How to configure either AD Recyle Bin or Deleted object to show a history of deleted objects?

Question

NOS - Wind 2012 R2

Tomestone attribute 180 days

Login - local Admin account

Couple of days ago, my client deleted a user account and when I ran ldp under " Administrator account", I didn't see any children under Deleted object. So I enabled AD Recycle Bin, and I created a dummy account for testing purpose. Once this test account was deleted, I was able to detect it in both ldp & AD recycle bin.

However the following day, there was no trace for this deleted object in either utilities. So am I missing a config setting to expand the scope from one day to 180 days?

I know I can recover AD objects from either VSS or system state backup, but I rather figure out what is causing the hiccup on my ldp & AD recycle bin.

Appreciate your support.

Answer 1

Hi,
When you enable Active Directory Recycle Bin, all of the objects that were deleted before Active Directory Recycle Bin was enabled become recycled objects and are no longer visible in the Deleted Objects container.

Then you can user the powershell command to Verify AD Recycle Bin is enabled
Use this Powershell command: Get-ADOptionalFeature -filter *
Notice the enabled scope, if it was not enable the scope would be empty.

When an AD DS object is deleted from the directory, the object is put into the Deleted state. Deleted State determined by the deleted object lifetime.
You can change the value under:

When the deleted object lifetime expires, the AD DS object is moved from the Deleted state to the Recycled state. Recycled State determined recycled object lifetime (tombstone).
You can change that under: