How to get the details of the deleted objects from Active directory using LDAP.
A:
*This answer comes from Rodney Anderson, contractor who sits next to me and happens to know AD quite well. He says email him with any questions you have (link provided)
Use dsquery.
http://support.microsoft.com/kb/258310 (LDAP Query)
...the other method is a DSquery from the command line using the following command you should be able to retrieve most attributes which remain in the tombstone (everything in one line): Just keep in mind that this query will not necessarily return all attributes which are preserved in a tombstone - some critical objects and changes of the list are hardcoded and will remain in the tombstone no matter what the searchflags state. This is the solution I used and it will take some tweaking for their domain. dsquery * cn=schema,cn=configuration,dc=yourcomain,dc=com -filter "(&(objectClass=AttributeSchema)(searchFlags:1.2.840.113556.1.4.803:=8))" -scope subtree -attr name
SQLChicken
2009-05-11 13:46:03
A:
On MSDN there is a nice article on finding tombstone objects in Active Directory using the .NET framework DirectorySearcher class.
Ronald Wildenberg
2009-05-11 15:07:55
A:
Well unfortunately there isn't all that much data available from a deleted object. Only about enough data is retained to be able to replicate the deletion to other DC's from my experience. You can get what is available through System.DriectoryServices. Some of this seems to have to do with security and not wanting people to root around looking at old items.
dtoland
2009-05-26 21:52:12