Active Directory provides the ability to managing objects including creation, deletion, and modification or granting permission on network resources. At the same time, there could be instances where these objects are deleted accidentally. Restoring such deleted objects can be a cumbersome task for the system administrators. Thus to enable easy recovery of deleted objects, Microsoft introduced Active Directory Recycle Bin in Windows 2008 R2 Server and since 2008 R2 it continues in later windows such as Windows 2012, Windows 2016 and now in windows 2019
Prior to the introduction of AD Recycle Bin feature, there were two ways to restore deleted objects
Authoritative Restore and Tombstone Reanimation (Both features still exist in current Windows Server)
Authoritative Restore is a method in which deleted data from AD backup will be retrieved, this restoration method requires the DC in DSRM (directory service restore mode) and is unavailable for client request until the restoration is completed.
one more disadvantage of authoritative restore, if any change has been made to the object after the AD DS backup has been done, the deleted object will recover only the backup data and will not have the changes made post the backup. For example
To run the AD Recycle Bin feature, the requirements to be met are as follows:
- All domain controllers in the AD forest must be running Windows 2008 R2 or higher.
- The functional level of the AD forest must be raised windows 2008 R2 or above.
Below is the Steps to Enabling and restoring of objects:-
Start- Windows Administrative Tools- Active Directory Administrative Center
In the Active Directory, Administrative Center Click on the “Enable Recycle Bin” on the right pane
ADDS has begun enabling Recycle Bin. Click OK
Once Recycle Bin has been enabled, it cannot be disabled.
You can verify the recycle bin status by entering an administrative center
Enable Recycle Bin option is changed, so it’s not highlighted like another tab.
For testing purposes, we have deleted the accounts. James Ken.
Click Yes, to delete the user named James ken
Tried to Find the User named James
After Enable Of Recycle Bin, All deleted objects moved inside the Deleted Objects container in Active Directory Administrative Center.
Here we restore the objects to the same location or any custom Organizational Unit.
In Above Example, we have selected restore option and it restored the user in the default location.