Share via


Active Directory Recycle Bin

Active Directory Recycle bin this is the one of most important feature of the Windwos 2008 R2 Active Directory domain enviorement.
With previous domain controllers (Windows 2003, Windows 2008) it was very difficult to restore deleted items. We could use ldp.exe or we have to restart the server in directory service restore mode for restore backups. At last we can use some third party tools like Adrestore.net .
Get the benifit of the Active Directory recycle bin we should raise the forest functional level to the windows 2008 R2.

 Enable and restore Active Directory objects in Windows 2008 R2 domain.

Wehttp://darshanaj.files.wordpress.com/2011/11/1_thumb2.png?w=818&h=481

Enable-ADOptionalFeature ‘Recycle Bin Feature’ –Scope ForestORConfigurationSet –Target ‘mydomain.lk’
**
Note:-** Once you enable this feature it cannot be disabled and there can be 10 to 15% increase in the size of NTDS.DIT.

This PowerShell cmdlet will enable AD recycle bin for you

http://darshanaj.files.wordpress.com/2011/11/2_thumb3.png?w=838&h=402

http://darshanaj.files.wordpress.com/2011/11/3_thumb3.png?w=850&h=436

Now I AM deleting user account “BranchAdmin”. This user is also member of a Administrators group.

http://darshanaj.files.wordpress.com/2011/11/4_thumb4.png?w=864&h=409

Get-ADObject –IncludeDeletedObjects –Filter{name –like “Branch*”}

Using this Get-ADObject we can see what are the deleted accounts with account name like “branch*”

http://darshanaj.files.wordpress.com/2011/11/5_thumb4.png?w=875&h=428

Now we can see all the deleted users in Active Directory.

http://darshanaj.files.wordpress.com/2011/11/6_thumb5.png?w=887&h=452

Restore-ADObject –Identity 8923423423423424

Using Restore-ADObject we can restore deleted users, but we need to provide those users GUID to the Restore-ADObject as a Identity Parameter

http://darshanaj.files.wordpress.com/2011/11/7_thumb2.png?w=905&h=378BranchAdmin

Branch admin user has been restored with relevant group memberships.