Windows Server 2008 R2 AD Recycle Bin (Part 1)

by Marin Franković on 25 April, 2009

This is one of the features that all administrators and system engineers will appreciate in new Windows Server 2008 R2 domain. Recycle bin made its way from client desktop computers to SharePoint sites and finally to Active Directory directory service. In this article I will explain how to set up AD recycle bin and how to recover deleted objects.

First off all, lets go over requirements needed for this feature:

  • AD forest must be in WindowsServer 2008 R2 mode, which means that all DCs must be Windows Server 2008 R2
  • You will need AD PowerShell 2.0 (included in Windows Server 2008 R2)
  • Knowledge about ldp.exe utility
  • Keep in mind, once enabled, recycle bin can not be disabled

 


So, make sure that all your domain controllers are Windows Server 2008 R2. After you do that, log in as Enterprise admin and start AD Power Shell 2.0 (search for PowerShell in Start menu and right click on the one that has AD in its name and select Run as administrator).

 

Now, execute following command:

Set-ADForestMode -Identity r2test.local -ForestMode Windows2008R2Forest

Raise forest functional level


Replace r2test.local with your domain name. Read the warning and accept it if you are sure.

Next, we need to enable recycle bin functionality.

Execute following command:

Enable-ADOptionalFeature –Identity ‘CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration, DC=r2test,DC=local’ -Scope ForestOrConfigurationSet –Target’ r2test.local

Replace r2test.local with your domain name. Read the warning and accept it if you are sure.

Enable recycle bin feature

Now, we have raised forest functional level to Windows Server 2008 R2 and enabled recycle bin feature. raising forest functional level and enabling recycle bin could be done through ldp.exe tool. By default, Deleted objects container is not displayed. We will use ldp.exe tool to display this container.

  • Open ldp.exe from Start – Run
  • On the Options menu click Controls
  • Expand Load predefined, select Return deleted objects and click OK

To verify that container is now visible:

  • Under Connections click Connect and click OK
  • Under Connections, select Bind, select Bind with credentials and enter them, click OK
  • Select View – Tree
  • In drop down menu select top level domain

Now, you should see container named CN=Deleted Objects, DC=yoursecondleveldomain,DC=yourfirstleveldomain.

ldp.exe view on recycle bin

 


In next article, we will delete and then recover one user account form Windows Server 2008 R2 Active Directory.

 

 


{ 2 comments… read them below or add one }

Anonymous June 26, 2010 at 0:39

Thanks, couple of typos:

Enable-ADOptionalFeature -Identity �CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration, DC=r2test,DC=local’ -Scope ForestOrConfigurationSet -Target �r2test.local‘

Weird characters instead of ‘

Expand Load predefined, select Return deleted objects and slick OK

Should be click

Reply

Marin Franković June 26, 2010 at 8:41

Happens sometimes when I upgrade blog engine. Corrected. Thanks!

Reply

Leave a Reply

Previous post:

Next post: