Ok, so this is going to be my last post on my recent encounter with a hack attack. If you haven’t been following for the last few posts, a local business owner I trade services with got his Domain Controller hacked into, and the hacker did some mischievous things to make the business owner’s life difficult.
The last thing I will talk about that the hacker did was delete a couple of domain user accounts. The reason I saved this for last is because it is also the easiest to fix. Also, I have written about restoring tombstoned Active Directory accounts in the past using a free tool called ADRestore.net.
The reason this works, and is easy to fix, is that when you delete an account in Active Directory, kind of like deleting something on your desktop, it’s not really deleted. Instead of going to never never land, the account is just marked as a tombstone in Active Directory, and hidden. Sure, after a while the tombstones get cleaned out, but that takes a while. As long as you discover the missing account soon enough, you can recover it.
With ADRestore.net, you can browse the tombstones in Active Directory and restore them easily with a click of the mouse. Read my original post about ADRestore.net here: (ADRestore.net)