Managing Active Directory Recycle Bin in Windows Server 2022

Posted on 16th June 2023

Introduction

The Active Directory Recycle Bin was first introduced in Windows Server 2008 R2. It allows you to restore accidentally deleted Active Directory objects without having to restore from a backup. This is a huge time saver and can prevent a lot of headaches. The Recycle Bin is enabled by default in Windows Server 2012 and later.

How it Works

When an object is deleted from Active Directory, it is not actually deleted from the database. Instead, it is marked as deleted and moved to a hidden container called the Deleted Objects container. The object remains in this container for the tombstone lifetime. The tombstone lifetime is set by the administrator and is by default 60 days. After the tombstone lifetime expires, the object is permanently deleted from the database and can no longer be restored.

When the Recycle Bin feature is enabled, the deleted object is not moved to the Deleted Objects container. Instead, it is moved to the Recycle Bin. The Recycle Bin functions just like the Recycle Bin on your desktop. You can restore an object from the Recycle Bin just as you would restore a file from the Recycle Bin.

Enabling the Recycle Bin

The Recycle Bin is not enabled by default. You must enable it before you can use it.

To enable the Recycle Bin, open the Active Directory Administrative Center. In the left pane, click on the domain. In the right pane, click on the Enable Recycle Bin link.

You will see a warning that says the Recycle Bin will not be available until the next time Active Directory is restarted. Click OK to continue.

Viewing Deleted Objects in the Recycle Bin

Deleted objects are not visible in the Active Directory Administrative Center. To view them, you must use the Active Directory Users and Computers snap-in.

Open the Active Directory Users and Computers snap-in. In the left pane, click on the View menu and select Advanced Features.

You will now see the Deleted Objects container in the left pane. Double-click on it to open it.

You will see a list of all the deleted objects in the Recycle Bin.

Restoring Deleted Objects

To restore a deleted object, right-click on it and select Restore.

The object will be restored to its original location.

Emptying the Recycle Bin

Objects in the Recycle Bin are not automatically deleted. They will remain in the Recycle Bin until you delete them. To delete an object from the Recycle Bin, right-click on it and select Delete.

You will see a warning that says the object will be permanently deleted. Click OK to continue.

Disabling the Recycle Bin

The Recycle Bin can be disabled at any time. Disabling the Recycle Bin does not delete the objects that are currently in the Recycle Bin. It just prevents any new objects from being added to the Recycle Bin.

To disable the Recycle Bin, open the Active Directory Administrative Center. In the left pane, click on the domain. In the right pane, click on the Disable Recycle Bin link.

You will see a warning that says the Recycle Bin will be emptied and all objects will be permanently deleted. Click OK to continue.

Conclusion

The Active Directory Recycle Bin is a handy feature that can save you a lot of time and trouble. It is easy to enable and use. It is important to remember that objects in the Recycle Bin are not automatically deleted. You must delete them manually.

When a domain controller is removed from Active Directory, its associated objects are not immediately deleted from the directory. Instead, they are moved to the Active Directory Recycle Bin. The Recycle Bin contains all of the objects that have been deleted from Active Directory, but have not yet been purged from the directory.

The Recycle Bin allows you to restore deleted objects from Active Directory, if necessary. It also allows you to permanently delete objects from Active Directory, if you do not want to restore them.

Enabling the Recycle Bin

The Recycle Bin is not enabled by default in Active Directory. You must enable the Recycle Bin before you can use it.

To enable the Recycle Bin, you must use the Set-ADDomain cmdlet. This cmdlet is available in the Active Directory module for Windows PowerShell.

To enable the Recycle Bin, use the following syntax:

Set-ADDomain -EnableRecycleBin:$true

Managing Deleted Objects

Once the Recycle Bin is enabled, you can manage deleted objects by using the Get-ADObject and Restore-ADObject cmdlets.

The Get-ADObject cmdlet allows you to view deleted objects in the Recycle Bin. The Restore-ADObject cmdlet allows you to restore deleted objects from the Recycle Bin.

To view deleted objects in the Recycle Bin, use the following syntax:

Get-ADObject -Filter ‘IsDeleted -eq $true’ -IncludeDeletedObjects

To restore a deleted object from the Recycle Bin, use the following syntax:

Restore-ADObject -Identity ‘CN=DeletedUser,CN=Users,DC=contoso,DC=com’

Permanently Deleting Objects

You can use the Remove-ADObject cmdlet to permanently delete an object from the directory. When you permanently delete an object, it is removed from the Recycle Bin and can no longer be restored.

To permanently delete an object, use the following syntax:

Remove-ADObject -Identity ‘CN=DeletedUser,CN=Users,DC=contoso,DC=com’ -PermanentlyDelete

Emptying the Recycle Bin

You can use the Clear-ADObject cmdlet to empty the Recycle Bin. This cmdlet permanently deletes all objects in the Recycle Bin.

To empty the Recycle Bin, use the following syntax:

Clear-ADObject -Recycle bin

Disabling the Recycle Bin

You can use the Set-ADDomain cmdlet to disable the Recycle Bin. This cmdlet is available in the Active Directory module for Windows PowerShell.

To disable the Recycle Bin, use the following syntax:

Set-ADDomain -EnableRecycleBin:$false

Previous Post - Creating an SEO-Friendly Plugin for WordPress

Next Post - How to Create and Edit 3D Objects in Adobe Illustrator