Active Directory Recycle Bin enables a feature for administrators to restore deleted objects.
How to enable Active Directory Recycle Bin:
- Find Domain Naming Master Server
- Enable Recycle Bin in AD Administrative Center
- Enable Recycle Bin in PowerShell concole
Finding Domain Naming Master Server
We recommend enabling Recycle Bin feature on your DC with Domain Naming Master role. In order to get what domain controller holds this role, you need to use netdom.exe application with following parameters (run it in cmd):
Alternatively, this can be achieved in PowerShell console under elevated privileges:
Get-ADForest | Format-List DomainNamingMaster
How to Enable Recycle Bin in AD Administrative Center
To do this, you need a domain admin user account. Start AD Administrative Center(start->run->dsac.exe).
Click on your domain name and in the "Tasks" pane click "Enable Recycle Bin...".
Alternatively, right-click your domain in overview, and click “Enable Recycle Bin...”.
The confirmation window appears, which tells us that Recycle Bin can only be enabled once without a disabling option. Click OK.
After enabling the bin we need to refresh ADAC window click OK in appeared warning and refresh ADAC by clicking on refresh button in top right corner of the window:
You will see that new container named “Deleted Objects” appears near “Computers” container.
How to Enable Recycle Bin in PowerShell Console
Recycle Bin can also be enabled with PowerShell console. You need to run PowerShell.exe under elevated permissions and type in the following code:
Enable-ADOptionalFeature -Identity "CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=office,DC=local" -Scope ForestOrConfigurationSet –Target "office.local"
Replace office, local, office.local with your own domain parameters. System will ask for confirmation, type in “y” to continue and “Deleted Objects” container appears.
So now after an AD object is deleted it's “isDeleted” attribute is set to “true”, however it's “isRecycled” attribute is untouched. With these parameters deleted object moves to “Deleted Objects” from where you can easily restore it by right-clicking it and selecting restore.
In 60 days the recycle lifetime expires, and “isRecycled” parameter changes to "true", in this case an object is deleted permanently.