Source:
https://www.virtualizationhowto.com/2017/03/enable-windows-server-2016-active-directory-recycle-bin/
Enable Via Active Directory Admin Application (DSAC.exe)
Using PowerShell to Enable
Using PowerShell to enable the Active Directory Recycle Bin is equally as painless. You use the following commandlet:
PowerShell
Enable-ADOptionalFeature –Identity 'CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=testlab,DC=local' –Scope ForestOrConfigurationSet –Target 'testlab.local'
|
1 2 |
Enable-ADOptionalFeature –Identity 'CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=testlab,DC=local' –Scope ForestOrConfigurationSet –Target 'testlab.local'
|
You also receive the notice in PowerShell to confirm the action.
Testing
I have created a testuser account in a TestOU container. Let’s simulate an accidental deletion. As you can see, I am about to delete the testuser account.
It is now gone!
Restoring Deleted Object
To restore the object, we need to be a member of at least the Domain Admins group. To restore a deleted object, we again utilize PowerShell. You can see the deleted objects by running the following commandlet:
PowerShell
get-adobject -filter {displayname -eq "testuser"} -includedeletedobjects
|
1 2 |
get-adobject -filter {displayname -eq "testuser"} -includedeletedobjects
|
As expected, I see the testuser account.
To restore the object we can simply run the commandlet:
PowerShell
get-adobject -filter {displayname -eq "testuser"} -includedeletedobjects | Restore-ADObject
|
1 2 |
get-adobject -filter {displayname -eq "testuser"} -includedeletedobjects | Restore-ADObject
|
The object is restored in PowerShell with little fanfare.
A quick refresh of the ADUC interface once again shows the testuser object.
