Active Directory Recycle Bin helps minimize directory service downtime by enhancing your ability to preserve and restore accidentally deleted Active Directory objects without restoring Active Directory data from backups, restarting Active Directory Domain Services (AD DS), or rebooting domain controllers.
When you enable Active Directory Recycle Bin, all link-valued and non-link-valued attributes of the deleted Active Directory objects are preserved and the objects are restored in their entirety to the same consistent logical state that they were in immediately before deletion. For example, restored user accounts automatically regain all group memberships and corresponding access rights that they had immediately before deletion, within and across domains.
Many people have been looking for a simplified GUI to restore deleted objects which is now available in windows Server 8 Beta.
In this post we will walkthrough configuring Active Directory recycle bin, deleting and recovering a test user.
To enable Active Directory Recycle Bin using the Enable-ADOptionalFeature cmdlet
To enable Active Directory Recycle bin the AD forest functional level has to be Windows Server 2008 R2 or later.
Note: in this post we are using Windows PowerShell ISE
2. Type the following cmdlet
PS C:\> Enable-ADOptionalFeature –Identity ‘CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=xyz,DC=local’ –Scope ForestOrConfigurationSet –Target ‘xyz.local’
3. Once enabled Active Recycle bin create test01 user and delete it.
To Recover a Deleted objet
1. Open Server Manager, go to AD DS right click domain controller , open Active Directory Administrative Center
2. Click on the domain name and then select Deleted Objects
Deleted user “test01” will appear under deleted objects container, Right click on this deleted user two restore options will appear:
When I try to enable it, I get "A referral as returned by the server". This is a simple from-scratch setup (no upgrade of an existing forest). I have 2 DCs in the same site/subnet and I see no DNS problems. I've tried it from both DCs. The domain and forest are at Windows 2012 Functional Level.