Restoring a Container Object and Its Children,

Restoring a Container Object and Its Children

This topic explains how to use the Active Directory module for Windows PowerShell to restore a container and its child objects in Active Directory Domain Services (AD DS).

Example

The following example demonstrates how to restore the deleted organizational unit (OU) Finance_Department in the Fabrikam.com domain:
Get-ADObject -ldapFilter:"(msDS-LastKnownRDN=Finance_Department)" –IncludeDeletedObjects | Restore-ADObject
You have to first restore the parent object and then restore the child objects because the container must be in place for the objects to be restored to their proper location. The following example demonstrates how to restore the deleted child objects of the OU Finance_Department:
Get-ADObject -SearchBase "CN=Deleted Objects,DC=Fabrikam,DC=com" -Filter {lastKnownParent -eq "OU=Finance_Department,DC=Fabrikam,DC=com"} -IncludeDeletedObjects | Restore-ADObject

Additional information

For a full explanation of the parameters that you can pass to Get-ADObject or Restore-ADObject, at the Active Directory module command prompt, type Get-Help Get-ADObject –detailed or Get-Help Restore-ADObject –detailed, and then press ENTER.

Viewing the ACL for an Object

This topic explains how to use the Active Directory module for Windows PowerShell to view the access control list (ACL) for an object in Active Directory Domain Services (AD DS).

Example

The following example demonstrates how to view the ACL for the user TempUser. In the following example, AD is the name of the Active Directory PowerShell drive that is connected to AD DS:
(Get-ACL 'AD:\CN=TempUser,CN=Users,DC=Fabrikam,DC=com').Access | ft IdentityReference,AccessControlType -A

Additional information

For a full explanation of the parameters that you can pass to Get-ACL, at the Active Directory module command prompt, type Get-Help Get-ACL –detailed, and then press ENTER.