none
Whats wrong with this command???

    Question

  • I am trying to restore object and can find it but it wont restore!  If i search by name or display name i get similar error in first place but with samaccountname i can locate it but cant restore. I tried LDAP method and got error there too of different kind.

    PS C:\Users\administrator.domain> Get-ADObject -Filter {samaccountname -eq
    "XenTmplt$"} -IncludeDeletedObjects


    Deleted           : True
    DistinguishedName : CN=XENTMPLT\0ADEL:e51eef47-02ba-40c7-acb9-fea3f9a0af7b,CN=D
                        eleted Objects,DC=domain,DC=local
    Name              : XENTMPLT
                        DEL:e51eef47-02ba-40c7-acb9-fea3f9a0af7b
    ObjectClass       : computer
    ObjectGUID        : e51eef47-02ba-40c7-acb9-fea3f9a0af7b

     

    PS C:\Users\administrator.domain> Get-ADObject -Filter {samaccountname -eq
    "XenTmplt$"} -IncludeDeletedObjects | Restore-ADObject
    Restore-ADObject : Illegal modify operation. Some aspect of the modification is
     not permitted
    At line:1 char:96
    + Get-ADObject -Filter {samaccountname -eq "XenTmplt$"} -IncludeDeletedObjects
    | Restore-ADObject <<<<
        + CategoryInfo          : InvalidOperation: (CN=XENTMPLT\0AD...lacorp,DC=l
       ocal:ADObject) [Restore-ADObject], ADIllegalModifyOperationException
        + FullyQualifiedErrorId : 0,Microsoft.ActiveDirectory.Management.Commands.
       RestoreADObject

    Thursday, June 21, 2012 4:18 PM

Answers

All replies

  • Hi,

    have you enabled the Active Directory trash?

    http://technet.microsoft.com/en-us/library/dd379481(v=WS.10).aspx


    regards Thomas Paetzold visit my blog on: http://sus42.wordpress.com

    Thursday, June 21, 2012 7:21 PM
  • Is it possible there is another object with the same cn in the lastKnownParent, or with the same sAMAccountName anywhere in the domain?


    Richard Mueller - MVP Directory Services

    Thursday, June 21, 2012 9:22 PM
  • Hi,

    I would like to know that have you enable AD Recycle Bin.

    The below blog is talk about this, please go through it, you will find out the proper way to restore deleted objects:

    The AD Recycle Bin: Understanding, Implementing, Best Practices, and Troubleshooting

    http://blogs.technet.com/b/askds/archive/2009/08/27/the-ad-recycle-bin-understanding-implementing-best-practices-and-troubleshooting.aspx

    Hope this helps.

    Regards,

    Yan Li

     

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.


    Yan Li

    TechNet Community Support

    Friday, June 22, 2012 5:25 AM
  • So again...

    get-adobject -filter 'samaccountname -like "user*"' -IncludeDeletedObjects | Restore-ADObject

    should work.  but it doesn't.

    I assume the recyclebin is on.  (how do you tell?)  if it's not on, turning it on isn't going to help...

    why does this happen?

    Restore-ADObject : Illegal modify operation. Some aspect of the modification is
     not permitted
    At line:1 char:93
    + get-adobject -filter 'samaccountname -eq "user"' -IncludeDeletedObjects | R
    estore-ADObject <<<<
        + CategoryInfo          : InvalidOperation: (CN=user\...ng,DC=domain:ADObject) [Restore-ADObject], ADIllegalModifyOperationException
        + FullyQualifiedErrorId : 0,Microsoft.ActiveDirectory.Management.Commands.
       RestoreADObject

    Friday, August 02, 2013 1:35 AM
  • Hello, 

    You don't need recyclebin enabled in your domain in order to restore an object in Active Directory via PowerShell.

    Get-ADObject -filter 'samaccountname -like "user*"' -IncludeDeletedObjects | Foreach-Object{Restore-ADObject $_ -NewName $_.Name -TargetPath $_.LastKnownParent}


    "Illegal modify operation." exist because of the '-NewName' parameter not specified.

    But, if recyclebin is off, the user account that has been restored is only member of "Domain Users" group and has lost attributes that existed before it was deleted (drive, town, name, ...).

    The good news is that your account has kept his original SID ...

    Cordialy

    Matthew BETTON



    Friday, October 04, 2013 10:13 AM