Active Directory 2008: Active Directory Recycle Bin Facts…

In Windows Server 2008 R2, the Active Directory Recycle Bin allows you to recover deleted Active Directory objects without restoring them from backup. Be aware of the following:

  • The Active Directory Recycle Bin is supported only on domain controllers running Windows Server 2008 R2 or higher. It is available with AD DS and AD LDS.
  • By default, the Recycle Bin is disabled.
  • To enable the Recycle Bin, you must raise the forest functional level to Windows Server 2008 R2. Once you enable the Recycle Bin, you can no longer roll back the forest functional level.
  • Once you enable the Recycle Bin, you cannot disable it.

To enable the Recycle Bin in an existing forest:

  1. Run adprep /forestprep on the schema master.
  2. In each domain, run adprep /domainprep /gpprep on the infrastructure master.
  3. If you have a read-only domain controller, run adprep /rodcprep.
  4. Raise the forest functional level to Windows Server 2008 R2. Use one of the following methods:
    • Run the Set-ADForestMode PowerShell cmdlet.
    • Run Ldp.exe and connect to the forest root domain. Edit the CN=Partitions container for the configuration directory partition and set the msDS–Behavior–Version attribute to 4.
  5. Enable the Active Directory Recycle Bin using one of the following methods:
    • (Preferred) Run the Enable–ADOptionalFeature PowerShell cmdlet. For example, to enable the Recycle Bin for the westsim.com domain, run:
      Enable–ADOptionalFeature –Identity ‘CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=westsim,DC=com’ –Scope ForestOrConfigurationSet –Target ‘westsim.com’
    • Run Ldp.exe and connect to the forest root domain. Edit the CN=Partitions container for the configuration directory partition and set the enableOptionalFeature attribute to CN=Partitions,CN=Configuration,DC=westsim,DC=com:766ddcd8–acd0–445e–f3b9–a7f9b6744f2a.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s