Active Directory Recycle Bin

Active Directory Recycle Bin is a new feature in windows 2008 R2 it is not an option that you can turn on or of.

Yes it is a hidden feature and you can only turn it on. What do you need well only a windows 2008 R2 DC

By default, Active Directory Recycle Bin in Windows Server 2008 R2 is disabled. To enable it, you must first raise the forest functional level of your AD DS or AD LDS environment to Windows Server 2008 R2, which in turn requires all forest domain controllers or all servers that host instances of AD LDS configuration sets to be running Windows Server 2008 R2. After you set the forest functional level of your environment to Windows Server 2008 R2, you can use the instructions in this guide to enable Active Directory Recycle Bin.

The restore can only be done with powershell there is no supported tool from microsoft but there are nice gui tools.

How does It work.

You can enable it if your forest is on windows 2008 R2 <> check it in Active directory domains and trusts <> right click on domain<> raise domain functional level.

Active Directory Recycle Bin I started the Powershell and get this. Active Directory Recycle Bin

Oh ok I never used the powershell on this server so I have to import the modules

Active Directory Recycle Bin  Active Directory Recycle Bin

Now I am ready to go , mm what is this error

Active Directory Recycle Bin

security ! ok we can fix this so check our powershell policy : Get-ExecutionPolicy

Active Directory Recycle Bin Restricted easy thing change one letter G=S

Set-ExecutionPolicy RemoteSigned

Active Directory Recycle Bin   Now we have set the policy and get a list off commands

Get-help set-AD*

this shows a list of all set-ad starting commands.

Active Directory Recycle Bin

Active Directory Recycle Bin

We have already checked that the domain is in 2008R2 mode but you can set this with powershell.

set-ADForestMode -Identity mvp.local -ForestMode Windows2008R2Forest.

To enable the AD recycle Bin we use Powershell, you can do this by hand in the CN=Partitions but this is the best way.

Active Directory Recycle Bin No Ad recycle bin key.

We run the enable option. you can get help on this get-help Enable-ADOptionalFeature

Enable-ADOptionalFeature –Identity ‘CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration, DC=MVP,DC=local’ –Scope ForestOrConfigurationSet –Target ‘mvp.local’

Active Directory Recycle Bin

Active Directory Recycle Bin Now there is a key CN=Recycle Bin Feature

To verify that Active Directory Recycle Bin is enabled, navigate to the CN=Partitions container. In the details pane, locate the msDS-EnabledFeature attribute, and confirm that its value is set to CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration, DC=mydomain,DC=com, where mydomain and com represent the appropriate forest root domain name of your AD DS environment

Active Directory Recycle Bin

We do a list of deleted items check on deleted=True

Active Directory Recycle Bin I used a user that is called “Deleted”


Active Directory Recycle Bin   Active Directory Recycle Bin

Get-ADObject -Filter {displayName -eq "delete"} –IncludeDeletedObjects

Active Directory Recycle Bin   Active Directory Recycle Bin

Get-ADObject -Filter {displayName -eq "delete"} -IncludeDeletedObjects | Restore-ADObject

Active Directory Recycle Bin

So now you can delete and restore AD items but better would be if there where gui tools.

There are no Gui Tools from microsoft at this time. but there are some great community tools . I like the tool from Overall solutions, but there is also a powergui tool


AD Recycle bin AD Recycle bin



Have fun with it don’t tell your user or IT manager this that you can restore Items with a click or script in 10 min time. Else you get more work on recovering deleted items. Even the helpdesk can do this. IMHO this is a must have option just like AGPM Or my old post

Author: Robert Smit [MVP]

Robert Smit is Senior Technical Evangelist and is a current Microsoft MVP in Clustering as of 2009. Robert has over 20 years experience in IT with experience in the educational, health-care and finance industries. Robert’s past IT experience in the trenches of IT gives him the knowledge and insight that allows him to communicate effectively with IT professionals who are trying to address real concerns around business continuity, disaster recovery and regulatory compliance issues. Robert holds the following certifications: MCT - Microsoft Certified Trainer, MCTS - Windows Server Virtualization, MCSE, MCSA and MCPS. He is an active participant in the Microsoft newsgroup community and is currently focused on Hyper-V, Failover Clustering, SQL Server, Azure and all things related to Cloud Computing and Infrastructure Optimalization. Follow Robert on Twitter @ClusterMVP Or follow his blog Linkedin Profile Http:// Robert is also capable of transferring his knowledge to others which is a rare feature in the field of IT. He makes a point of not only solving issues but also of giving on the job training of his colleagues. A customer says " Robert has been a big influence on our technical staff and I have to come to know him as a brilliant specialist concerning Microsoft Products. He was Capable with his in-depth knowledge of Microsoft products to troubleshoot problems and develop our infrastructure to a higher level. I would certainly hire him again in the future. " Details of the Recommendation: "I have been coordinating with Robert implementing a very complex system. Although he was primarily a Microsoft infrastructure specialist; he was able to understand and debug .Net based complext Windows applications and websites. His input to improve performance of applications proved very helpful for the success of our project

One thought on “Active Directory Recycle Bin”

  1. Nice post. I learn something totally new and challenging on sites
    I stumbleupon on a daily basis. It will always be helpful
    to read through articles from other authors and
    practice something from their web sites.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: