Active Directory Recycle Bin is a new Windows Server 2008 R2 feature that allows you to easily restore accidentally deleted Active Directory objects. When I first heard about this feature, I thought that the Active Directory User and Computer Interface (ADUC) would just provide a Recycle Bin like the one we know from Windows Explorer. However, things are a lot more complicated with the Active Directory Recycle Bin. This is why I need two posts only to summarize the essentials that every Windows administrator has to know.

Before I describe how the Recycle Bin works, however, I will recapitulate how the restoration of Active Directory objects works with previous Windows versions. This makes it easier to understand the changes that were introduced in Windows Server 2008 R2.

(more…)

In the last article in this series, I recapitulated briefly how Active Directory objects have to be restored in Windows Server 2003/2008. Today, I will explain how the new Active Directory Recycle Bin feature works and the changes that comes with it. Let’s see first in what way the Recycle Bin improves AD object restores.

Advantages of Active Directory Recycle Bin

There are three advantages in using the new Recycle Bin feature:

• You can restore the state of Active Directory objects that they had at the time they were deleted, and not just the state of the last available backup.
• You don’t have to disable the directory services during the restore process, as with authoritative restores.
• In contrast to tombstone reanimation, the object will be restored with all its attributes.

Active Directory Recycle Bin requirements

There are four requirements that have to be fulfilled so that an Active Directory object with Recycle Bin can be restored:

(more…)

In the last post of this series, I outlined the changes that the Active Directory Recycle Bin introduces to Windows Server 2008 R2 when it comes to restoring Active Directory objects. Today, I will give you an overview of how the Recycle Bin can be used.

Upgrade the Active Directory functional level to Windows Server 2008 R2

Before you can work with the Recycle Bin, you have to raise the functional level of your Active Directory. Basically, you have to run ADPREP /FORESTPREP on the forest Schema Master and then ADPREP /DOMAINPREP on the Infrastructure Master, with the ADPREP version on the Windows Server 2008 R2 DVD. I recommend that you read James Bannan’s guide to migrate the Active Directory functional level to Windows Server 2008 R2.

Enable Active Directory Recycle Bin

Raising the functional level alone does not make the Active Directory Recycle Bin available. This feature has to be explicitly enabled. Not that this process is irreversible. Once you have enabled Active Directory Recycle Bin, you can’t disable it again. Since this step will affect your backup strategy, you should fully understand how Recycle Bin works, before going ahead.

(more…)