A Guide to Enable Active Directory Recycle Bin Using ADAC & PowerShell
Go through this guide to learn a few ways using which you can easily enable Active Directory recycle bin that helps you to organize AD objects and eliminates the risk of potential data loss.
Overview and Importance of Enabling Active Directory Recycle Bin
Windows Active Directory acts as a centralized repository that houses all network resources such as user accounts, groups, OUs, computers, printers, shared folders, group policies, etc. It helps IT admins to organize and secure the network infrastructures by deploying required policies and security protocols throughout the organization.
However, in case of AD mismanagement, they can often encounter situations such as accidental data deletions or modification of Active Directory objects. This can be critical as it poses the risk of potential data loss or operational disruption.
To eliminate such scenarios Microsoft has introduced the AD Recycle Bin (ADRB) feature. Enabling this allows you to easily restore the deleted AD objects with all attributes, such as backlinks, group memberships, and metadata, without the need to recover the system state backups.
Before moving with enabling Recycle Bin in Active Directory, it is necessary to check if the feature is already enabled on your AD DC (domain controller).
How to Check if Active Directory Recycle Bin is Enabled?
If you are not sure whether the Active Directory Recycle Bin is enabled or not, then you can check the status by using PowerShell and ADAC and following the below steps.
Using PowerShell
You can use the Active Directory module to run the Get-ADOptionalFeature cmdlet scripts, with a filter for features whose name contains “Recycle. It checks the EnabledScopes property of the feature, whether the feature is enabled or not. If the Recycle Bin feature is enabled then you get a True, if not then you get a False.
If ((Get-ADOptionalFeature -Filter {Name -like "Recycle*"}).EnabledScopes)
{Write-Host 'True'}
else
{Write-Host 'False'}
In this case, you can see a Flase which means that the Active Directory Recycle Bin is not enabled.
Using Active Directory Administrative Center
To check if the Active Directory Recycle Bin is enabled using the Active Directory Administrative Center, you can follow these steps:
- Step 1. Open the Active Directory Administrative Center.
- Step 2. In the left pane, navigate to the root of your Active Directory forest.
- Step 3. Right-click on your domain name, and select Properties.
- Step 4. In the Properties dialog box, go to the Extensions tab.
- Step 5. Look for an extension named Recycle Bin. If you see it listed, it means that the Active Directory Recycle Bin is enabled for your domain.
If you don’t see the Recycle Bin extension listed, it means that the Active Directory Recycle Bin is not enabled.
How to Enable Active Directory Recycle Bin?
Similar to the above you have two ways to enable ADRB, this includes either using the PowerShell or ADAC. Let’s discuss the steps for the same in the coming sections.
Using PowerShell
We are using the Enable-ADOptionalFeature. This cmdlet is used to enable an optional feature in Active Directory. Additionally, we are using scope to set it up or enable features at the Forest level. Here CN specifies the name of the optional feature to be enabled, i.e. Recycle Bin Feature.
Enable-ADOptionalFeature –Identity “CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=cu14mail,DC=local” -Scope ForestOrConfigurationSet –Target “cu14mail.local"
When you run the above PowerShell scripts, you will get a confirmation as shown in the image mentioned – it is an irreversible process. Type Y and hit enter to enable the recycle bin in Active Directory using PowerShell.
Using Active Directory Administrative Center
- Step 1. Open Active Directory Administrative Center.
- Step 2. Right-click on the domain name.
- Step 3. Locate Enable Recycle Bin in the list
- Step 4. Click on it to enable the Recycle Bin feature.
- Step 5. Confirm the action by clicking on OK in the popup window.
In this way, you can easily enable AD Recycle Bin using the ADAC.
How SysTools Can Help?
SysTools offers industry-leading Active Directory Reporter software, which is a prime choice for IT admins for Active Directory management and reporting. Using it you can streamline administrative tasks and enhance the overall security of your network infrastructure. Let’s have a look at its features.
Features of SysTools AD Reporter Tool
- Generates detailed reports on user accounts, groups, OUs, permissions, and other Active Directory objects.
- Offers the option to customize reports to meet specific requirements and filter data based on various criteria.
- Safely exports reports from forests and cross-forests instantly.
- Provides a search facility to locate particular objects accordingly.
- Allows to View User Attributes in Active Directory and generate reports.
- Offers some predefined date range filters like 5, 7, 10, 30, and 60 days for filtering results
- Compatible with Windows Server 2012 R2, 2016 & 2019 OS.
Since it can help them simplify the management of the entire AD environment. Hence, with this software, the admins can perform various day-to-day tasks more efficiently and effectively without any hassle.
If you are planning to perform migration within AD environment, be it a cross forest, or domain migration. You can rely on SysTools Active Directory Migration Tool, as using it you can streamline the process and peform the data transition effortlessly.
Conclusion
If Active Directory Recycle Bin (ADRB) is not enabled, then it can greatly impact your overall AD management. And also poses a security risk of data loss in the event of intentional, unintentional, or accidental data deletion.
Hence, enabling Active Directory Recycle Bin (ADRB) is a crucial step to take place, as it ensures data safety and helps in quick data recovery in accidental deletions or data loss scenarios. Using the above step-by-step guide you can take a look into the process of checking ADRB status and also enabling it.