The Active Directory Recycle Bin

Every so often, Microsoft releases a really cool feature, one of which I’ve recently come across called the Active Directory Recycle Bin.

If you’re like me, you’ve probably deleted an Active Directory object by mistake or perhaps, accidentally erased a user or group permission. And as many of you know, restoring individual items into Active Directory can be a real pain!

Released in Windows 2008 R2, the Active Directory Recycle Bin helps minimize directory service downtime by enhancing your ability to preserve and restore accidentally deleted Active Directory objects without restoring Active Directory data from backups.

When you enable Active Directory Recycle Bin, any deleted Active Directory objects are preserved and can be restored in their entirety to the same state that they were in before deletion. For example, restored user accounts automatically regain all group memberships and corresponding access rights that they had immediately prior to deletion.

Unfortunately for us IT admins, Microsoft doesn’t enable the Active Directory Recycle Bin by default.

So how can you enable it? Glad you asked, here is the answer:

First you must verify your forest functional level is at least Windows Server 2008 R2.

Then, Click Start >> click Administrative Tools >> right-click Active Directory Module for Windows PowerShell >> click Run as Administrator.

At the PowerShell command prompt, type the following command, then press ENTER:

Enable-ADOptionalFeature –Identity ‘CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=<mydomain>,DC=<com>’ –Scope ForestOrConfigurationSet –Target ‘myFQDN’

Where <mydomain> and <com> represent the appropriate forest root domain name of your Active Directory Domain Services.

Congratulations! If everything ran successfully, you now have officially enabled the Active Directory Recycle Bin.

I’m guessing you’re next question is: How do I restore objects from the Active Directory Recycle Bin?

After all, it doesn’t make much sense to keep deleted items in the Recycle Bin if you can’t restore them. However, restoring isn’t as easy as enabling the Recycle Bin. If you really need to restore an item, I’d highly recommend you take a look at Microsoft Technet’s article here.

Good Luck!


Posted by Joe the IT Guy

Joe the IT Guy

Native New Yorker. Loves everything IT-related (and hugs). Passionate blogger and Twitter addict. Oh...and resident IT Guy at SysAid Technologies (almost forgot the day job!).