Shortly after I finished my series about the new Active Directory Recycle Bin feature in Windows Server 2008 R2, I stumbled across the Active Directory Recycle Bin PowerPack for PowerGUI. As I noted in my review, restoring Active Directory objects via PowerShell or the LDP.exe GUI is quite cumbersome. I recommended using Quest Object Restore for Active Directory or ADRestore.NET instead. But this PowerGUI PowerPack is an even better solution because it has some useful additional features to offer.
- Poll: How reliable are ChatGPT and Bing Chat? - Tue, May 23 2023
- Pip install Boto3 - Thu, Mar 24 2022
- Install Boto3 (AWS SDK for Python) in Visual Studio Code (VS Code) on Windows - Wed, Feb 23 2022
Since Active Directory Recycle Bin PowerPack is an add-on, you have to import it manually once you installed PowerGUI. This will add a new folder to the PowerGUI tool which lists all deleted AD objects. I like that it preserves the hierarchical structure of deleted objects. This is useful if you deleted an organizational unit that contained other objects.
You can then restore single objects or the whole hierarchical structure with just a mouse click. By the way, Microsoft introduced an interesting change in Windows Server 2008 R2. If you try to delete an OU that contains objects you will get this message: "You do not have sufficient privileges to delete ... or this object is protected from accidental deletion".
You can protect containers against accidental deletion in previous Active Direction versions by simply removing the Delete and Delete Subtree permissions. I find it interesting that in a Windows Server 2008 R2 domain this accidental deletion prevention is enabled by default. Obviously accidental deletion of AD containers happens more often that one thinks. If you try to recursively restore a whole organizational unit with its objects using the Recycle Bin PowerPack, you have to first remove the Deny Delete and Deny Delete Subtree advanced permissions (see screenshot).
Another nice feature of the Recycle Bin PowerPack is that it allows you to restore deleted objects to a different location. This is a common feature of all backup solutions and it certainly could prove to be helpful in some situations.
Furthermore, you can also empty the complete Recycle Bin or remove single objects. Be careful with this feature because you will no longer be able to restore objects from a backup.
It is also useful that you can use the PowerPack to modify the DeletedObjectLiftime and TombstoneLifetime attributes. Note that "TombstoneLifetime" is only the name of the AD attribute. The correct term of this setting is "Recycled Object Lifetime" because in an Active Directory with enabled Recycle Bin there are no tombstone objects, as I described in my previous review about the Recycle Bin feature.
All in all, the Recycle Bin PowerPack offers all the functionality I expected when I first heard about this Recycle Bin. It is a bit strange that Microsoft neither offers a comparable GUI tool nor did they integrate the functionality in the Active Directory User and Computer interface (ADUC). It appears to be a new Microsoft strategy. For some functionality they only provide a PowerShell interface hoping that someone else steps in and offers a GUI tool for the feature.
Kirk also posted a quick video with the demo of this PowerPack: http://www.youtube.com/watch?v=MI1Tdual0wE&feature=PlayList&p=807CCBBC67873456&index=12