migration. Mohit's insights are drawn from extensive practical experience and rigorous testing of the methods and tools discussed, ensuring accurate and actionable guidance for users. As a tech writer, researcher, and editor, he delivers reliable, accurate, and expert-backed insights you can trust.