$Domain = "ldap389"
$DC_FQDN = "dc-01.ldap389.info"
$DC_LAG_FQDN = "dc-lag.ldap389.info"
$AdminAD = "adm-ldap389"
 
$ObjectType = read-host "Enter type of object to restore : 1 = User ; 2 = Computer ; 3= Group"
 
$Admin_Account = $Domain + "\" + $AdminAD
 
$pw = read-host "Enter password for "  $Admin_Account -AsSecureString
 
Switch ($ObjectType)
{
1 {
 $AccountRestore = read-host "Enter User SamAccountName"
 Get-QADUser -service $DC_FQDN -ConnectionAccount $Admin_Account -ConnectionPassword $pw -Tombstone -SamAccountName $AccountRestore | Restore-QADDeletedObject | Enable-QADUser | Get-QADMemberof -service $DC_LAG_FQDN -ConnectionAccount $Admin_Account -ConnectionPassword $pw | foreach { if($_.name -ne "Domain Users"){Add-QADGroupMember -service $DC_FQDN -ConnectionAccount $Admin_Account -ConnectionPassword $pw $_ -Member $AccountRestore}}
 }
 
2 {
 $AccountRestore = read-host "Enter Machine Name"
 $AccountRestoreSama = $AccountRestore + "$"
 Get-QADComputer -service $DC_FQDN -ConnectionAccount $Admin_Account -ConnectionPassword $pw -Tombstone -SamAccountName $AccountRestoreSama | Restore-QADDeletedObject | Enable-QADComputer | Get-QADMemberof -service $DC_LAG_FQDN -ConnectionAccount $Admin_Account -ConnectionPassword $pw | foreach { if($_.name -ne "Domain Computers") { Add-QADGroupMember -service $DC_FQDN -ConnectionAccount $Admin_Account -ConnectionPassword $pw $_ -Member $AccountRestore}}
 }
 
3 {
 $AccountRestore = read-host "Enter Group SamAccountName"
 Get-QADGroup -service $DC_FQDN -ConnectionAccount $Admin_Account -ConnectionPassword $pw -Tombstone -SamAccountName $AccountRestore | Restore-QADDeletedObject | %{Get-QADMemberof -service $DC_LAG_FQDN -ConnectionAccount $Admin_Account -ConnectionPassword $pw $_ | foreach { Add-QADGroupMember -service $DC_FQDN -ConnectionAccount $Admin_Account -ConnectionPassword $pw $_ -Member $AccountRestore} ; Get-QADGroupMember -service $DC_LAG_FQDN -ConnectionAccount $Admin_Account -ConnectionPassword $pw $_ | Add-QADMemberOf -service $DC_FQDN -ConnectionAccount $Admin_Account -ConnectionPassword $pw -Group $AccountRestore}
 }
}