Server 2008 R2 Active Directory gets a recycle bin!

This is great news on a long overdue feature. If you’re fortunate enough to manage a tight ship with regard to AD then you may have never had the need to restore a deleted object. In the pre-2008 R2 world if you did need to restore a deleted object then you were looking at an authoritative restore via Directory Services Restore Mode. In 2008 R2, deleted objects go to a new hidden container called “Deleted Objects”. This feature is not enabled by default but can be turned on by raising the forest functional level to 2008 R2 and by running a PowerShell script from the Active Directory Module for Powershell. For ease, import the AD cmdlets into PowerShell first by running:

import-module activedirectory

Then to enable the feature (replace contoso with your domain name):

Enable-ADOptionalFeature –Identity ‘CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration, DC=contoso,DC=com’ –Scope ForestOrConfigurationSet –Target ‘contoso.com’

Restores can occur via PowerShell or LDP. Via PowerShell:

Open the Active Directory PowerShell command Prompt and use the following syntax: Get-ADObject -Filter {displayName -eq "Brian"} -IncludeDeletedObjects | Restore-ADObject

Recycling Active Directory Trash [Life of Brian], [Technet]