Server 2008 R2 AD Recycle Bin *Update*

A few minor things have changed since the RTM build of 2008 R2 dropped with regard to this feature. Here is a quick recap and overview.

First your domain must be running in Server 2008 R2 forest and domain functional level, which means all of your DCs must be running 2008 R2.

image image

Once this is achieved you will be allowed to enable the recycle bin AD feature (which must be done from the DC holding the Domain Naming master role).

image

To verify that the feature was successfully enabled fire up ldp.exe in admin mode. In the 2008 R2 RC the deleted objects container was now visible but in RTM it isn’t. Hit View—>Tree—> and select the Configuration partition for the BaseDN. Expand down to the Partitions container and verify the recycle bin has been enabled under msDS-EnabledFeature.

image

Ok good, the feature is enabled but we still can’t see the deleted objects container nor any objects that we delete at this point, even though the container is visible in the well known objects list. This is because the container itself is marked as deleted. Deleted object restore or view operation attempts will fail at this point as well.

image

To change this, with the domain root selected as BaseDN, click Browse—>Search, enter CN=Deleted Objects,DC=domain,DC=com for the Base DN, change the filter from * to user, then click options. Change the search call type to extended then click the controls button. In the “Load Predefined” drop down select “return deleted objects” and double-click the 1.2.xx item in the active controls pane. Click Check in, then Ok. The TechNet link at the bottom goes into greater detail about this.

image image

Refresh the tree and you should now see the deleted objects container. You should now be able to view and restore your deleted objects via ldp or PowerShell.

image

Reference:

TechNet

No comments:

Powered by Blogger.