Skip to main content
PowerShell

Setting the Active Directory Recycle Bin

By September 30, 2013No Comments

If you can set all you domain controllers to Server 2008 R2 then you can, if you wish, enable the recycle bin in Microsoft’s Active Directory. Deleted items are stored for 180 days before finally being purged. Accidental deletions than can be recovered without needing an Active Directory Restore. To enable the feature and to manage recovery of deleted objects you will need a little Powershell as this is all managed from the PowerShell command prompt. But what a feature, a trash can for LDAP is something that we shouldn’t need but is always useful for those times bad things happen.

Import-Module ActiveDirectory
Get-ADForest
Set-ADForestMode -Identity "tup.com" -ForestMode Windows2008R2Forest
Enable-ADOptionalFeature "Recycle Bin Feature" -Scope ForestOrConfigurationSet -target "tup.com"
Get-ADObject -Filter {LastKnownParent -eq "ou=sales,dc=tup,dc=com"} -IncludeDeletedItems | Restore-ADObject