Platform SDK: Active Directory, ADSI, and Directory Services

Accessing Hidden or Deleted Entries

To access hidden or deleted items, you must use either the OpenDSObject method or the AdsOpenObject function. You must explicitly bind to the directory object with a valid account and use simple clear text authentication with "cn=admin" appended to the username. For example: "cn=Username, dc=Domain, cn=admin". Also, the Exchange service account must be a member of the local administrators group on the server.

If you were to bind to a visible container with this method, and enumerate the objects in the container, you would see the deleted and hidden objects. You can also bind directly to a hidden or deleted object. Without "cn=admin" appended to the username, you would normally receive an error: 0x80072030 "There is no such object on the server. Once you bind with this method, you will be able to access hidden and deleted objects.

Hidden objects are objects with the Boolean attribute, "Hide from AB" ("Hide-From-Address-Book" to LDAP) set to TRUE ("1").

Deleted objects, also called tombstones, are objects with the Boolean attribute "Is-Deleted" (also "Is-Deleted" to LDAP) attribute set to TRUE ("1").

Dim objNS As IADsOpenDSObject
Dim objDeletedObject As IADs

Set objNS = GetObject("LDAP:")
Set objDeletedObject = _
        objNS.OpenDSObject(strADsPath, _
        "cn=Username, dc=Domain, cn=admin",_
    "Password", 1)
'"objDeletedObject" now is a reference to a deleted object

Note: This example is specific to Exchange Server version 5.5 and below, and is not upwardly compatible with Exchange 6.0. Management and access of Exchange 6.0 Servers should be made through the CDO Exchange Management interfaces instead.