Setting Up the Active Directory Recycle Bin

in windows server 2008 R2

Overview
Windows Server 2008 R2 has introduced an exciting new feature,
the Active Directory Recycle Bin. When you use this feature, a deleted
object is moved to a special container instead of simply being
tombstoned. The tombstone period is still important, as objects reside
in this special container only for the length of the tombstone period.
Once the period expires, the object is permanently deleted. But until
that happens, recovering a deleted object is relatively easy.
Before you can recover an item, you have to enable this feature. It is not turned on by default.
Once you enable it, you can only recover items from the recycle bin that were deleted after the
feature was enabled. If you enable the feature Tuesday morning, you can recover items from the
recycle bin that were deleted Tuesday afternoon, but not Monday morning

Setup Active Directory Recycle Bin with Windows

PowerShell
The first challenge you will face is that Microsoft did not provide any
sort of GUI interface for this feature. You will have to use Windows
PowerShell and the Active Directory module. You dont have to run
these commands on a domain controller; I prefer and recommend
using Windows 7 and Remote Server Administration Tools (RSAT),
which have been configured to manage Active Directory with
PowerShell.
The first step is to import the module.
PS C:\> Import-Module ActiveDirectory

The Recycle Bin is part of a concept Microsoft calls AD Optional

Features. As you might expect, there is a cmdlet to use.
PS C:\> Get-ADOptionalFeature -Filter *
DistinguishedName : CN=Recycle Bin Feature,CN=Optional
Features,CN=Directory Service,CN=Windows
NT,CN=Services,CN=Configuration,DC=GLOBOMANTICS,DC=local
EnabledScopes
: {}
FeatureGUID
: 766ddcd8-acd0-445e-f3b9-a7f9b6744f2a
FeatureScope
: {ForestOrConfigurationSet}
IsDisableable
: False
Name
: Recycle Bin Feature

ObjectClass
ObjectGUID
RequiredDomainMode
RequiredForestMode

: msDS-OptionalFeature
: 433466d6-458b-48e0-bdd1-4e815d6b7a5a
:
: Windows2008R2Forest

Actually, this is the only AD Optional Feature Microsoft has released. As

you can see from the result, in order to use this feature, your Active
Directory forest must be at the Windows 2008 R2 level.
To turn on optional features, we will use the EnableADOptionalFeature cmdlet. This cmdlet supports Whatif so you
can give yourself a sanity check, which is important, because you
cannot undo or disable the AD Recycle Bin. There is a DisableADOptionalFeature cmdlet, but the Recycle Bin feature cant be
disabled.
To enable it, you need to specify a Scope, which for now is
ForestOrConfigurationSet and a Target. This is the domain where you
want to use this feature.
PS C:\> Enable-ADOptionalFeature -Identity "Recycle Bin Feature" -Scope
ForestOrConfigurationSet -Target "globomantics.local" -whatif

Figure 1 shows the result:

Figure 1 What If I Enable the Recycle Bin?

If Im ready, I can re-run the command without Whatif. Youll be

prompted for confirmation, but that is it. No reboot is required. If you
have multiple domains, youll need to run this command for each. Once
run, you should see a property.

Conclusion
Once this change has replicated to all your domain controllers, you are
ready to begin using it, assuming you delete some objects after this
feature has been enabled. Well look at that next time, or if you are in
a hurry or want to learn more about using PowerShell with AD, take a
look at Managing Active Directory with Windows PowerShell: TFM 2nd
Ed. (SAPIEN Press 2010).