Working with the Server 2008 R2 Active Directory Recycle Bin

One of the fantastic features provided in Server 2008 R2 is the new Recycle Bin for Active Directory.

I recognize that nobody here is going to intentionally mess up their own Active Directory.  But problems can happen.   A Junior technician misheard the phrase “Disable” with “Delete”, a malicious Administrator leaving the company, dumb luck.  Any number of problems can occur and this feature will save the day.

There are a few caveats to using this

1) You must have the Domain functional level in Server 2008 R2 mode.

2) You must enable the feature by using LDP.EXE or Powershell.  The Powershell is the preferred method.  MUCH easier on the eyes 🙂

3) It is managed and used 100% by Powershell.  There is no GUI version presently.  But it’s Powershell.  WHY DO WANT A GUI? 😉

3) Once enabled, you cannot disable it.  This is a one way trip folks

4) The enabled Recycle Bin has a 180 day retention policy. (6 months to catch the error of somebody’s ways)

 

That’s it.

Using it is a breeze.

In Server 2008 R2, Select the NEW Active Directory Powershell under Administrative Tools.

Type in the new command

GET-ADOPTIONALFEATURE –filter {name –like “*”}

You will be presented with a screen showing you

FeatureScope       : {Forest}
Name               : Recycle Bin Feature
RequiredForestMode : Windows2008R2Forest
IsDisableable      : False
ObjectGUID         : 0599c1a6-6f8f-42d4-b9a0-ab2791d4719e
ObjectClass        : msDS-OptionalFeature
FeatureGUID        : 766ddcd8-acd0-445e-f3b9-a7f9b6744f2a
EnabledScopes      :
RequiredDomainMode :
DistinguishedName  : CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=energized,DC=energizedtech,DC=com

Looking at the information above, there are no enabled scopes which confirms that the AD Recycle Bin is presently disabled.

So to make all this useful, I guess we should turn it on.  So in the same Powershell Window key in this command

 

ENABLE-ADOPTIONALFEATURE ‘Recycle Bin Feature’ –score forest –target ‘domainfqdn’

In my case my domain is ENERGIZED and part of the real internet domain ENERGIZEDTECH.COM

ENABLE-ADOPTIONALFEATURE ‘Recycle Bin Feature’ –score forest –target ‘energized.energizedtech.com’

But you might have a simpler setup.  You might have a domain called CONTOSO and it’s root is inside called CONTOSO.COM’

ENABLE-ADOPTIONALFEATURE ‘Recycle Bin Feature’ –score forest –target ‘contoso.com’

 

(Of course in your case, you would substitute the FQDN of YOUR Active Directory Parent domain)

You will get a prompt warning you that it will make the change.   Choose “Yes” if you wish to enable this feature or CTRL-C to abort.

Once you’re done, it’s active.  To confirm, run the

GET-ADOPTIONALFEATURE –filter {name –like “*”}

And you’ll get a similar response but note

FeatureScope       : {Forest}
Name               : Recycle Bin Feature
RequiredForestMode : Windows2008R2Forest
IsDisableable      : False
ObjectGUID         : 0599c1a6-6f8f-42d4-b9a0-ab2791d4719e
ObjectClass        : msDS-OptionalFeature
FeatureGUID        : 766ddcd8-acd0-445e-f3b9-a7f9b6744f2a
EnabledScopes      : {CN=Partitions,CN=Configuration,DC=energized,DC=energizedtech,DC=com}
RequiredDomainMode :
DistinguishedName  : CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=energized,DC=energizedtech,DC=com

 

You’ll see the “Enabled Scopes” is now covering my domain.

 

Now that the feature is enabled, the fun begins.

Let’s play a little game called “pretend”. 

Pretend you hired a Network Administrator who claimed to understand how to work with Active Directory.    Pretend he didn’t and deleted the Administrator account and a few computers called “PRESIDENT” and “CIO”.

So you fired him.   Now in the old world, it would be, break out the backup tape.  Restore the Active Directory, hope you got it all right.  Schedule downtime as well.

A real headache.

But not anymore

New land.  Active Directory Recycle Bin.  You’ve one command to save everybody’s bacon.

In Powershell V2 on Server 2008 R2 you get this beautiful command

GET-ADOBJECT –filter {name –like “missingitem*”} –includedeletedobjects | RESTORE-ADOBJECT

That’s it.  Nothing harder than that.

So to make yourself look like “Superman” or your Hero of choice, if we had to restore those objects on the fly, no downtime, no interruption, and that Network Administrator fired and out the door. You would type

GET-ADOBJECT –filter {name –like “Administrator”} –includedeletedobjects | RESTORE-ADOBJECT

GET-ADOBJECT –filter {name –like “PRESIDENT”} –includedeletedobjects | RESTORE-ADOBJECT

GET-ADOBJECT –filter {name –like “CIO”} –includedeletedobjects | RESTORE-ADOBJECT

There.  Was that so hard?  The great thing, is as long as it’s an object in Active Directory, it’s protected by this new feature for 180 days

Now please note, this just does restore the object.  It’s restores the object, its security, its trusts!

