Microsoft KB Archive/284928

= How to search for deleted objects in Active Directory =

Article ID: 284928

Article Last Modified on 10/11/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition
 * Microsoft Windows Server 2003, Standard x64 Edition
 * Microsoft Windows Server 2003, Enterprise x64 Edition
 * Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server

-



This article was previously published under Q284928



SUMMARY
This article describes how to search for objects in the Deleted Objects container that have been deleted but not yet &quot;garbage collected.&quot; These objects are called tombstones. After they are deleted by the garbage collection process, they no longer exist in the directory database.



MORE INFORMATION
When an Active Directory object is deleted, it is stored in the Deleted Objects container for a configurable period of time so that the deletion can replicate. To view tombstone objects in the Deleted Objects container, follow these steps:
 * 1) Click Start, click Run, and then type ldp.exe.
 * 2) Connect to a domain controller. Then, bind to the domain controller.
 * 3) On the Browse menu, click Search.
 * 4) In the BaseDN box, type the distinguished name of the domain or path for the tombstone that you want to retrieve.

For example, to retrieve the tombstone for the domain &quot;myDomain.com,&quot; type DC=myDomain,DC=com.
 * 1) In the Filter box, click (isDeleted=*).
 * 2) In the Scope section, click Subtree.
 * 3) Click Options.
 * 4) In the Search Options dialog box, click Extended in the Search Call Type section, and make sure that the Timeout(s) box contains a value that is larger than zero (0).
 * 5) Click Controls, and then type 1.2.840.113556.1.4.417 in the Object Identifier box.
 * 6) In the Control Type section, click Server.
 * 7) To add the control to the Active Controls list, click Check in, and then click OK.
 * 8) In the Search Options dialog box, click OK.
 * 9) In the Search dialog box, click Run.

Note After you add the &quot;Control for Deleted Objects&quot; in step 9, you can use the Ldp.exe tool to view the Deleted Objects container in all naming contexts for which your connected domain controller is authoritative. For example, you can view the Deleted Objects container in the following naming contexts:
 * NC Configuration
 * ForestDnsZones
 * DomainDnsZones

For more information about how to use the Ldp.exe tool, refer to the Microsoft Windows 2000 Resource Kit Tools Help file.

Keywords: kbhowto kbinfo KB284928

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.