Active Directory Recycle Bin
This time, we will focus on Active Directory Recycle Bin feature in domain environment using Windows Server 2012. This feature was introduced for the first time by Microsoft in Windows Server 2008R2 when your Forest Functional Level was set up to Windows Server 2008R2.
To be able to enable this feature in Windows Server 2008, you needed to run PowerShell command as Enterprise Administrator. When you wanted to restore deleted object, you needed also use PowerShell and this was real nightmare for beginner.
Whole required procedure you will find in Microsoft article titled “Active Directory Recycle Bin Step-by-Step Guide”
When Windows Server 2012 was released, this feature is much more easy to set up and manage. New Active Directory Administrative Center allows to manage that over GUI. To enable Active Directory Recycle Bin over GUI, you need just few clicks to accomplish that.
Let’s see how to do that in Windows Server 2012.
First of all, we need to ensure if our Forest Functional Level is at least at Windows Server 2008R2 mode. To check that, please follow my other article which address that requirement:
and if you need to raise Domain and/or Forest Functional Level:
when above requirements are met, we need to run Active Directory Administrative Center on Windows Server 2012 or run it from RSAT for Windows 8
In ADAC, select domain name on the left side to see available tasks for this forest/domain
Now, you can see in ADAC on the right side, that you can enable AD Recycle Bin. If this option is grayed that means:
- Forest Functional Level is lower than Windows Server 2008R2
- Active Directory Recycle Bin is already enabled
If everything is OK then this option can be used. Click on it to enable the feature in your forest.
Note! Remember that ADAC console must be running on Enterprise Administrator credentials
Confirm that you wish to enable this feature
Important!Once, you enabled AD Recycle Bin you cannot disable it!
So, due to information after AD Recycle Bin has been enabled, you need to wait for replication between all Domain Controllers in entire forest to start it working.
After refresh of Active Directory Administrative Center, you should see new container named “Deleted Objects”
From now on, all deleted objects would go to that container. You are able to restore any of those objects until their tombstone lifetime would not pass.
During deleted object restoration, you may choose one of following actions:
- Restore To
- Locate parent
Restore allows you deleted object restoration into the original location where this object was before it has been deleted
Restore To allows you to choose new location where you want to restore deleted object
Locate parent redirects you to the location where object resided before deletion
Properties show information about deleted object
Mostly, you may wish to restore object into original location, so for that select deleted object, click right mouse button on it and choose “Restore”
and you can simply verify if object was restored by going into its original location. Hey, it works! What a great feature! 🙂
Author: Krzysztof Pytko