Last updated 1 year ago
Was this helpful?
its members have permissions to read deleted AD object. Juicy information can be found in there.
ldapsearch can be use to enumerate deleted AD objects
ldapsearch -x -H ldap://$IP -D "Ad_Recyle_Bin_User@contoso.local" -w 'Password!' -b "CN=Deleted Objects,DC=contoso,DC=local" -E '!1.2.840.113556.1.4.417' '(&(objectClass=*)(isDeleted=TRUE))'
Using the , we can enumerate deleted AD objects
Get-ADObject -filter 'isDeleted -eq $true' -includeDeletedObjects -Properties *
