Work with Active Directory Objects

Restore Active Directory Objects

You can roll back an attribute change from within the audit viewer.

Note: You must first create a collector so that a backup is available. You can then restore the object information to the saved values in the backup. We suggest that you add Active Directory Users and Computers (ADUC) to the Cygna Auditing & Security Suite.

This provides an integrated view and easy access to the users and objects in ADUC. It also adds access to the Remote Server Administration Tools (RSAT) extensions that were installed with the management console.

How Name Conflict Resolution Works

A name conflict can occur if you attempt to restore an object when there is an existing object of the same name. For example:

  • The user account John Smith is deleted from the Sales OU.
  • A new John Smith user account is created in the Sales OU.
  • An admin restores the first John Smith user account from the Recycle Bin.

A conflict may also occur:

  • If you try to restore an object with the same Relative Distinguished Name (RDN) as an existing object.
  • If there is an object with the same Logon Name (Pre-Windows 2000). This is also known as the sAMAccountName attribute. This value must be unique for the domain.
  • If there is an object with the same Logon Name (userPrincipalName attribute), then you must change the object name. The Logon Name value must be unique for the forest.

You cannot overwrite an existing object with the object that you are restoring. You must always restore the object with a new name (if a conflict occurs) or skip the restore.

If you are monitoring Active Directory objects and determine that objects were accidentally deleted, you can restore the object using one of the following:

  • The Recovery node in the Recovery for Active Directory
  • The Recycle Bin in Active Directory Users and Computers
  • The Deleted Objects tab in the properties of the deleted object’s parent container in Active Directory Users and Computers