• Enfield, Waltham Abbey
  • 0844 567 4250

Search

Search Results For Passionate About IT Knowledge Base

Setting Up the Active Directory Recycle Bin - Server 2008 R2

Jul 12

Written by:
Thu, 12 Jul 2012 01:50:29 GMT  RssIcon

Microsoft have introduced a fantastic new feature in Windows Server 2008 R2 called Active Directory Recycle Bin. Yep you guessed right! The Active Directory Recycle Bin moves deleted objects to another container instead of tombstoning them. This makes recovering a deleted object is easy. The tombstone period is still important, as objects reside in this container only for the length of the tombstone period. When the tombstone period expires - the object is permanently deleted.

The Active Directory Recycle Bin is not turned on by default - you have to manually enable it and once enabled - you can only recover items from the recycle bin that were deleted after the feature was enabled.


Setup Active Directory Recycle Bin

Note: The Recycle Bin is part of a concept Microsoft calls AD Optional Features and you can only enable Active Directory Recycle Bin if the forest functional level of your environment is set to Windows Server 2008 R2.

Click here if your environment is already functioning at Server 2008 R2 level or follow either of the 2 sets of instructions below to raise your Domain Forest to the Windows Server 2008 R2 functional level.

To raise the forest functional level to Windows Server 2008 R2 using the Set-ADForestMode cmdle

  1. Click Start, click Administrative Tools, right-click Active Directory Module for Windows PowerShell, and then click Run as administrator.

  2. At the Active Directory module for Windows PowerShell command prompt, type the following command, and then press ENTER:

    Set-ADForestMode [-Identity] [-ForestMode]

    To set the forest functional level to Windows Server 2008 R2, type Windows2008R2Forest for .

    For example, to set the forest functional level of passionateaboutit.net to Windows Server 2008 R2, type the following command, and then press ENTER:

    Set-ADForestMode –Identity contoso.com -ForestMode Windows2008R2Forest


To raise the forest functional level to Windows Server 2008 R2 using Ldp.exe

  1. To open Ldp.exe, click Start, click Run, and then type ldp.exe.

  2. To connect and bind to the server that hosts the forest root domain of your AD DS environment, under Connection, click Connect, and then click Bind.

  3. Click View, and then click Tree. In BaseDN, select the configuration directory partition, and then click OK.

  4. In the console tree, double-click the distinguished name (also known as DN) of the configuration directory partition, and then navigate to the CN=Partitions container.

  5. Right-click the CN=Partitions container’s distinguished name, and then click Modify.

  6. In the Modify dialog box, in Edit Entry Attribute, type msDS-Behavior-Version.

  7. In the Modify dialog box, in Values, type 4 (the value of the Windows Server 2008 R2 forest functional level).

  8. In the Modify dialog box, under Operation click Replace, click Enter, and then click Run.



Enable Active Directory Recycle Bin using the Active Directory Module for Windows PowerShell

Microsoft did not provide a GUI for configuring this  useful feature. You will have to use the Windows PowerShell and the Active Directory module.

Note: If you do not use the Active Directory Module for Windows PowerShell to run the following commands, you will see errors. If you would prefer to run the following commands from Windows PowerShell directly, then first import the Active Directory cmdlet by running the following command import-module activedirectory

  1. Click Start, click Administrative Tools, right-click Active Directory Module for Windows PowerShell, and then click Run as administrator.

  2. At the Active Directory module for Windows PowerShell command prompt, type the following command, and then press ENTER:

    Enable-ADOptionalFeature -Identity -Scope -Target

    For example, to enable Active Directory Recycle Bin for PassionateAboutIT.net, type the following command, and then press ENTER:

    Enable-ADOptionalFeature –Identity ‘CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=contoso,DC=com’ –Scope ForestOrConfigurationSet –Target ‘contoso.com’

noteNote
You can also use the Enable-ADOptionalFeature cmdlet to enable Active Directory Recycle Bin in an AD LDS environment. For example, to enable Active Directory Recycle Bin on a local AD LDS server, where the distinguished name of the AD LDS configuration directory partition is CN=Configuration,CN={372A5A3F-6ABE-4AFD-82DE-4A84D2A10E81}, use the following cmdlet:Enable-ADOptionalFeature 'recycle bin feature' -Scope ForestOrConfigurationSet -Server localhost:50000 -Target 'CN=Configuration,CN={372A5A3F-6ABE-4AFD-82DE-4A84D2A10E81}'

For more information about the Enable-ADOptionalFeature cmdlet, at the Active Directory module for Windows PowerShell command prompt, type Get-Help Enable-ADOptionalFeature, and then press ENTER.

Enable Active Directory Recycle Bin using Ldp.exe

  1. To open Ldp.exe, click Start, click Run, and then type ldp.exe.

  2. To connect and bind to the server that hosts the forest root domain of your AD DS environment, under Connection, click Connect, and then click Bind.

  3. Click View, click Tree, in BaseDN, select the configuration directory partition, and then click OK.

  4. In the console tree, double-click the distinguished name of the configuration directory partition, and then navigate to the CN=Partitions container.

  5. Right-click the CN=Partitions container’s distinguished name, and then click Modify.

  6. In the Modify dialog box, make sure that the DN box is empty.

  7. In the Modify dialog box, in Edit Entry Attribute, type enableOptionalFeature.

  8. In the Modify dialog box, in Values, type CN=Partitions,CN=Configuration,DC=mydomain,DC=com:766ddcd8-acd0-445e-f3b9-a7f9b6744f2a. Replace mydomain and com with the appropriate forest root domain name of your AD DS environment.

    noteNote
    766ddcd8-acd0-445e-f3b9-a7f9b6744f2a is the Active Directory Recycle Bin globally unique identifier (GUID). To verify the Active Directory Recycle Bin GUID, navigate to the CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration, DC=mydomain,DC=com container (replace mydomain and com with the appropriate forest root domain name of your AD DS environment), and in the details pane, locate the value of the msDS-OptionalFeatureGUID attribute.

  9. In the Modify dialog box, under Operation click Add, click Enter, and then click Run.

  10. To verify that Active Directory Recycle Bin is enabled, navigate to the CN=Partitions container. In the details pane, locate the msDS-EnabledFeature attribute, and confirm that its value is set to CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration, DC=mydomain,DC=com, where mydomain and com represent the appropriate forest root domain name of your AD DS environment.

Please Read:

If this Free tutorial was able to help - show us some support and help keep this knowledge base free by liking us on facebook, +1 us on Google Plus, install our amazing toolbar for instant access to our RSS feeds, follow us on twitter for all the latest trends in I.T and finally join our fantastic community forum where you can find help on all things I.T - from building your own PC to fix-it-yourself solutions from the Pros!


**Revenue from Pay-Per-Click Advertising is used to support this forum, any excess is donated to Doctors Without Borders**

Copyright © Passionate About I.T 2012

1 comments so far...


Gravatar

Another sound guide - The AD Recycle Bin is a good feature that should be enabled by default to be honest. Thanks for the guide! Easy and helpful, I expect nothing less from you guys :-)

By Matthew Parker on   Thu, 12 Jul 2012 11:31:27 GMT

Your name:
Gravatar Preview
Your email:
(Optional) Email used only to show Gravatar.
Comment:
Security Code
CAPTCHA image
Enter the code shown above in the box below
Add Comment   Cancel 

Contact Us

Have an I.T Problem? Get in touch for an informal chat and find out how we can help

Click here

Blog Calendar

Archive
<April 2020>
MonTueWedThuFriSatSun
303112345
6789101112
13141516171819
20212223242526
27282930123
45678910
Monthly
Go
By continuing to use this site you agree to the use of cookies. To view our policy on cookies click here