Posts

ENABLE AND USE THE ACTIVE DIRECTORY RECYCLE BIN

Upgrading your Active Directory domains and forests to the Windows Server 2008 R2 functional level can streamline some administrative functions. The biggest benefit of the 2008 R2 forest functional level is the Active Directory Recycle Bin. If you’ve ever had to use Directory Services Restore Mode to resurrect AD tombstones and retrieve deleted objects, you’ll love this feature.

How do I enable it?

  • With a single line of Powershell (replace contoso.com and DC=contoso,DC=com with your domain name):
  • Enable-ADOptionalFeature –Identity ‘CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=contoso,DC=com’ –Scope ForestOrConfigurationSet –Target ‘contoso.com’

What are some benefits?

  • Object SIDs are maintained after the restore
  • Group membership is maintained after the restore
  • Objects can be restored from 60-180 days after their deletion (varies per domain)
  • Entire OUs and child objects can be restored with a single action
  • Complex structures such as DNS zones can be restored with all records intact

Read more