Active Directory Recycle Bin

We can enable active directory recycle bin feature on windows 2008 R2 Domain controller. We can enable this feature in either domain level or forest level. If we are going to enable this feature on forest level the forest functional level should be Windows 2008 R2.

1

Enable-ADOptionalFeature ‘Recycle Bin Feature’ –Scope ForestORConfigurationSet –Target ‘mydomain.lk’

This PowerShell cmdlet will enable ad recycle bin for you

2

3

Now im deleting user account “BranchAdmin”.This user is also member of a Administrators group.

4

Get-ADObject –IncludeDeletedObjects –Filter{name –like “Branch*”}

Using this Get-ADObject we can see what are the deleted accounts with account name like “branch*”

5

Now we can see all the deleted users in the active directory

6

Restore-ADObject –Identity 8923423423423424

Using Restore-ADObject we can restoer deleted users,but we need to provide those users GUID to the Restore-ADObject as a Idnetity Parameter

7BranchAdmin

Branch admin user has restored with relevant group member ships.

2 thoughts on “Active Directory Recycle Bin”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.