How to List Deleted Objects in Active Directory?

If you are an IT administrator and need to list deleted objects in Active Directory, you can do so either by writing custom LDAP scripts to do so or using Free Active Directory Reporting Tools to do so.

 

As you may know, when an object is deleted in Active Directory, it is first logically deleted for a specific interval of time to allow replication of the deletion to occur, and after this time has elapsed it is physically deleted. For more information on how to List Deleted Objects in Active Directory, you can refer to the Active Directory Security dot com website, where you will also find pointers to free tools that you can use to list deleted objects in your Active Directory for free. A logically deleted Active Directory object is referred to as a Tombstone, and all tombstones reside in the Deleted Objects container in Active Directory.

 

For completeness, it should be mentioned that the Deleted Objects Container and its contents are hidden by default, and require special permissions to view. By default, only the System account and members of the Administrators group can view the contents of this container. Administrators however can configure permissions on this container to enable other users or applications that might have a need to view Deleted Objects in Active Directory, to do so.