Subscribe to Windows IT Pro
February 17, 2004 12:00 AM

Searching for Tombstones

Robbie Allen
Windows IT Pro
InstantDoc ID #41578
Rating: (6)

Searching for Tombstones
Searching for tombstone objects in Windows Server 2003 or Windows 2000 is similar to searching for any other type of object but with a couple of important differences. First, you must enable the Return Deleted Objects Lightweight Directory Access Protocol (LDAP) control as part of the search operation. Second, if you want to limit your results to tombstones, you need either to set the search base to the target partition's Deleted Objects container or use (isDeleted=TRUE) as part of your search filter.

Let's walk through a sample search operation by using the Ldp tool, which is available in either the Windows 2003 or Win2K Support Tools, to search for all tombstone objects in a domain. (The Windows 2003 version of Ldp offers some expanded capabilities.) Open Ldp and connect to the target domain controller (DC) by selecting Connection, Connect from the tool's menu bar. After you've established a connection, select Connection, Bind from the tool's menu bar. Only members of the Domain Admins group can search for tombstone objects, so you'll need to use a Domain Admins username and password to authenticate.

Next, select Options, Controls from the menu bar. The resulting window varies a little depending on whether you're using the Windows 2003 or Win2K version of Ldp; Web Figure A (http://www.winnetmag.com/windowssecurity, InstantDoc ID 41578) shows the Windows 2003 version, and Web Figure B shows the Win2K version. In Windows 2003, simply select Return deleted objects from the drop-down list under the Load Predefined heading. In Win2K, enter 1.2.840.113556.1.4.417 in the Object Identifier field; this string is the Object Identifier (OID) representation of the Return deleted objects control. In both Ldp versions, make sure that the Server option (under Control Type) and the Critical check box are selected. Click Check in, then click OK.

Click Browse and select Search. In the Base Dn field, enter the distinguished name (DN) of the domain's Deleted Objects container (e.g., cn=Deleted Objects,dc=rallencorp,dc=com). In the Filter field, enter

(isDeleted=TRUE)

This filter searches for all tombstone objects. To view all deleted user objects, enter

(&(isDeleted=TRUE)(objectClass=user))

Under Scope, select the One Level option, then click Options. Under Search Call Type, select the Extended option, then click OK. Click Run to execute the search.

The Ldp results pane will show output similar to the output that Figure A shows. The sample output shows that only one tombstone object exists in the Deleted Objects container.

Related Content:

ARTICLE TOOLS

Comments
Add A Comment
  • Brad
    3 years ago
    Jan 15, 2009

    I hate this

  • Davanand
    4 years ago
    Aug 20, 2008

    test

  • Paul
    4 years ago
    May 20, 2008

    Would be nice to ring it before commenting

  • Kent
    5 years ago
    Aug 15, 2007

    need to read it first

  • Robert
    5 years ago
    Mar 11, 2007

    Test

You must log on before posting a comment.

Are you a new visitor? Register Here

advertisement

advertisement

Dev Pro Left-Brain SharePoint Pro SQL Server Pro SuperSite for Windows Windows IT Pro

© 2012 Penton Media, Inc.

Home About Us Advertise Customer Service Privacy Statement Subscribe/Renew Terms Of Use

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.