Active Directory Recycle Bin helps minimize directory service downtime by enhancing your ability to preserve and restore accidentally deleted Active Directory objects without restoring Active Directory data from backups, restarting Active Directory Domain Services (AD DS), or rebooting domain controllers.
When you enable Active Directory Recycle Bin, all link-valued and non-link-valued attributes of the deleted Active Directory objects are preserved and the objects are restored in their entirety to the same consistent logical state that they were in immediately before deletion. For example, restored user accounts automatically regain all group memberships and corresponding access rights that they had immediately before deletion, within and across domains.
Many people have been looking for a simplified GUI to restore deleted objects which is now available in windows Server 8 Beta.
In this post we will walkthrough configuring Active Directory recycle bin, deleting and recovering a test user.
Environment details:
-
Domain controller: DC01
-
AD Domain name: xyz.local
-
AD Forest and Domain Functional level: Windows Server 8 Beta
-
Test user: test01
To enable Active Directory Recycle Bin using the Enable-ADOptionalFeature cmdlet
Important note:
To enable Active Directory Recycle bin the AD forest functional level has to be Windows Server 2008 R2 or later.
- Open Server Manager, click Tools, click Windows PowerShell
Note: in this post we are using Windows PowerShell ISE
![clip_image002[4]](https://i0.wp.com/msdnshared.blob.core.windows.net/media/TNBlogsFS/prod.evol.blogs.technet.com/CommunityServer.Blogs.Components.WeblogFiles/00/00/00/79/57/metablogapi/6355.clip_image0024_448F6B79.png?ssl=1 "clip_image002[4]")
2. Type the following cmdlet
PS C:> Enable-ADOptionalFeature –Identity ‘CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=xyz,DC=local’ –Scope ForestOrConfigurationSet –Target ‘xyz.local’
3. Once enabled Active Recycle bin create test01 user and delete it.
To Recover a Deleted objet
1. Open Server Manager, go to AD DS right click domain controller , open Active Directory Administrative Center
![clip_image004[4]](https://i0.wp.com/msdnshared.blob.core.windows.net/media/TNBlogsFS/prod.evol.blogs.technet.com/CommunityServer.Blogs.Components.WeblogFiles/00/00/00/79/57/metablogapi/1538.clip_image0044_661B6E7D.png?ssl=1 "clip_image004[4]")
2. Click on the domain name and then select Deleted Objects
![clip_image006[4]](https://i0.wp.com/msdnshared.blob.core.windows.net/media/TNBlogsFS/prod.evol.blogs.technet.com/CommunityServer.Blogs.Components.WeblogFiles/00/00/00/79/57/metablogapi/3833.clip_image0064_040956A5.png?ssl=1 "clip_image006[4]")
Deleted user “test01” will appear under deleted objects container, Right click on this deleted user two restore options will appear:
-
Restore: This option will restore the object directly to its original location.
-
Restore to: This option will ask for a location to restore the deleted object to.
![clip_image008[4]](https://i0.wp.com/msdnshared.blob.core.windows.net/media/TNBlogsFS/prod.evol.blogs.technet.com/CommunityServer.Blogs.Components.WeblogFiles/00/00/00/79/57/metablogapi/7041.clip_image0084_55337835.png?ssl=1 "clip_image008[4]")
![clip_image010[4]](https://i0.wp.com/msdnshared.blob.core.windows.net/media/TNBlogsFS/prod.evol.blogs.technet.com/CommunityServer.Blogs.Components.WeblogFiles/00/00/00/79/57/metablogapi/4477.clip_image0104_3B4F1C39.png?ssl=1 "clip_image010[4]")
You must log in to post a comment.