Answer: The Active Directory Recycle Bin is a great tool that can save organizations a lot of time and money in productivity and software cost by simplifying the restore process of any active directory objects.
In order to use the Active Directory recycle bin the following system and organization requirements needs to be in place:
All domain controllers needs to run Windows Server 2008 R2
The Forest and Domain Functional level needs to be set to Windows Server 2008 R2
To use the Active Directory Recycle Bin follow the steps below:
Before using the Recycle bin we need to enable it first using PowerShell:
- Start The Active Directory Module for Windows PowerShell form Start -> Administrative Tools (Don’t forget to use the Run as administrator by right click on the icon)
Use the following command to enable the Active Directory Recycle Bin.
Enable-ADOptionalFeature –Identity ‘CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration, DC=contoso,DC=com’ –Scope ForestOrConfigurationSet –Target ‘test.com’
After you enable the feature you are ready to go and recover deleted objects.
2.The following command will show you how to restore a user name dodo.
Get-ADObject –filter{displayName –eq “dodo”} –includeDeletedObject | Restore-ADObject
You can read more about this at Technet:
http://technet.microsoft.com/en-us/library/dd379509(WS.10).aspx