Active Directory Recycle bin this is the one of most important feature of the Windwos 2008 R2 Active Directory domain enviorement. With previous domain controllers (Windows 2003, Windows 2008) it was very difficult to restore deleted items. We could use ldp.exe or we have to restart the server in directory service restore mode for restore backups. At last we can use some third party tools like Adrestore.net . Get the benifit of the Active Directory recycle bin we should raise the forest functional level to the windows 2008 R2.
We
Enable-ADOptionalFeature ‘Recycle Bin Feature’ –Scope ForestORConfigurationSet –Target ‘mydomain.lk’ Note:- Once you enable this feature it cannot be disabled and there can be 10 to 15% increase in the size of NTDS.DIT.
This PowerShell cmdlet will enable AD recycle bin for you
Now I AM deleting user account “BranchAdmin”. This user is also member of a Administrators group.
Get-ADObject –IncludeDeletedObjects –Filter{name –like “Branch*”}
Using this Get-ADObject we can see what are the deleted accounts with account name like “branch*”
Now we can see all the deleted users in Active Directory.
Restore-ADObject –Identity 8923423423423424
Using Restore-ADObject we can restore deleted users, but we need to provide those users GUID to the Restore-ADObject as a Identity Parameter
BranchAdmin
Branch admin user has been restored with relevant group memberships.
Richard Mueller edited Revision 3. Comment: Minor edits and typos, add tag
Richard Mueller edited Revision 2. Comment: Removed (en-US) from title, added tag
Richard Mueller edited Original. Comment: Correct the title, add tags