Skip to main content

How to setup and restore a object from the Active Directory Recycle Bin

·310 words·2 mins
system-administration tech active-directory powershell sysadmin technology
James Pettigrove
Author
James Pettigrove
Cloud Engineer with a focus on Microsoft Azure
Active Directory Recycle Bin - This article is part of a series.
Part 1: This Article

CTRL+Z, the undo button, the recycle bin, shadow copies; The human element in the world of IT can some times be our undoing; This goes along way to explain the push to automate EVERY facet of the our IT systems. While some organisations are not big enough to justify automating to this degree or haven’t yet invested the time to do so things like the Active Directory Recycle Bin are a nice stop-gap. The setup of Active Directory Recycle Bin is fairly straight forward:

  1. All Domain Controllers must be running Windows Server 2008 R2 or higher (prep your Forest and Domain if you have not already)
  2. Forest functional level must be at Windows Server 2008 R2 or higher
  3. Run the following Powershell command:
Enable-ADOptionalFeature Identity CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=yourdomain,DC=com Scope ForestOrConfigurationSet Target yourdomain.com

Now that the Recycle Bin has been enabled how do we go about restoring an object that has been deleted (obviously AFTER the Recycle Bin has been enabled ^_-)? Unfortunately there is no option to restore an object via the Active Directory Users and Computers snap-in as deleted objects are very much hidden no matter what options you make visible. Instead we must once again flex out Powershell skills with the following:

Get-ADObject -Filter {DisplayName -eq "nameofobject" -and deleted -eq $true} -Include DeletedObjects | Restore-ADObject

Real simple this one, the Get-ADObject followed by some filtering and the -Include DeletedObjects switch gets our deleted object (just replace nameofobject with the display name of your Active Directory object that has been deleted). This is then piped to Restore-ADObject to restore the object in place where it was located when it was deleted.

Too easy right? What if you want to restore a whole tree of deleted objects (i.e. a delete Organisational Unit and all the objects inside)? I’ll be tackling that in another post so stay tuned!

Active Directory Recycle Bin - This article is part of a series.
Part 1: This Article

Related

Utilizing Add-ADUser & Import-CSV Powershell Cmdlets to bulk create Active Directory accounts
·816 words·4 mins
system-administration tech active-directory powershell sysadmin technology
We’ve all been there…your company has just taken over or brought out another company and you have been given a list of new employees to receive network accounts or another example (and my reality) it is the start of a school year and you have a herd of new year 7 students that need network accounts.
Bulk creation of Active Directory User accounts via Powershell v2
·378 words·2 mins
system-administration tech active-directory powershell sysadmin technology
Most system administrators that I know has the burden (or the joy if you like a challenge) of creating and managing large quantities of users in Active Directory.
Resolve failed Mailbox Move Requests
·465 words·3 mins
system-administration tech exchange exchange-2010 powershell sysadmin technology
So chances are, after reading my previous post on how to move Mailboxes via Organizational Unit you have migrated a couple hundred mailboxes.