Active Directory Recycle Bin in Windows 2012 R2

One of my client would like to understand more on the Active Directory Recycle Bin in Windows 2012 R2, and I had done some study on my lab on this topic

Summary of Study Notes 

  1. Forest Functional Level is Windows 2008 R2 and above
  2. Default Tombstone lifetime / Deleted Object lifetime (msDS-deletedObjectLifetime) was 180 days  for deleted objects
  3. Restored user accounts automatically regain all group memberships and corresponding access rights that they had immediately before deletion, within and across domains
  4. A deleted object is moved to the Deleted Objects container, with its distinguished name mangled.
  5. After the deleted object lifetime expires, the logically deleted object is turned into a recycled object and most of its attributes are stripped away. A “recycled object,” which is a new state in Windows Server 2008 R2, remains in the Deleted Objects container until its recycled object lifetime expires. After the recycled object lifetime expires, the garbage-collection process physically deletes the recycled Active Directory object from the database.
  6. A recycled object cannot be recovered
  7. Do not recommend that you use Active Directory Recycle Bin to restore Exchange configuration objects that were accidentally deleted with Exchange administrative tools. Instead, the recommended approach is to re-create these objects by using the supported Exchange administrative tool

Steps to Enable AD Recycle Bin 

Updated

If you prefer for GUI, There is a GUI for Active Directory Recycle Bin in Windows 2012 R2

AD-RecycleBin-01

AD-RecycleBin-02

 

Reference

  1. https://technet.microsoft.com/en-us/library/dd379542(v=ws.10).aspx
Share This