How to Enable Active Directory Recycle Bin feature on Windows Server

To enable the user to recover deleted Directory objects apart from restoring them from backup, the Active Directory Recycle Bin is also used to restart AD Domain Service or reboot DCs.

It is not easy to restore AD as an admin who accidentally deleted the entire OU, or a user has a hard way to learn tricks any proper way.

This is why a user should enable the AD to the recycle bin during the installation or take over the procedure of the AD environment.

Requirements to Enable AD Recycle Bin

The functional level, on the very first hand, must be set to Windows Server 2008 R2. A user can use one of the two methods to raise the functional level. Using the adprep.exe utility, the active directory schema can be updated so that the pre-R2 domain controllers are not demanded before raising the functional levels.

As soon as the forest functional level of the environment is formed to Windows Server 2008 R2, by using the below-provided methods, the Active Directory Recycle Bin feature can be enabled.

1. Using Enable-ADOptionalFeature Cmdlet

2. Using Ldp.exe

Enable Recycle Bin Using Enable-ADOptionalFeature Cmdlet

Here are the steps user can use to enable the recycle bin:

• Click on the start menu and go to the Administrative tools option. Then right-click the Active Directory Module for Windows Powershell and click on "Run as administrator".

• Type the following command at the Active Directory module for Windows Powershell Command prompt and then press Enter:

  Enable-ADOptionalFeature –Identity ‘CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=www,DC=domain,DC=com’ –Scope ForestOrConfigurationSet –Target ‘www.domain.com’

Enable Recycle Bin Using Ldp.exe

To enable Recycle bin using Ldp.exe., below is the step to follow:

• Click on the start menu and click on the Run command to open Ldp.exe. and type ldp.exe.

• Click on "connect" to get connected and bind to the server that hosts the forest root domain of your Active Directory DS environment and click on the button saying "Bind".

• Click on the View button and the "tree" in BaseDN and select the Configuration Directory partition.

• Click "OK".

• Double-click the distinguished name of the configuration directory partition in the console tree and navigate to the CN partition container.

• Right-click the CN=Partitions container's distinguished name and click on "Modify".

• Make sure that the DN box is empty and Edit Entry Attribute and TYype enableOptional Feature.

• Type the following command in the modify dialogue box:

  CN=Partitions,CN=Configuration,DC=mydomain,DC=com:766ddcd8-acd0-445e-f3b9-a7f9b6744f2a.

• Use the Alternate forest root domain name of your AD DS environment with "Mydomain" and "com".

Enable the AD Recycle Bin on Windows Server 2016

To Enable the AD Recycle Bin on Windows Server, you need to follow the steps below. But once the AD Recycle Bin is enabled, you can not turn it off.

The steps are:

Step 1 - Open Server Manager

Open the Server Manager in your windows.

Step 2 - Open the Active Directory Administrative Center

Go to "tool" from the server manager and select Active Directory Administrative Center.

Step 3 - Enable Recycle Bin

Click on your local domain in the Active Directory Administrative Center and click on "Enable Recycle Bin"

To confirm, click "OK" and again Click "OK" to the next pop-up.

Your AD recycles bin the now enabled.

Enabling the Recycle Bin with ADAC

Active Directory Recycle bin is not enabled in a system by default. It requires the human to run Windows server 2008 R2 or afterward DCs in the forest. It is not difficult to enable Recycle bin but it is tricky and needs supervision.

You need to Open the Active Directory Administrative Center and select your domain.

Click on "Enable Recycle Bin" from the task menu. From the drop-down menu, you can also right-click your domain name and select "Enable Recycle Bin".

After the first step, you must move on to the next step. You will be prompted with a pop-up window asking you to confirm. Once you enabled the recycle bin, it can not be undone.

It may take some time before it is prepared to use to enable, depending on the size of the active directory infrastructure.

When the Active Directory Recycle Bin is enabled, all of the deleted objects before enabling the Active Directory Recycle Bin will become recycled objects and will not be visible in the "deleted Objects" container.

You cannot recover those files with Active Directory Recycle Bin. But you can use another way to restore them as restoring from a backup of AD DS performed before enabling Active Directory Recycle Bin.

States of Active Directory Object

When a user deletes an object, it passes through two states.

1. Deleted State

Before the deletion process, the partition's deleted objects container the object maintains all of its links, attributes, and group memberships. the object will stay in this state for a certain period called a deleted object lifetime. If the period is expired, the object will be automatically moved to the recycled state. The object can be restored with all its authentic attributes, group memberships, and links.

2. Recycled State

Attributes essential to replicate the new state object to the other DCs in the forest remain when a deleted object class is transferred to the recycled state.

Enable the Recycle Bin in the Active Directory Administrative Center

To enable the Recycle bin in the AD Administrative Center, you need a domain admin user account. Initiate AD Administrative Center by

start->run->dsac.exe

Select your domain name and then in the "task" pane, click on "Enable recycle bin"

As an alternate, in the overview, right-click your domain and then click on the option "Enable Recycle Bin".

A new window will be opened with a confirmation message which tells us that recycle bin feature can only be enabled once. Click "OK" if you agree.

Refresh the ADAC window by clicking on the top right corner refresh button of the window and clicking "OK" in appeared warning window.

You will see a new container will have appeared on the window named" Deleted Objects" under the container with the "computers".

How to Enable Recycle Bin in PowerShell Console?

By using the PowerShell console, Recycle bin can be enabled. All you have to do is to run the following command under the elevated permission and type the code.

PowerShell.exe Import-Module ActiveDirectory Enable-ADOptionalFeature -Identity "CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=office,DC=local" -Scope ForestOrConfigurationSet –Target "office.local"

Replace "Office", "Local", and "office.local" with your parameters of domain. The system will ask you to confirm. Type "Y" if you want to confirm the operation, and the "deleted objects" container named file will have appeared.

When the AD object is deleted, its "isDeleted" attribute will be set to "true", as well as "isRecycled" attribute is not intact. The object will move to "deleted Objects" when these parameters are deleted, from where you can efficiently the recycled object state restore it by right-clicking it and preferring to restore.

In 60 days, the recycling lifetime will be expired, and the "isRecycled" parameter turns to "true". In this scenario, the recycled object will be permanently deleted.

How to check if the Active Directory Recycle Bin is enabled?

To verify if the recycle bin feature is enabled or not, you need to type the following command and press enter.

Get-ADOptionalFeature -filter *

You need to detect that the scope is enabled. If the scope is not enabled, it will be empty.

How to Recover Objects with the Active Directory Recycle Bin?

If you want to recover an object from the recycle bin, you need to open the Active Directory Administrative Center and then click on the "deleted objects" folder. Here you can explore the list of deleted objects to find the deleted object state you wish to restore.

What are the Advantages and Disadvantages of Using the Active Directory Recycle Bin?

Advantages

The advantages of an AD recycle bin include several benefits. It lowers the downtime of directory service by permitting you to restore deleted Active Directory objects without activating to restore Active Directory data from restarting DSRM, backups, or rebooting domain controllers.

Disadvantages

The disadvantage to standard Active Directory restore is that it needs to be performed in DSRM or Directory Service Restore Mode. Additionally, any changes regarding the objects during the restore and backup cannot be recovered.