Enable Recycle Bin Feature In Active Directory

The Active Directory Recycle Bin feature is disabled by default in Windows Server 2012 R2. To enable the Active Directory Recycle Bin feature the forest functional level should be Windows Server 2008 R2 or higher. Enable the Active Directory Bin Feature on Windows Server 2012 R2 by log in with a user account that have “Enterprise Admins” or “Schema Admins” group permissions.

From the Server Manager, click on Tools and click Active Directory Administrative Center. Right click the target domain in the left navigation pane and click Raise the forest functional level.

FEB-126

 

In my Domain Active Directory Forest Functional level is already Windows Server 2012 R2. To enable the Active Directory Recycle Bin feature the forest functional level should be Windows Server 2008 R2 or higher

FEB-1333

To check the current Forest functional level of your organization using powershell command:

Get-ADForest -Identity sysghosta.local

FEB-131

To raise the forest functional level using powershell command, then launch Active Directory Module for Windows Powershell and execute:

Set-ADForestMode 6 -Identity SYSGHOSTA.LOCAL

Where:

6 – Raise the forest functional level to Windows Server 2012 R2

5 – Raise the forest functional level to Windows Server 2012

4 – Raise the forest functional level to Windows Server 2008 R2

FEB-132

Now open Active Directory Administration console and Right click on the target domain and click Enable Recycle Bin.

FEB-133

 

 

Click OK

FEB-137

 

Refresh Console now

 

FEB-138

 

To enable the Active Directory Recycle Bin feature using Powershell command:

Enable-ADOptionalFeature -Identity "CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=sysghosta,DC=local" -Scope ForestOrConfigurationSet -Target "sysghosta.local"

And command to verify the result:

Get-ADOptionalFeature -filter *

FEB-136

Now go to Administrative console and you will see container called Deleted Object.

FEB-139

Now to test if its working or not, i will delete a test user account and restore it using recycle bin:

FEB-140

 

The user Temp is deleted and you can see this user in Recycle Bin of AD with following command:

Get-ADObject -SearchBase "CN=Deleted Objects,DC=sysghosta,DC=local" -ldapFilter:"(msDs-lastKnownRDN=*)" -IncludeDeletedObjects -Properties lastKnownParent

 

FEB-141

 

Now we will restore this account as:

FEB-142

FEB-143

after this you will be able to see this user again on same location:

FEB-144

To restore the deleted object back to the original location using powershell command:

Get-ADObject -ldapFilter:"(msDS-LastKnownRDN=*)" -IncludeDeletedObjects | Restore-ADObject

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s