Enabling the Active Directory Recycle Bin

To enable the Active Directory Recycle Bin using ADAC, perform the following steps:

1. Log on using credentials of an account that belongs to the Enterprise Admins or Schema Admins group.
2. Right-click on the forest root domain in the navigation pane, and select Raise The Forest Functional Level as shown in Figure 2 below.
3. Ensure that the forest functional level for your environment is Windows Server 2008 R2 or higher.
4. Right-click again on the forest root domain, and select Enable Recycle Bin.
5. Review the warning, and click OK to proceed with enabling the Active Directory Recycle Bin.
6. Refresh ADAC, and wait until all domain controllers in the forest have replicated the configuration change before attempting to use the Active Directory Recycle Bin to restore deleted objects.

Figure 2: Raising the forest functional level.

Note:You can also use Windows PowerShell to perform all of the actions required to enable the Active Directory Recycle Bin for your environment. For example, you can use the Set-ADForestMode cmdlet to raise the forest functional level to Windows Server 2008 R2 or higher. And you can use the Enable-ADOptionalFeature cmdlet to enable the Active Directory Recycle Bin feature. Use the Get-Help cmdlet to display the syntax and examples for each of these cmdlets.

Important:Although enabling the Active Directory Recycle Bin is a recommended best practice for Active Directory administration, after you enable this feature you cannot disable it. So plan carefully before taking this step because you will be unable to roll back the forest functional level once this step has been taken. For more information on rolling back the forest functional level, see the topic titled "Understanding Active Directory Domain Services (AD DS) Functional Levels" in the TechNet Library.

Using the Active Directory Recycle Bin

After the Active Directory Recycle Bin is enabled, using it to restore deleted directory objects is straightforward as long as the deleted object lifetime of the objects has not expired. For example, Figure 3 shows how to restore the user account for Marie Dubois after it was accidentally deleted. The following menu options are available:

• Restore - Restore the deleted object to its original location within Active Directory.
• Restore To - Restore the deleted object to a container you specify using Column Explorer.
• Locate Parent - Display the container where the deleted object originally resided.
• Properties - Display or modify the properties of the deleted object.

Note:You can restore multiple deleted objects in one action by multi-selecting them in the Deleted Objects container and choosing the appropriate menu option.

Figure 3: Restoring a deleted object using the Active Directory Recycle Bin.

Note:After the Active Directory Recycle Bin is enabled for your environment, you can also use Windows PowerShell to restore directory objects you accidentally deleted. You can do this using the Restore-ADObject cmdlet. Use the Get-Help cmdlet to display the syntax and examples for this cmdlet.