Finding deleted objects in AD

I recently had to troubleshoot why a DNS record disappeared. My first thought was DNS scavenging (even though it shouldn’t delete active records). As a first step, I wanted to find the deleted record in AD since AD will tombstone records prior to actively deleting them, that should be doable.

A little research and this is what I found:

  1. Open LDP.exe
  2. Connect and Bind to your domain
  3. Select View | Tree and for BaseDN: enter CN=Deleted Objects,DC=Contoso,DC=com
  4. Browse at all the deleted objects

Leave a Reply