VeeamON 2021: Free Online Conference - Register Now VeeamON 2021: Free Online Conference - Register Now

Setting Up the Active Directory Recycle Bin in Windows Server 2008 R2

Windows Server 2008 R2 has introduced an exciting new feature, the Active Directory Recycle Bin. When you use this feature, a deleted object is moved to a special container instead of simply being tombstoned. The tombstone period is still important, as objects reside in this special container only for the length of the tombstone period. Once the period expires, the object is permanently deleted. But until that happens, recovering a deleted object is relatively easy.

Before you can recover an item, you have to enable this feature. It is not turned on by default. Once you enable it, you can only recover items from the recycle bin that were deleted after the feature was enabled. If you enable the feature Tuesday morning, you can recover items from the recycle bin that were deleted Tuesday afternoon, but not Monday morning.

Setup Active Directory Recycle Bin with Windows PowerShell

The first challenge you will face is that Microsoft did not provide any sort of GUI interface for this feature. You will have to use Windows PowerShell and the Active Directory module. You don’t have to run these commands on a domain controller; I prefer and recommend using Windows 7 and Remote Server Administration Tools (RSAT), which have been configured to manage Active Directory with PowerShell.

The first step is to import the module.

The Recycle Bin is part of a concept Microsoft calls AD Optional Features. As you might expect, there is a cmdlet to use.

Actually, this is the only AD Optional Feature Microsoft has released. As you can see from the result, in order to use this feature, your Active Directory forest must be at the Windows 2008 R2 level.

To turn on optional features, we will use the Enable-ADOptionalFeature cmdlet. This cmdlet supports –Whatif so you can give yourself a sanity check, which is important, because you cannot undo or disable the AD Recycle Bin. There is a Disable-ADOptionalFeature cmdlet, but the Recycle Bin feature can’t be disabled.

To enable it, you need to specify a Scope, which for now is ForestOrConfigurationSet and a Target. This is the domain where you want to use this feature.

Figure 1 shows the result:

What If I Enable the Recycle Bin?

Figure 1 What If I Enable the Recycle Bin?If I’m ready, I can re-run the command without –Whatif. You’ll be prompted for confirmation, but that is it. No reboot is required. If you have multiple domains, you’ll need to run this command for each. Once run, you should see a property.


Once this change has replicated to all your domain controllers, you are ready to begin using it, assuming you delete some objects after this feature has been enabled. We’ll look at that next time, or if you are in a hurry or want to learn more about using PowerShell with AD, take a look at Managing Active Directory with Windows PowerShell: TFM 2nd Ed. (SAPIEN Press 2010).

Related Topics:

  • Active Directory

    Don't have a login but want to join the conversation? Sign up for a Petri Account

    Comments (1)

    One response to “Setting Up the Active Directory Recycle Bin in Windows Server 2008 R2”

    1. Avatar

      Using the Active Directory Recycle Bin

      [...] a previous article, we looked at enabling the Active Directory Recycle Bin feature. Once enabled, you can easily recover deleted objects. However, you can only recover objects that [...]

    Leave a Reply

    Free Online Conference - May 25th and 26th

    VeeamON 2021: Free Online Conference

    Join us to gain your professional edge with technical and visionary learning from the brightest minds in IT at the definitive conference for Modern Data Protection.

    Register Now

    Sponsored By