How to search for deleted objects in Active Directory

This article describes how to search for objects in the Deleted Objects container that have been deleted but not yet "garbage collected." These objects are called tombstones. After they are deleted by the garbage collection process, they no longer exist in the directory database.

When an Active Directory object is deleted, it is stored in the Deleted Objects container for a configurable period of time so that the deletion can replicate. To view tombstone objects in the Deleted Objects container, follow these steps:

1. Click Start, click Run, and then type ldp.exe.
2. Connect to a domain controller. Then, bind to the domain controller.
3. On the Browse menu, click Search.
4. In the BaseDN box, type the distinguished name of the domain or path for the tombstone that you want to retrieve.
   
   For example, to retrieve the tombstone for the domain "myDomain.com," type DC=myDomain,DC=com.
5. In the Filter box, click (isDeleted=*).
6. In the Scope section, click Subtree.
7. Click Options.
8. In the Search Options dialog box, click Extended in the Search Call Type section, and make sure that the Timeout(s) box contains a value that is larger than zero (0).
9. Click Controls, and then type 1.2.840.113556.1.4.417 in the Object Identifier box.
10. In the Control Type section, click Server.
11. To add the control to the Active Controls list, click Check in, and then click OK.
12. In the Search Options dialog box, click OK.
13. In the Search dialog box, click Run.

Note After you add the "Control for Deleted Objects" in step 9, you can use the Ldp.exe tool to view the Deleted Objects container in all naming contexts for which your connected domain controller is authoritative. For example, you can view the Deleted Objects container in the following naming contexts:

• NC Configuration
• ForestDnsZones
• DomainDnsZones

For more information about how to use the Ldp.exe tool, refer to the Microsoft Windows 2000 Resource Kit Tools Help file.