Learn What IT Pros Need to Know About Windows 11 - August 24th at 1 PM ET! Learn What IT Pros Need to Know About Windows 11 - August 24th at 1 PM ET!
Active Directory

Setting Up the Active Directory Recycle Bin in Windows Server 2008 R2

Windows Server 2008 R2 has introduced an exciting new feature, the Active Directory Recycle Bin. When you use this feature, a deleted object is moved to a special container instead of simply being tombstoned. The tombstone period is still important, as objects reside in this special container only for the length of the tombstone period. Once the period expires, the object is permanently deleted. But until that happens, recovering a deleted object is relatively easy.

Before you can recover an item, you have to enable this feature. It is not turned on by default. Once you enable it, you can only recover items from the recycle bin that were deleted after the feature was enabled. If you enable the feature Tuesday morning, you can recover items from the recycle bin that were deleted Tuesday afternoon, but not Monday morning.

Setup Active Directory Recycle Bin with Windows PowerShell

The first challenge you will face is that Microsoft did not provide any sort of GUI interface for this feature. You will have to use Windows PowerShell and the Active Directory module. You don’t have to run these commands on a domain controller; I prefer and recommend using Windows 7 and Remote Server Administration Tools (RSAT), which have been configured to manage Active Directory with PowerShell.

The first step is to import the module.

Sponsored Content

Read the Best Personal and Business Tech without Ads

Staying updated on what is happening in the technology sector is important to your career and your personal life but ads can make reading news, distracting. With Thurrott Premium, you can enjoy the best coverage in tech without the annoying ads.

​PS C:\> Import-Module ActiveDirectory

The Recycle Bin is part of a concept Microsoft calls AD Optional Features. As you might expect, there is a cmdlet to use.

​PS C:\> Get-ADOptionalFeature -Filter *

DistinguishedName  : CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=GLOBOMANTICS,DC=local
EnabledScopes      : {}
FeatureGUID        : 766ddcd8-acd0-445e-f3b9-a7f9b6744f2a
FeatureScope       : {ForestOrConfigurationSet}
IsDisableable      : False
Name               : Recycle Bin Feature
ObjectClass        : msDS-OptionalFeature
ObjectGUID         : 433466d6-458b-48e0-bdd1-4e815d6b7a5a
RequiredDomainMode :
RequiredForestMode : Windows2008R2Forest

Actually, this is the only AD Optional Feature Microsoft has released. As you can see from the result, in order to use this feature, your Active Directory forest must be at the Windows 2008 R2 level.

To turn on optional features, we will use the Enable-ADOptionalFeature cmdlet. This cmdlet supports –Whatif so you can give yourself a sanity check, which is important, because you cannot undo or disable the AD Recycle Bin. There is a Disable-ADOptionalFeature cmdlet, but the Recycle Bin feature can’t be disabled.

To enable it, you need to specify a Scope, which for now is ForestOrConfigurationSet and a Target. This is the domain where you want to use this feature.

​PS C:\> Enable-ADOptionalFeature -Identity "Recycle Bin Feature" -Scope ForestOrConfigurationSet -Target "globomantics.local" -whatif

Figure 1 shows the result:

What If I Enable the Recycle Bin?

Figure 1 What If I Enable the Recycle Bin?If I’m ready, I can re-run the command without –Whatif. You’ll be prompted for confirmation, but that is it. No reboot is required. If you have multiple domains, you’ll need to run this command for each. Once run, you should see a property.

Conclusion

Once this change has replicated to all your domain controllers, you are ready to begin using it, assuming you delete some objects after this feature has been enabled. We’ll look at that next time, or if you are in a hurry or want to learn more about using PowerShell with AD, take a look at Managing Active Directory with Windows PowerShell: TFM 2nd Ed. (SAPIEN Press 2010).

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (1)

One response to “Setting Up the Active Directory Recycle Bin in Windows Server 2008 R2”

  1. Using the Active Directory Recycle Bin

    [...] a previous article, we looked at enabling the Active Directory Recycle Bin feature. Once enabled, you can easily recover deleted objects. However, you can only recover objects that [...]

Leave a Reply

Register for Advanced Microsoft 365 Day!

GET-IT: Advanced Microsoft 365 1-Day Virtual Conference - Live August 24th!

Join us on Tuesday, August 24th and hear from Microsoft MVPs and industry experts about how to take advantage of Microsoft 365 at a technical level and dive deep into the features and functionality that will make your environment more secure and compliant.

RSVP Now

Sponsored By