Home > Articles > Operating Systems, Server

  • Print
  • + Share This
From the author of Using the Active Directory Recycle Bin

Using the Active Directory Recycle Bin

Accidental deletions are quite common. I've seen firsthand an accidental deletion of an organizational unit (OU), which deletes all the objects stored in the OU. With a few clicks, you can accidentally delete hundreds or even thousands of objects. That could turn into a very bad day, but the Active Directory Recycle Bin can come to the rescue!

The following sections provide details on how to enable the Active Directory Recycle Bin, how to view objects that are in the Deleted state, and how to restore deleted objects.

Enabling the Active Directory Recycle Bin

The Active Directory Recycle Bin is an optional feature that must be enabled before it can be used. You enable it using the Active Directory Module for Windows PowerShell. As previously mentioned, a forest functional level of Windows Server 2008 R2 is required.

The following steps detail the process to enable the Active Directory Recycle Bin:

  1. Log onto a writable domain controller.
  2. Click Start > All Programs > Administrative Tools > Active Directory Module for Windows PowerShell.
  3. In the Active Directory Module for Windows PowerShell window, type the following command (see Figure 2), replacing domain.local in the command with the DNS name of your forest root domain:
  4. Enable-ADOptionalFeature 'Recycle Bin Feature' -scope ForestOrConfigurationSet -Target 'domain.local'
  5. Press Enter.
  6. Figure 2 Enabling the Active Directory Recycle Bin feature.

  7. As Figure 2 shows, you're prompted with a confirmation message, which warns you that the change is irreversible. If you're sure that you want to continue, type Y and press Enter.

The Active Directory Module for Windows PowerShell doesn't report a successful change, and no events are logged in the Event Log to tell you that the Active Directory Recycle Bin feature was enabled. But you can use the Get-ADOptionalFeature cmdlet to verify that the Active Directory Recycle feature was enabled.

To verify the status of the Active Directory Recycle Bin feature, follow these steps:

  1. Log onto a domain controller.
  2. Click Start > All Programs > Administrative Tools > Active Directory Module for Windows PowerShell.
  3. In the Active Directory Module for Windows PowerShell window, type the following command:
  4. Get-ADOptionalFeature 'Recycle Bin Feature'
  5. Press Enter. As Figure 3 shows, the window displays the status of the Active Directory Recycle Bin feature. The important information is the EnabledScopes section, which lists the partition(s) for which the Active Directory Recycle Bin has been enabled.

Figure 3 Verifying the status of the Active Directory Recycle Bin.

  • + Share This
  • 🔖 Save To Your Account