What is Active Directory Recycle Bin
The Active Directory Recycle Bin is a feature in the Active Directory Domain Services (AD DS) that allows administrators to restore deleted Active Directory objects, such as user accounts, groups, and computers, without the need to restore from a backup. This feature provides a safety net for the accidental deletion of objects and helps reduce the effort and cost of restoring from a backup.
When an object is deleted from Active Directory, it is not immediately removed from the database. Instead, it is moved to a special container called the “Deleted Objects” container, where it remains for a specified period of time, known as the “tombstone lifetime.” After the tombstone lifetime has passed, the object is permanently deleted and cannot be recovered.
The Active Directory Recycle Bin changes this behavior by allowing deleted objects to be restored within a specified time period, even after the tombstone lifetime has passed. When the Recycle Bin feature is enabled, deleted objects are moved to the Recycle Bin instead of the Deleted Objects container, where they can be restored if necessary.
The Recycle Bin feature provides an easy-to-use interface for restoring deleted objects, reducing the effort and cost of restoring from a backup. It also reduces the risk of restoring an older version of an object from a backup, which can introduce inconsistencies into the directory. Additionally, the Recycle Bin is a more efficient solution for restoring objects compared to restoring from a backup, as it does not require a full database restore.
Enable the AD Recycle Bin using Active Directory Administrative Center
Note: Once the Active Directory Recycle Bin has been enabled, it cannot be switched off.
Follow these simple 3 steps:
Step 1: Open Server Manager
Step 2: Open the Active Directory Administrative Center
Step 3: Enable Recycle Bin
Enable AD Recycle Bin with PowerShell
Active Directory Recycle Bin can be activated only where all domain controllers are running Windows Server 2016, Windows Server 2012 R2, Windows Server 2012 or Windows Server 2008 R2.
Note: Enabling Active Directory Recycle Bin is irreversible.
Below are the steps to enable Recycle Bin Using Enable-ADOptionalFeature Cmdlet
- Click Start, click Administrative Tools, right-click Active Directory Module for Windows PowerShell, and then click Run as administrator.
- At the Active Directory module for Windows PowerShell command prompt, type the following command, and then press ENTER:
Enable-ADOptionalFeature –Identity ‘CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=www,DC=domain,DC=com’ –Scope ForestOrConfigurationSet –Target ‘www.domain.com’
If you are using Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, and Windows Server 2012, you can use the Active Directory Administrative Center to enable the Recycle Bin.