This blog post is part of a series of posts that describe how to build an Active Directory Help Desk tool with PowerShell Universal. Here is a listing of other posts in this series.
The full source code can be found on our template repository.
In this blog post, we will look at how to add a new tool to our Active Directory Help Desk. We will use the tab control to organize our tool page in a more manageable way. We will then take advantage of the table control to look up deleted users and then add a button in the table to restore those deleted users. We will have the button invoke a script in Universal Automation to audit which object was restored and by whom.
Configuring the Active Directory Recycle Bin
This blog post takes advantage of the Active Directory Recycle Bin. It allows for the restoration of objects with all their properties restored. If you do not have the recycle bin enabled, users can be restored but their properties will be lost.
In my domain, I’ve enabled the Active Directory Recycle Bin with a PowerShell command. More information can about the Recycle Bin can be found here.
Once the Recycle Bin is enabled, I can now delete and restore objects to their full glory. I’ve created a new user, Tony Stark, and put him in the Executives group.
I then can use Remove-ADUser to delete the user object.
Creating a Script to Restore a User
In Universal, we will create a new script under the Automation node to restore users. We’ll add a single parameter that accepts the distinguished name and executes the Restore-ADObject cmdlet.
Updating the Dashboard
Now that we have a script ready to restore users, we can update our dashboard to add a new tool for users to execute. First, we will update the tools page to use tabs to separate the tools into their own tabs.
Next, we will create a table to return the currently deleted user accounts. Within the table, we will customize the columns and display the name, distinguished name and a restore button to restore the user object. When the button is clicked, we will call Invoke-UAScript to start our Restore User script and pass the distinguished name of the object we are restoring.
The resulting table with look like the one below. It will refresh each time the page is loaded.
Restoring a User Object
Now that our tool is working, we can use it to restore a user object. When you click the restore button, a toast will show that the user is being restored. After the account has been restored, another toast will be show. We can refresh the page to see that the user object is no longer listed and we can use Get-ADUser to see the the user has now been restored in the domain.
In this post, we looked at how to restore Active Directory users with the Recycle Bin and PowerShell Universal. We updated the dashboard to use a table and tabs for better organization.