How to enable AD recycle bin in Windows Server 2012

How to enable AD recycle bin in Windows Server 2012

Microsoft Windows Server 2008 R2 onwards allowed administrators to recover the Active Directory objects that are deleted accidentally.

Microsoft has now simplified the recovery process by incorporating Deleted Objects node in the Active Directory Administrative Center (ADAC). Graphical user interface has now been provided by the Microsoft to manage and recover the deleted objects.

Following requirements must be satisfied to use this feature:-

  • Forest functional level should be Windows Server 2008 R2
  • Recycle Bin optional-feature must be switched on
  • Objects should be recovered within Deleted Object Lifetime (DOL) – Default to 180 days.

By default, Active Directory Recycle Bin is disabled. To enable this feature, you must raise the forest functional to Windows Server 2008 R2 or higher. Once this feature has been enabled, it can’t be reverted.

Steps to use Recycle Bin User Interface in Windows Server 2012

  •  Raise the forest functional level
  •  Enable Recycle Bin
  •  Create test user, group or any OU
  •  Restore deleted objects

How to Raise the Forest Functional level:

  1. Open Active Directory Users and Computer by running dsa.msc command from powershell.
  2. Right click and select the Raise Domain functional level.
  3. Select Windows 2008 R2

A message will appear confirming functional level can’t be reversed. Click Ok to close the window.

How to Raise the functional level through Windows PowerShell:

Set-ADForestMode –Identity Arabitpro.local -ForestMode Windows2008R2Forest –Confirm:$false

How to Enable Recycle Bin feature

  1. Open Active Directory Administrative Center by running dsac.exe command from the PowerShell.
  2. Select the appropriate domain and click on the Enable Recycle Bin in the Tasks pane.
  3. A message will appear saying that Recycle Bin can’t be disabled. Click Ok. Click F5 to refresh ADAC.

Note: It may take time to replicate these changes across the domain controllers in the forest.

How to enable Recycle Bin through PowerShell:

Enable-ADOptionalFeature –Identity ‘CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=ArabITPro,DC=local’ –Scope ForestOrConfigurationSet –Target ‘ ArabITPro.local’

Testing AD recycle bin by deleting and restoring deleted objects.

  • Open Active Directory Users and Computers or ADAC to create a new user, group or OU.
  • Delete the objects to restore.

Once objects are deleted, now is the time to restore it.

  • Open Active Directory Administrative Center, expand the domain and click on the Deleted Objects.
  • In the result pane, you will see objects deleted in the above steps. Select the objects which you want to restore, and click on Restore or Restore To option for restoring deleted objects to a different location.

PowerShell commands to restore the deleted objects to their original location

Get-ADObject –Filter ‘Name –Like “*Tom*”‘ –IncludeDeletedObjects | Restore-ADObject

PowerShell commands to restore the deleted objects to a different location

Get-ADObject –Filter ‘Name –Like “*Tom*”‘ –IncludeDeletedObjects | Restore-ADObject –TargetPath “OU=OU1,DC=ArabITPro,DC=local”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s