Configuring Active Directory Recycle Bin in Windows Server 2012

Active Directory Recycle Bin feature is a Long-Awaited to recover accidentally deleted Active Directory objects without restoring Active Directory data from backups, restarting Active Directory Domain Service (AD DS), or rebooting domain controller from Microsoft, which was introduced in Windows Server 2008 R2. Active Directory objects are preserved in the recycle bin for an amount of time to match the tombstone lifetime of the forest. This is 180 days by default. But in practice it is less impressive because to enable this feature we have to use Windows PowerShell and the Ldp.exe LDAP utility, which is not common for all levels of Windows Administrators. Apart from this, it requires the forest level be at least Windows Server 2008 R2. Once we enable Active Directory Recycle Bin feature, we will not be able to disable it.

In Windows Server 2012, Microsoft updates some improvement in Active Directory Recycle Bin such as it is no longer required to use Windows PowerShell or Ldp.exe to enable the Active Directory Recycle Bin. It can simply access from Active Directory Administrative Center. Even these improvements, organizations will not still acceptable to enable this feature because once we enable Active Directory Recycle Bin feature; we will not be able to disable it on Windows Server 2012. I hope Microsoft will fix this issue in the near future.

To Enable the Active Directory Recycle Bin:

1. Open Server Manager, on the Tools menu, click Active Directory Administrative Center.

http://www.msserverpro.com/wp-content/uploads/2012/08/1b.jpg

2. In the navigation pane, click server name (local). In the Tasks pane on right side, click Enable Recycle Bin.

http://www.msserverpro.com/wp-content/uploads/2012/08/2.jpg

3. In the Enable Recycle Bin Confirmation dialog box, click OK.

http://www.msserverpro.com/wp-content/uploads/2012/08/4.jpg

4. In the Active Directory Administrative Center dialog box, click OK.

http://www.msserverpro.com/wp-content/uploads/2012/08/5.jpg

5. On the menu bar, click the Refresh icon. Note that a Deleted Object container now appears.

Delete User Objects:

1. Open Active Directory Users and Computers, select the required OU ( HR Department), select all users under HR Dept. OU, and click Delete. In the Delete Confirmation dialog box, click Yes.

http://www.msserverpro.com/wp-content/uploads/2012/08/1.jpg

Restore Deleted Objects:

1. Open Active Directory Administrative Center.

2. In the navigation pane, select server name (local), then In the center pane, double-click on Deleted Objects.

http://www.msserverpro.com/wp-content/uploads/2012/08/21.jpg

3. In the navigation pane under Deleted Objects, Press Ctrl Key and select all Deleted Users. In the Tasks pane on right side, click Restore to restore the object to its original location.

http://www.msserverpro.com/wp-content/uploads/2012/08/3.jpg

5. In the navigation pane, under server name (local), select HR Department OU and make sure that all deleted objects are restored or we can go to Active Directory Users and Computers to make sure that all deleted objects are restored.

http://www.msserverpro.com/wp-content/uploads/2012/08/5a1.jpg

Summary:

In Windows Server 2012, we can recover deleted objects easily through Active Directory Administrative Center. This simplified the recovery of Active Directory objects that were accidently deleted. I hope this helps.