How to Enable Active Directory Recycle Bin

Published on by sysadminpoint

How to Enable Active Directory Recycle Bin

Active Directory Recycle Bin enables a feature for administrators to restore deleted objects.

Finding Domain Naming Master Server

We recommend enabling Recycle Bin feature on your DC with Domain Naming Master role. In order to get what domain controller holds this role, you need to use netdom.exe application with following parameters (run it in cmd):

netdom.exe query fsmo

Alternatively, this can be achieved in PowerShell console under elevated privileges:

Import-Module ActiveDirectory

Get-ADForest | Format-List DomainNamingMaster

How to Enable Recycle Bin in AD Administrative Center.

To do this, you need a domain admin user account. Start AD Administrative Center(start->run->dsac.exe).

Click on your domain name and in the “Tasks” pane click “Enable Recycle Bin…“.

Alternatively, right-click your domain in overview, and click “Enable Recycle Bin…”.

The confirmation window appears, which tells us that Recycle Bin can only be enabled once without a disabling option. Click OK.

After enabling the bin we need to refresh ADAC window click OK in appeared warning and refresh ADAC by clicking on refresh button in top right corner of the window:

You will see that new container named “Deleted Objects” appears near “Computers” container.

How to Enable Recycle Bin in PowerShell Console.

Recycle Bin can also be enabled with PowerShell console. You need to run PowerShell.exe under elevated permissions and type in the following code:

Import-Module ActiveDirectory

Enable-ADOptionalFeature -Identity “CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=office,DC=local” -Scope ForestOrConfigurationSet –Target “office.local

Replace office, local, office.local with your own domain parameters. System will ask for confirmation, type in “y” to continue and “Deleted Objects” container appears.

So now after an AD object is deleted it’s “isDeleted” attribute is set to “true”, however it’s “isRecycled” attribute is untouched. With these parameters deleted object moves to “Deleted Objects” from where you can easily restore it by right-clicking it and selecting restore.

In 60 days the recycle lifetime expires, and “isRecycled” parameter changes to “true“, in this case an object is deleted permanently.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.