How to List Deleted Objects in Active Directory?

If you are an IT administrator and need to list deleted objects in Active Directory, you can do so either by writing custom LDAP scripts to do so or using Free Active Directory Reporting Tools to do so.

 

As you may know, when an object is deleted in Active Directory, it is first logically deleted for a specific interval of time to allow replication of the deletion to occur, and after this time has elapsed it is physically deleted. For more information on how to List Deleted Objects in Active Directory, you can refer to the Active Directory Security dot com website, where you will also find pointers to free tools that you can use to list deleted objects in your Active Directory for free. A logically deleted Active Directory object is referred to as a Tombstone, and all tombstones reside in the Deleted Objects container in Active Directory.

 

For completeness, it should be mentioned that the Deleted Objects Container and its contents are hidden by default, and require special permissions to view. By default, only the System account and members of the Administrators group can view the contents of this container. Administrators however can configure permissions on this container to enable other users or applications that might have a need to view Deleted Objects in Active Directory, to do so.

Security Reporting in Microsoft Windows Server Environments

The Microsoft Windows Server family of operating systems provides an enterprise-grade, secure and feature-rich network operating system platform upon which organizations can reliably run their IT infrastructures.

Running a Microsoft Windows Server based IT infrastructure however involves the deployment and maintainence of numerous advanced technologies ranging from Active Directory to Group Policy, Kerberos, DNS, DHCP and in some cases Microsoft Exchange and Microsoft PKI technologies.

Reliable insight into the various aspects of an IT infrastructure is essential to operating trustworthy infrastructures and this insight can be largely aided by periodic and accurate security reporting.

In this blog, we examine the various advanced aspects of security that play a role in Microsoft Windows Server based IT infrastuctures and look at how to generate vital security reports that can provide valuable and actionable insight into the security state of every aspect of these IT infrastructures.