Restoring Deleted Active Directory User fails with Error 0x2077 Illegal Modify Operation

I was attempting to restore an Active Directory User that was accidentally deleted on a SBS 2011 server using the steps outlined in this Microsoft KB Article, however I kept coming up short with the following error message.

“Error 0x2077 Illegal modify operation. Some aspect of the modification is not permitted.”

I was a bit stumped until I read a few of the comments on that article. If you are experiencing this error, check out these tips by Brandon in the comments. Worked perfectly after I followed these steps. Thank you, kind sir.

  • Insure that you are connecting to your DC by using LDAPS (SSL, port 636)
  • When performing the rename operation using LDP.exe, insure that you are changing the distinguishedName to an object that doesn’t exist. In my case, I received this error when I forgot to include the computer’s name in the DN (meaning, I only had OU=x,DC=y,DC=z instead of CN=Server,OU=x,DC=y,DC=z)
  • If using powershell and you receive this error: use LDP.exe and insure you are using LDAPS and a DN that doesnt exist