Home > Articles > Operating Systems, Server

  • Print
  • + Share This
From the author of How the Active Directory Recycle Bin Works

How the Active Directory Recycle Bin Works

By enabling the Active Directory Recycle Bin, you're effectively changing the lifecycle of AD DS objects. To better understand how the Active Directory Recycle Bin works, let's take a look at the lifecycle of AD DS objects after the Active Directory Recycle Bin is enabled (see Figure 1).

Figure 1 AD DS object lifecycle with Active Directory Recycle Bin enabled.

As Figure 1 shows, there are four states in the AD DS object lifecycle after the Active Directory Recycle Bin is enabled:

  • Live
  • Deleted
  • Recycled
  • Physically Deleted

Let's briefly examine these states.

Live State

When an AD DS object is in the directory, it's in the Live state.

Deleted State

When an AD DS object is deleted from the directory, the object is put into the Deleted state. In the Deleted state, the object is logically deleted from the directory. A logical deletion consists of the following:

  • The object's link-valued and non–link-valued attributes are preserved.
  • The object's distinguished name is mangled.
  • The object is moved to the Deleted Objects container.

An AD DS object remains in this Deleted state for the duration of the deleted object lifetime. (This number is configurable; the default is 180 days in Windows Server 2008 R2.) While an object is in the Deleted state, it can be put back into the Live state by using the Active Directory Recycle Bin and by performing an authoritative restore.

Recycled State

When the deleted object lifetime expires, the AD DS object is moved from the Deleted state to the Recycled state. A move from the Deleted state to the Recycled state is performed automatically by the system, and consists of stripping out most of the object's attributes.

An AD DS object remains in this Recycled state for the duration of the recycled object lifetime. (This number is also configurable; the default is 180 days.) While an object is in the Recycled state, the object cannot be recovered by using the Active Directory Recycle Bin or by reanimating the object.

Physically Deleted State

When the recycled object lifetime expires, the garbage-collection process physically deletes the recycled AD DS object from the database.

  • + Share This
  • 🔖 Save To Your Account