Windows 2008 R2 AD Recycle Bin

This is a new feature in windows 2008 R2

Active Directory Recycle Bin helps minimize directory service downtime by enhancing your ability to preserve and restore accidentally deleted Active Directory objects without restoring Active Directory data from backups, restarting Active Directory Domain Services (AD DS), or rebooting domain controllers(The drawback to the authoritative restore solution was that it had to be performed in Directory Services Restore Mode (DSRM). During DSRM, the domain controller being restored had to remain offline).

By default, Active Directory Recycle Bin in Windows Server 2008 R2 is disabled. To enable it, you must first raise the forest functional level of your AD DS or AD LDS environment to Windows Server 2008 R2, which in turn requires all forest domain controllers or all servers that host instances of AD LDS configuration sets to be running Windows Server 2008 R2. After you enable Active Directory Recycle Bin in your environment, you cannot disable it.

For example, An account accidently deleted and having back up before made any group memberships of user accounts can’t restored by Authoritative restore.From here we can restored user accounts automatically regain all group memberships and corresponding access rights that they within and across domains.After that the object lifetime expires, the logically deleted object is turned into a recycled object and most of its attributes are lost and goes to new container called recycled object and can even restore using autoritive back up then finally deletes physcically from database.

objects——–deleted——recycled——–physically deleted

To enable AD recycle bin using LDP.exe
Start > run > ldp.exe > connect and bind the server
Click view > tree >in Base DN,select configuration directory partition
In console tree, double click distingished name of configuration directory partition  and navigate to CN=partition container
right click CN=partition container > distiguished name > modify and make sure DN box empty
edit attribute > type EnableOptionalFeature and in values type

Noe:766ddcd8-acd0-445e-f3b9-a7f9b6744f2a is AD Recycle bin GUID


Posted on June 21, 2013, in Uncategorized, Windows. Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: