Active Directory Recycle Bin


Yesterday I posted a link to my Active Directory Recycle Bin demo over on Edge.  Today I thought I would follow that up that post with a few things about the recycle bin feature in R2.

The great thing about the AD Recycle Bin is that if you make the mistake of deleting say an entire OU (you know the one that contains the accounts of every high up executive), you will be able to restore those objects in their entirety to the same state they were in immediately before they were deleted.  Previously we had to rely on re-animation of objects in AD that didn’t restore all attributes and group memberships or purchase third party solutions in order to recover from accidental deletions.

A few things to be aware of:

  • In order to use the AD Recycle Bin all of the domain controllers in your forest need to be running Windows Server 2008 R2 and your forest needs to be in the R2 forest functional mode.
  • You need to enable the Recycle Bin feature since by default it’s disabled.  Once it’s enabled, you cannot disable it so be aware before enabling the feature.
  • The default deleted item object lifetime is 180 days.  You can increase or decrease that value using Powershell.  You can also extend the ability to restore objects longer (via authoritative restore) by extending the tombstone lifetime.

For more information and details on how to execute a restore, take a look at the AD Recycle Bin step by step guide  on TechNet.

Comments (2)

  1. Anonymous says:

    That was a very cool demo, I forwarded it around to my team when I saw it on Edge.  

    Our problem is that President Obama may be done with two terms before our forest is at W2K8 R2 FFL.