Now if you’re curious about Server 2008 R2, It’s in Beta.  And you can download it to try it out.  Don’t put it in your production environment. It is after all Beta but it’s an amazing piece of software.  And if you’re interested the PSR.EXE (Problem Step Recorder) module is ALSO in Server 2008 R2! So if you’re writing an article about Server 2008 R2 Beta, you can actually record what you did (or better yet, you can use it when documenting what you did to install particular pieces of software on the server)

If you’d like to learn more about the Active Directory Recycle Bin, Check out these great resources on Technet.com

Active Directory Recycle Bin – Instructional Video on Technet Edge

Active Directory Recycle Bin Step-by-Step Guide

Sean
The Energized Tech

 

 

 

 

FeatureScope       : {Forest}
Name               : Recycle Bin Feature
RequiredForestMode : Windows2008R2Forest
IsDisableable      : False
ObjectGUID &#
160;    
   : 0599c1a6-6f8f-42d4-b9a0-ab2791d4719e
ObjectClass        : msDS-OptionalFeature
FeatureGUID        : 766ddcd8-acd0-445e-f3b9-a7f9b6744f2a
EnabledScopes      : {CN=Partitions,CN=Configuration,DC=energized,DC=energizedt
                     ech,DC=com}
RequiredDomainMode :
DistinguishedName  : CN=Recycle Bin Feature,CN=Optional Features,CN=Directory S
                     ervice,CN=Windows NT,CN=Services,CN=Configuration,DC=energ
                     ized,DC=energizedtech,DC=com

Energize IT 2009!

Folks!

Microsoft Canada has done it again! An idea a breakthrough!  Spread across this great land of ours!

ENERGIZE IT 2009!

What started as a one time event held in Toronto for the past three years has exploded into something wonderful and nationwide!  Something the whole country can share in.

There are Energize IT 2009 events in almost every key city at a time convenient for you!   Register quickly before seating is filled.

And of course I didn’t mention the best part.

It’s Free!

Seating is limited. REGISTER NOW for each event you plan to attend.

Select your region for EnergizeIT Event Details

 

 

British Columbia

City

Event

Date

Victoria

User Group Connection: Future of the Platform

March 23

Learn more & Register

Vancouver

User Group Connection: Future of the Platform

April 7

Learn more & Register

Energize IT: From the Client to the Cloud

April 8

Learn more & Register

Install Fest for Windows 7

April 9

Learn more & Register

Top

Alberta

City

Event

Date

Calgary

User Group Connection: Future of the Platform

March 31

Learn more & Register

Energize IT: From the Client to the Cloud

April 1

Learn more & Register

Install Fest for Windows 7

April 2

Learn more & Register

Edmonton

User Group Connection: Future of the Platform

April 28

Learn more & Register

Energize IT: From the Client to the Cloud

April 29

Learn more & Register

Install Fest for Windows 7

April 30

Learn more & Register

Top

Saskatchewan

City

Event

Date

Regina

Energize IT: From the Client to the Cloud

April 21

Learn more & Register

Saskatoon

User Group Connection: Future of the Platform

April 23

Learn more & Register

Top

Manitoba

City

Event

Date

Winnipeg

User Group Connection: Future of the Platform

April 14

Learn more & Register

Energize IT: From the Client to the Cloud

April 15

Learn more & Register

Install Fest for Windows 7

April 16

Learn more & Register

Top

Ontario

City

Event

Date

London

Energize IT: From the Client to the Cloud

March 25

Learn more & Register

User Group Connection: Future of the Platform

March 26

Learn more & Register

GTA

User Group Connection: Future of the Platform (Mississauga)

March 31

Learn more & Register

Energize IT: From the Client to the Cloud

April 1

Learn more & Register

Install Fest for Windows 7 (AM)

April 4

Learn more & Register

Install Fest for Windows 7 (PM)

April 4

Learn more & Register

User Group Connection: Future of the Platform (Downtown)

April 14

Learn more & Register

Ottawa

User Group Connection: Future of the Platform

April 7

Learn more & Register

Energize IT: From the Client to the Cloud

April 8

Learn more & Register

Install Fest for Windows 7

April 9

Learn more & Register

Top

Quebec

City

Event

Date

Montreal

User Group Connection: Future of the Platform

March 17

Learn more & Register

Energize IT: From the Client to the Cloud

March 18

Learn more & Register

Install Fest for Windows 7

March 19

Learn more & Register

Quebec City

Energize IT: From the Client to the Cloud

April 29

Learn more & Register

Top

Atlantic Canada

City

Event

Date

St. John’s

User Group Connection: Future of the Platform

April 23

Learn more & Register

She – My Valentine

But this IS dedicated to my wife Rosanna, the ONLY person in the world that could, would, and HAS put up with the “Geek” that I am.

Happy Valentine’s day honey. (And yes I am buying her something, I’m not THAT cheap 😉 )

Yes, unfortunately there will be a musical version of this

Original tune "She" by Elvis Costello

"She – my Valentine" – by Sean "Friday Funny Guy / ye110wbeard" Kearney

She
Is the only one for me
Is the glowing beacon in my sea
Keeps me grounded and warns me when to play
She
Keeps me sane when I’m alone
Brings me hope over the phone
Asks for me to bring home milk from time to time
Through the roughest tender day

She
Will let me play with my PC’s
and work on servers until three
and play with spreadsheets whenever clients yell
She
Will deal ignore the pile under my chairs
and all that stuff under the stairs
and doesn’t question all my cares
It’s all for she

She
Sees all those underwear on the floor
And hasn’t kicked me out the door
The smelly sweaters laying on the bed
She
Puts up with everything I do
All of that singing until two
Until my throat go horse and I’m dead

She
Is why I always do it all
Is why I’ll sleep within a hall
Why I’ll use a fish to cut a tree
She
Is why I press my passion on
Is why I wrote this silly song
For who else would bother to
Put up with the goof that is me

But She
My Valentine