Script to display deleted objects in Active Directory (PowerShell) 


Download Windows Server 2012

Introduction

This PowerShell script sample can display deleted objects form the Active Directory. 

Scenarios

The accidental deletion of Active Directory objects is a common occurrence for users of Active Directory Domain Services (ADDS) and Active Directory Lightweight Directory Services. This script can display the deleted objects form the Active Directory Recycle Bin.

Script

Step 1: Click Start, type powershell in the search box on the Start Menu, right-click the Windows PowerShell icon, and then click Run Windows PowerShell as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

Step 2: Run the script in the Windows PowerShell Console, type the command: Import-Module <Script Path> at the prompt.
For example, type Import-Module C:\Script\DisplayDeletedADObjects.psm1
This is shown in the following figure.

Step 3: Type the command Get-Help Get-OSCDeletedADObjects -Full to display the whole help file for this function, such as the syntax, parameters, or examples.

Here are some code snippets for your references. To get the complete script sample, please click the download button at the beginning of this page.

PowerShell
Edit|Remove
If($StartTime-and $EndTime)  
{ 
    $AllADObjects| Where-Object{$_.whenChanged -ge $StartTime-and $_.whenChanged -le $EndTime}     
} 
ElseIf($Name) 
{ 
    $AllADObjects| Where-Object{$_."msDS-LastKnownRDN"-like $Name} 
} 
Else 
{ 
    $AllADObjects 
}

Example 

Example 1: Type the Get-OSCDeletedADObjects command in the Windows PowerShell Console.

This command shows all deleted objects in active directory.

Example 2: Type Get-OSCDeletedADObjects -StartTime 2/22/2013 -EndTime 3/3/2013 command in the Windows PowerShell Console.

This command shows all deleted objects in active directory from 2/20/2013 to 3/3/2013

Prerequisite 

Windows PowerShell 3.0
Windows Server 2012