[custom-header-login]
If you can set all you domain controllers to Server 2008 R2 then you can, if you wish, enable the recycle bin in Microsoft’s Active Directory. Deleted items are stored for 180 days before finally being purged. Accidental deletions than can be recovered without needing an Active Directory Restore. To enable the feature and to manage recovery of deleted objects you will need a little Powershell as this is all managed from the PowerShell command prompt. But what a feature, a trash can for LDAP is something that we shouldn’t need but is always useful for those times bad things happen.
Import-Module ActiveDirectory Get-ADForest Set-ADForestMode -Identity "tup.com" -ForestMode Windows2008R2Forest Enable-ADOptionalFeature "Recycle Bin Feature" -Scope ForestOrConfigurationSet -target "tup.com" Get-ADObject -Filter {LastKnownParent -eq "ou=sales,dc=tup,dc=com"} -IncludeDeletedItems | Restore-ADObject