NNS ADix - How to...Reanimate Active Directory Tombstones

General Information:

When an Active Directory object is deleted, the object is not immediately removed from the Active Directory
database. Instead, the object will be turned into a tombstone. This is because the object deletion must be propagated
to other domain controllers.
NNS ADix enables you to conveniently reanimate Active Directory tombstones.

The following changes will be made to an object when it is deleted:
    - The value of the "isDeleted" attribute is set to "TRUE"
    - Most of the attribute values are stripped of
    - The object will be renamed to something like CN=oldRDN\0ADEL:objectGUID and
      moved to a special container in the objects naming context called "CN=Deleted Objects"
    - The distinguished name of the objects original location will be saved in an attribute called "lastKnownParent"
      (this feature is supported on Windows Server 2003 or higher)

Tombstones are removed from the Active Directory database after the tombstone lifetime has expired.
The default tombstone lifetimes are...
    - Forest initially built using Windows Server 2000/Windows Server 2003: 60 days
    - Forest initially built using Windows Server 2003 SP1 or higher: 180 days

Note:
    Windows Server 2008 R2 has a new feature called "Active Directory Recycle Bin". This feature enables you to retain
    all link-valued and non-link-valued attributes of the deleted Active Directory objects. This values are preserved and the objects are restored
    in their entirety to the same consistent logical state that they were in immediately before deletion. For example, restored user accounts
    automatically regain all group memberships and corresponding access rights that they had immediately before deletion, within and across domains.

    Please refer to the following link to get more information about enabling and using this feature: Active Directory Recycle Bin Step-by-Step Guide

Reanimating Tombstones:

NNS ADix provides two capabilities to reanimate tombstones:
    - The Query Filter Preview dialog
    - The AD Browser

To reanimate tombstones using the Query Filter Preview dialog...

• Create a new query filter
• Set the query root to LDAP://CN=Deleted Objects, DC=<DomainNamingContext> (e.g. LDAP://CN=Deleted Objects, DC=dom, DC=com)
• Select the Include deleted objects option
• Use the following query filter: (isDeleted=*)

  Note:
      You can adjust the query filter to your needs. E.g. to return only deleted group objects,
      use the following query string: (&(isDeleted=*)(objectClass=group))

• Click the Preview button to open the Query Filter Preview dialog.
• Select the tombstones you want to reanimate and click the Reanimate Tombstone button on the bottom of the query filter result list.
  The Reanimate Tombstone dialog appears on the screen.
• Choose the parent container where the reanimated tombstones will be placed
• Click the Start Reanimation button to start the tombstone reanimation
• Check the tombstone reanimation results for any errors

To reanimate tombstones using the AD Browser...

• Create a new AD Browser profile or edit an existing one and provide the following setting:
  Advanced tab->select Include deleted objects option
• Save the profile and connect to Active Directory using the specified profile
• Locate the deleted objects container in the AD Browser console tree and left-click this container. The Reanimate Tombstone
  dialog appears on the screen.
• Choose the parent container where the reanimated tombstones will be placed
• Click the Start Reanimation button to start the tombstone reanimation
• Check the tombstone reanimation results for any errors