Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET
Active Directory

Enable the Active Directory Recycle Bin in Windows Server 2012

How do I enable the Active Directory Recycle Bin in Windows Server 2012?

First introduced in Windows Server 2008 R2, the Active Directory (AD) recycle bin builds on AD’s tombstoning feature to allow administrators to easily restore deleted directory objects. Prior to Windows Server 2012, the recycle bin was accessible only from the command line using PowerShell. Windows Server 2012 contains a graphical user interface for working with and enabling the recycle bin as part of the Active Directory Administrative Center.

Before following this procedure, it’s important to understand that once enabled, the recycle bin can’t be disabled. You’ll need to make sure that your forest is running at the Windows Server 2008 R2 forest function level or higher, that you have at least one Windows Server 2012 domain controller (DC) in the domain, and that all other DCs in the domain are running Windows Server 2008 R2 or higher.

Enabling the Active Directory Recycle Bin

  • Log on to a domain controller or a machine with the Remote Server Administration Tools (RSAT) installed as an enterprise administrator.
  • Open the Active Directory Administrative Center from the Start screen (or Start menu if not using Windows 8 or Windows Server 2012). Alternatively, the AD Administrative Center can be opened from the Tools menu in Server Manager.
  • In the left pane of the Active Directory Administrative Center, select the Active Directory domain that you want to connect to.
  • Right click the AD domain in the left pane and select Raise the forest functional level.
  • The dialog will show the current forest functional level. If the forest function level is not at least Windows Server 2008 R2, you will need to raise the level to Windows Server 2008 R2 or higher. This process is irreversible. In this case, my forest is already at the Windows Server 2012 forest function level, so I can click Cancel in the dialog and proceed to enable the AD recycle bin.
  • In the Tasks pane of the Active Directory Administrative Center, click Enable Recycle Bin.

Enable AD Recycle Bin


Sponsored Content

Say Goodbye to Traditional PC Lifecycle Management

Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.

  • Click OK in the confirmation dialog.
  • You’ll now see another dialog asking you to refresh the Administrative Center. Click OK in the dialog. In the Administrative Center, click on the Refresh icon in the top right corner.

Any AD objects that you delete will now be moved to the Deleted Objects container.

Related Topics:

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.
Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: