Whats wrong with this command???

I am trying to restore object and can find it but it wont restore!  If i search by name or display name i get similar error in first place but with samaccountname i can locate it but cant restore. I tried LDAP method and got error there too of different kind.

PS C:\Users\administrator.domain> Get-ADObject -Filter {samaccountname -eq
"XenTmplt$"} -IncludeDeletedObjects


Deleted           : True
DistinguishedName : CN=XENTMPLT\0ADEL:e51eef47-02ba-40c7-acb9-fea3f9a0af7b,CN=D
                    eleted Objects,DC=domain,DC=local
Name              : XENTMPLT
                    DEL:e51eef47-02ba-40c7-acb9-fea3f9a0af7b
ObjectClass       : computer
ObjectGUID        : e51eef47-02ba-40c7-acb9-fea3f9a0af7b

 

PS C:\Users\administrator.domain> Get-ADObject -Filter {samaccountname -eq
"XenTmplt$"} -IncludeDeletedObjects | Restore-ADObject
Restore-ADObject : Illegal modify operation. Some aspect of the modification is
 not permitted
At line:1 char:96
+ Get-ADObject -Filter {samaccountname -eq "XenTmplt$"} -IncludeDeletedObjects
| Restore-ADObject <<<<
    + CategoryInfo          : InvalidOperation: (CN=XENTMPLT\0AD...lacorp,DC=l
   ocal:ADObject) [Restore-ADObject], ADIllegalModifyOperationException
    + FullyQualifiedErrorId : 0,Microsoft.ActiveDirectory.Management.Commands.
   RestoreADObject

June 21st, 2012 7:18pm

Hi,

have you enabled the Active Directory trash?

http://technet.microsoft.com/en-us/library/dd379481(v=WS.10).aspx

Free Windows Admin Tool Kit Click here and download it now
June 21st, 2012 10:21pm

Is it possible there is another object with the same cn in the lastKnownParent, or with the same sAMAccountName anywhere in the domain?

June 22nd, 2012 12:22am

Hi,

I would like to know that have you enable AD Recycle Bin.

The below blog is talk about this, please go through it, you will find out the proper way to restore deleted objects:

The AD Recycle Bin: Understanding, Implementing, Best Practices, and Troubleshooting

http://blogs.technet.com/b/askds/archive/2009/08/27/the-ad-recycle-bin-understanding-implementing-best-practices-and-troubleshooting.aspx

Hope this helps.

Regards,

Yan Li

 

TechNet Subscriber Support

If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

Free Windows Admin Tool Kit Click here and download it now
June 22nd, 2012 8:25am

So again...

get-adobject -filter 'samaccountname -like "user*"' -IncludeDeletedObjects | Restore-ADObject

should work.  but it doesn't.

I assume the recyclebin is on.  (how do you tell?)  if it's not on, turning it on isn't going to help...

why does this happen?

Restore-ADObject : Illegal modify operation. Some aspect of the modification is
 not permitted
At line:1 char:93
+ get-adobject -filter 'samaccountname -eq "user"' -IncludeDeletedObjects | R
estore-ADObject <<<<
    + CategoryInfo          : InvalidOperation: (CN=user\...ng,DC=domain:ADObject) [Restore-ADObject], ADIllegalModifyOperationException
    + FullyQualifiedErrorId : 0,Microsoft.ActiveDirectory.Management.Commands.
   RestoreADObject

August 2nd, 2013 9:34pm
Hello, 

You don't need recyclebin enabled in your domain in order to restore an object in Active Directory via PowerShell.

Get-ADObject -filter 'samaccountname -like "user*"' -IncludeDeletedObjects | Foreach-Object{Restore-ADObject $_ -NewName $_.Name -TargetPath $_.LastKnownParent}


"Illegal modify operation." exist because of the '-NewName' parameter not specified.

But, if recyclebin is off, the user account that has been restored is only member of "Domain Users" group and has lost attributes that existed before it was deleted (drive, town, name, ...).

The good news is that your account has kept is original SID ...

Cordialy

Matthew BETTON


Free Windows Admin Tool Kit Click here and download it now
October 4th, 2013 6:21am
Hello, 

You don't need recyclebin enabled in your domain in order to restore an object in Active Directory via PowerShell.

Get-ADObject -filter 'samaccountname -like "user*"' -IncludeDeletedObjects | Foreach-Object{Restore-ADObject $_ -NewName $_.Name -TargetPath $_.LastKnownParent}


"Illegal modify operation." exist because of the '-NewName' parameter not specified.

But, if recyclebin is off, the user account that has been restored is only member of "Domain Users" group and has lost attributes that existed before it was deleted (drive, town, name, ...).

The good news is that your account has kept his original SID ...

Cordialy

Matthew BETTON



October 4th, 2013 1:13pm
Hello, 

You don't need recyclebin enabled in your domain in order to restore an object in Active Directory via PowerShell.

Get-ADObject -filter 'samaccountname -like "user*"' -IncludeDeletedObjects | Foreach-Object{Restore-ADObject $_ -NewName $_.Name -TargetPath $_.LastKnownParent}


"Illegal modify operation." exist because of the '-NewName' parameter not specified.

But, if recyclebin is off, the user account that has been restored is only member of "Domain Users" group and has lost attributes that existed before it was deleted (drive, town, name, ...).

The good news is that your account has kept his original SID ...

Cordialy

Matthew BETTON



Free Windows Admin Tool Kit Click here and download it now
October 4th, 2013 1:13pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics