Don't miss out on new posts! Sign up!
Windows Server 2016

Enable Windows Server 2016 Active Directory Recycle Bin

In our last post, we talked about the Active Directory Administrative Center in Windows Server 2016.  ADAC is a great way to interface with Active Directory with a task oriented GUI interface.  One of the things we can do from the ADAC interface is turn on the Active Directory recycle bin feature for Active Directory. Active Directory Recycle Bin makes it much easier to recover accidentally deleted objects over legacy reanimation of tombstoned objects.  Let’s take a look at how to enable Windows Server 2016 Active Directory Recycle Bin using ADAC as well as PowerShell.

Enable Windows Server 2016 Active Directory Recycle Bin

Before thinking about enabling the Active Directory Recycle Bin feature, you need to be a member of the Enterprise Admins group to successfully enable the option.  Let’s look first at doing this using the Active Directory Administrative Center or ADAC to enable the recycle bin.  To launch ADAC, simply type dsac.exe.  Notice over in the right hand column the Enable Recycle Bin link.


Once you click the Enable Recycle Bin link, you will see the warning about the gravity of what you are going to do.  This operation is irreversible, so you can expect to see such a warning.  However, the AD recycle bin is definitely a worth feature to enable.


After enabling the feature, you will see the notice that the process to enable the feature has begun.  Replication of course will need to replicate this to all the DCs in the forest.


After you refresh the ADAC interface, you will now see the Enable Recycle Bin link is greyed out.


Using PowerShell to Enable

Using PowerShell to enable the Active Directory Recycle Bin is equally as painless.  You use the following commandlet:

Enable-ADOptionalFeature –Identity 'CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=testlab,DC=local' –Scope ForestOrConfigurationSet –Target 'testlab.local'

You also receive the notice in PowerShell to confirm the action.



I have created a testuser account in a TestOU container.  Let’s simulate an accidental deletion.  As you can see, I am about to delete the testuser account.


It is now gone!


Restoring Deleted Object

To restore the object, we need to be a member of at least the Domain Admins group.  To restore a deleted object, we again utilize PowerShell.  You can see the deleted objects by running the following commandlet:

get-adobject -filter {displayname -eq "testuser"} -includedeletedobjects

As expected, I see the testuser account.


To restore the object we can simply run the commandlet:

get-adobject -filter {displayname -eq "testuser"} -includedeletedobjects | Restore-ADObject

The object is restored in PowerShell with little fanfare.


A quick refresh of the ADUC interface once again shows the testuser object.



The process to enable Windows Server 2016 Active Directory Recycle Bin is very straightforward.  In this example we took a look at using either ADAC or PowerShell to enable the feature.  Both methods are easy however, some may prefer the graphical interface over the PowerShell commandline.

Don't miss out on new posts! Sign up!

Brandon Lee

Brandon Lee is the Senior Writer, Engineer and owner at and has over two decades of experience in Information Technology. Having worked for numerous Fortune 500 companies as well as in various industries, Brandon has extensive experience in various IT segments and is a strong advocate for open source technologies. Brandon holds many industry certifications, loves the outdoors and spending time with family.

Related Articles

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.