The great thing about the AD Recycle Bin is that if you make the mistake of deleting say an entire OU (you know the one that contains the accounts of every high up executive), you will be able to restore those objects in their entirety to the same state they were in immediately before they were deleted. Previously we had to rely on re-animation of objects in AD that didn’t restore all attributes and group memberships or purchase third party solutions in order to recover from accidental deletions.
A few things to be aware of:
- In order to use the AD Recycle Bin all of the domain controllers in your forest need to be running Windows Server 2008 R2 and your forest needs to be in the R2 forest functional mode.
- You need to enable the Recycle Bin feature since by default it’s disabled. Once it’s enabled, you cannot disable it so be aware before enabling the feature.
- The default deleted item object lifetime is 180 days. You can increase or decrease that value using Powershell. You can also extend the ability to restore objects longer (via authoritative restore) by extending the tombstone lifetime.
For more information and details on how to execute a restore, take a look at the AD Recycle Bin step by step guide on TechNet.