I have read this well done paper on Recovery of AD:
This paper says also how perform auth restore in AD environment. And I
've keep in mind this:
"When Active Directory deletes an object, it doesn’t physically delete
the object from the DIT. Instead, it marks the object as deleted by
setting its isDeleted attribute to true, which renders the object
invisible to normal directory operations."
so i know that these delete (marks) objects are tombstone and windows
2003 retain these for 180 days.
Now, this is my question:
Is possible to recover delete objects without restore SystemState from
And again, how i can view delete objects stored in DIT ?
Thanks very much