Restore deleted objects
With Adaxes, you can restore deleted directory objects within a set timeframe. In Active Directory, deleted objects move to the Recycle Bin and can be recovered within 180 days by default. In Microsoft Entra ID, users and Microsoft 365 groups are soft-deleted for 30 days, while security groups are permanently deleted and can't be restored.
In this tutorial, you will learn how to restore deleted objects using the Adaxes web interface and administration console, enable the Active Directory Recycle Bin, and delegate restore permissions to users.
Recycle Bin
Adaxes allows restoring deleted objects even if the Recycle Bin isn't enabled, but enabling it is strongly recommended. With Recycle Bin, objects are fully restored with all properties intact, whereas without it, only partial recovery is possible.
Enabling the Recycle Bin is irreversible. Once enabled, it cannot be disabled.
In Microsoft Entra ID, the Recycle Bin is always enabled. In Active Directory, enabling it requires the forest functional level to be Windows Server 2008 R2 or higher, meaning all domain controllers must run at least Windows Server 2008 R2.
How to enable the Recycle Bin
To find all AD domains with the Recycle Bin disabled, you can use the Domains with Recycle Bin disabled report:
-
Launch Adaxes administration console.
-
Expand your Adaxes service and select Reports.
-
Type Recycle Bin in the Type report name edit box located to the right.
-
Select the Domains with Recycle Bin disabled report and click Generate.
To enable Recycle Bin for a domain:
-
Right-click the domain for which you want to enable Recycle Bin.
-
Point to All Tasks, and click Enable Recycle Bin.
Permissions
The permissions to restore deleted objects, like any other permissions in Adaxes, are granted with the help of security roles. You can allow users to restore all types of objects or only specific object types, like users, groups, or computers.
To allow restoring deleted objects, a security role must contain the Restore Deleted Objects permission.
How to add Restore Deleted Objects permission
-
Launch Adaxes administration console.
-
Expand your Adaxes service, then expand Configuration and Security Roles.
-
Select the security role you want to modify.
-
In the Permissions section located to the right, click Add.
-
In the Operations on child objects list, check the Restore Deleted Objects permission in the Allow column.
-
To allow restoring only specific types of directory objects, click Select object types and select the object types you need.
-
Click OK and then click Save changes.
For the Restore Deleted Objects permission to take effect, a security role must be assigned over containers, organizational units, and domains. The permission will not apply when a security role is assigned over members of groups and business units because deleted objects are not members of any group or business unit.
-
To restore an object, users must have the Restore Deleted Objects permission for the organizational unit or container where the object was located before deletion.
-
To restore an object to a new location, users must have the permission to restore deleted objects in both old and new locations.
-
If the organizational unit or container where the object was located no longer exists, users must have the Restore Deleted Objects permission applied to the object's domain to restore it.
It is also possible to restore Adaxes configuration objects, such as security roles, property patterns, business units, and scheduled tasks.
To delegate the permissions to restore Adaxes configuration objects, a security role must be assigned over the Configuration Objects scope.
Using logs to restore objects
You can use Adaxes log records to restore deleted objects. To get access to the logs, you can either use the Logging view in Adaxes administration console, or reports based on log records.
To restore deleted objects using the Logging view:
-
Launch Adaxes administration console.
-
Expand your Adaxes service and select Logging.
-
Select Delete in the Filter Operation drop-down list located to the right.
-
Right-click a record for a delete operation and click Restore in the context menu.
Using reports to restore objects
Adaxes provides a number of reports on deleted directory objects, such as Recently deleted users or Recently deleted OUs. You can use the reports to restore deleted objects.
To restore objects using reports in Adaxes web interface:
-
Click the Reports drop-down located in the header and type Recently deleted in the edit box.
-
Select a report in the list. For example, if you want to restore an accidentally deleted organizational unit, select the Recently deleted OUs report.
-
Generate the selected report.
-
Select the object you want to restore and click Restore.
If necessary, you can disable the Restore Deleted Object operation in a web interface. For details, see Disable operations on directory objects.
Undo delete
When a user accidentally deletes an object using Adaxes, they will have a brief period of time to use the Undo option in the snackbar and instantly recover the deleted object.
The Undo operation is only available if the user has the permission to restore the deleted object and if the Recycle Bin feature is enabled for the object's domain.
For information on how to protect objects from accidental deletion, see Protect objects from deletion. Both, directory objects and Adaxes configuration objects can be protected from accidental deletion.