Accidental deletions in active directory can cause havoc and unfortunately in the past I was in the middle of one such catastrophic event. It resulted in 4000 odd servers and client machines part of an OU to be deleted and the cause was found to be some housekeeping software. Such accidental deletions can be most destructive in critical industries like banking, financial and public sector organizations. This may have been avoided and secondly could have been fixed in less than 10 % of the actual time spent if the environment was using one of the latest features that we included in Windows 2008 R2 ( Active Directory Recycle Bin ). Most critical situations arise due to accidental human /tool interference or configuration and it is important to be able to come out of such situations within minimal down time, Accidental Deletion in Active Directory is one such situation. Below are preventions and recovery methods caused due to accidental deletions in Active Directory.  Some of the preventive measures are listed below and also links to recovery from such catastrophe with minimal downtime.

 

Prevention 

Preventing Unwanted/Accidental deletions and Restore deleted objects in Active Directory

http://blogs.technet.com/b/abizerh/archive/2009/06/09/preventing-unwanted-accidental-deletions-and-restore-deleted-objects-in-active-directory.aspx

Windows Server 2008 Protection from Accidental Deletion

http://blogs.technet.com/b/industry_insiders/archive/2007/10/31/windows-server-2008-protection-from-accidental-deletion.aspx

 

Recovery with minimal downtime 

The AD Recycle Bin: Understanding, Implementing, Best Practices, and Troubleshooting

http://blogs.technet.com/b/askds/archive/2009/08/27/the-ad-recycle-bin-understanding-implementing-best-practices-and-troubleshooting.aspx 

Windows Server 2008 R2 Quick Look  - Active Directory Recycle Bin ~ video

http://technet.microsoft.com/en-us/windowsserver/ee895053 

AD Recycle Bin – Step By Step Guide

http://technet.microsoft.com/en-us/library/dd392261(v=ws.10)

  This is definitely a feature that can save you from nightmares. 

P.S: IT Environments who are already on Windows 2008 R2 Forest Functional Level require the most minimal configuration changes to enable AD Recycle Bin. Once done you can use the Active Directory recycle bin UI in windows 8 /2012 by installing the RSAT tools on a domain joined windows 8 or windows 2012 server.

 

 

Its about time you had this feature enabled !