Windows Server 2016

Enable Windows Server 2016 Active Directory Recycle Bin

In our last post, we talked about the Active Directory Administrative Center in Windows Server 2016.  ADAC is a great way to interface with Active Directory with a task oriented GUI interface.  One of the things we can do from the ADAC interface is turn on the Active Directory recycle bin feature for Active Directory. Active Directory Recycle Bin makes it much easier to recover accidentally deleted objects over legacy reanimation of tombstoned objects.  Let’s take a look at how to enable Windows Server 2016 Active Directory Recycle Bin using ADAC as well as PowerShell.

Enable Windows Server 2016 Active Directory Recycle Bin

Before thinking about enabling the Active Directory Recycle Bin feature, you need to be a member of the Enterprise Admins group to successfully enable the option.  Let’s look first at doing this using the Active Directory Administrative Center or ADAC to enable the recycle bin.  To launch ADAC, simply type dsac.exe.  Notice over in the right hand column the Enable Recycle Bin link.

recycle16_01

Once you click the Enable Recycle Bin link, you will see the warning about the gravity of what you are going to do.  This operation is irreversible, so you can expect to see such a warning.  However, the AD recycle bin is definitely a worth feature to enable.

recycle16_02

After enabling the feature, you will see the notice that the process to enable the feature has begun.  Replication of course will need to replicate this to all the DCs in the forest.

recycle16_02b

After you refresh the ADAC interface, you will now see the Enable Recycle Bin link is greyed out.

recycle16_02c

Using PowerShell to Enable

Using PowerShell to enable the Active Directory Recycle Bin is equally as painless.  You use the following commandlet:

Enable-ADOptionalFeature –Identity 'CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=testlab,DC=local' –Scope ForestOrConfigurationSet –Target 'testlab.local'

You also receive the notice in PowerShell to confirm the action.

recycle16_03

Testing

I have created a testuser account in a TestOU container.  Let’s simulate an accidental deletion.  As you can see, I am about to delete the testuser account.

recycle16_04

It is now gone!

recycle16_04b

Restoring Deleted Object

To restore the object, we need to be a member of at least the Domain Admins group.  To restore a deleted object, we again utilize PowerShell.  You can see the deleted objects by running the following commandlet:

get-adobject -filter {displayname -eq "testuser"} -includedeletedobjects

As expected, I see the testuser account.

recycle16_05

To restore the object we can simply run the commandlet:

get-adobject -filter {displayname -eq "testuser"} -includedeletedobjects | Restore-ADObject

The object is restored in PowerShell with little fanfare.

recycle16_06

A quick refresh of the ADUC interface once again shows the testuser object.

recycle16_07

Thoughts

The process to enable Windows Server 2016 Active Directory Recycle Bin is very straightforward.  In this example we took a look at using either ADAC or PowerShell to enable the feature.  Both methods are easy however, some may prefer the graphical interface over the PowerShell commandline.

Subscribe to VirtualizationHowto via Email 🔔

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Brandon Lee

Brandon Lee is the Senior Writer, Engineer and owner at Virtualizationhowto.com and has over two decades of experience in Information Technology. Having worked for numerous Fortune 500 companies as well as in various industries, Brandon has extensive experience in various IT segments and is a strong advocate for open source technologies. Brandon holds many industry certifications, loves the outdoors and spending time with family.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.