Home  |  Services  |  About Us  |  Contact  | 

 

Brad's TechTips - Windows

[<< Full list of Windows tips.]
 
 
Windows Server 2008 R2: Enable and Use the Active Directory Recycle Bin
 
The Active Directory Recycle Bin allows you to recover items that you may have accidentally (or intentionally) deleted from Active Directory and which you now need to restore.  This long-requested feature requires that you are running Windows Server 2008 R2 and that your forest is running in Windows Server 2008 R2 mode.  The Recycle Bin feature is not enabled by default.
 
To enable the Recycle Bin, logon to the server console and do one of the following, both of which have the same result:
 
   1. Launch "Active Directory Module for Windows PowerShell" from the
       Administrative Tools folder.
 
   2. Launch "normal" PowerShell and then enter the following command:
          import-module activedirectory
 
Once the PowerShell console is running in Active Directory context, enable the Recycle Bin feature with the following syntax, all on a single line and followed by the Enter key:
 
   Enable-ADOptionalFeature -Identity 'CN=Recycle Bin Feature,CN=Optional Features,
   CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,
   DC=<Your Domain>,DC=<Your Domain Suffix>' -Scope ForestOrConfigurationSet
   -Target '<Your DNS Forest Name>'

 
In the above syntax, you'll want to replace <Your Domain>, <Your Domain Suffix>
and <Your DNS Forest Name> with the appropriate values.  For example:
 
   Enable-ADOptionalFeature -Identity 'CN=Recycle Bin Feature,CN=Optional Features,
   CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,
   DC=AcmeWidgets,DC=com' -Scope ForestOrConfigurationSet -Target 'AcmeWidgets.com'
 
After you run the command, you'll be prompted to confirm the change, since it is irreversible.
 
Restore a Deleted Object
 
Test the Recycle Bin by creating a user account called Joe Shmo and then deleting it.  Having done that, you can see it and other deleted objects by running the following command, also in the Active Directory context of PowerShell:
 
   Get-ADObject -IncludeDeletedObjects
 
or see only the desired, deleted user account by running this command:

   Get-ADObject -Filter {displayName -eq "Joe Shmo"} -IncludeDeletedObjects
 
Restore the deleted user account by running the following:
 
   Get-ADObject -Filter {displayName -eq "Joe Shmo"} -IncludeDeletedObjects | Restore-ADObject

Refresh the view of the management console and verify that the object has been restored.