Enable the Active Directory Recycle Bin (and other New Features)

Article
08/31/2016

Tip: Enable the Active Directory Recycle Bin (and other New Features)

Follow Our Daily Tips

• facebook.com/TechNetTips
• twitter.com/TechNetTips
• blogs.technet.com/tnmag

Before you can make the recycle bin available, you must first update Active Directory schema with the required attributes. When you do this, the schema is updated, and then every object in the forest is updated with the recycle bin attributes as well. This process is irreversible once it is started.

To do this, you need to use Adprep.exe to update the forest and the domain schema so that they are compatible with Windows Server 2008 R2 domains. Follow these steps:
1. On the schema operations master in the forest, copy the contents of the Support\Adprep folder from the Windows Server 2008 R2 installation media to a local folder, and then run adprep /forestprep. If you plan to install any read-only domain controllers, you should also run adprep /rodcprep. You need to use an administrator account that is a member of Enterprise Admins, Schema Admins, or Domain Admins in the forest root domain.
2. On the infrastructure operations master for each domain in the forest, copy the contents of the Support\Adprep folder from the Windows Server 2008 R2 installation media to a local folder, and then run adprep /domainprep /gpprep. You need to use an account that is a member of the Domain Admins group in an applicable domain.

After you prepare Active Directory, you need to upgrade all domain controllers in your Active Directory forest to Windows Server 2008 R2 and then raise the domain and forest functional levels to the Windows Server 2008 R2 level.

To raise the domain level functionality
1. Click Start, point to Administrative Tools, and then click Active Directory Domains And Trusts.
2. In the console tree, right-click the domain you want to work with, and then click Raise Domain Functional Level. The current domain name and functional level are displayed in the Raise Domain Functional Level dialog box.
3. To change the domain functionality, select the new domain functional level from the list provided, and then click Raise. You can’t reverse this action. Consider the implications carefully before you do this.
4. Click OK. The new domain functional level is replicated to each domain controller in the domain. This operation can take some time in a large organization.

To raise the forest level functionality
1. Click Start, point to Administrative Tools, and then click Active Directory Domains And Trusts.
2. In the console tree, right-click the Active Directory Domains And Trusts node, and then click Raise Forest Functional Level. The current forest name and functional level are displayed in the Raise Forest Functional Level dialog box.
3. To change the forest functionality, select the new forest functional level by using the list provided, and then click Raise. You can’t reverse this action. Consider the implications carefully before you do this.
4. Click OK. The new forest functional level is replicated to each domain controller in each domain in the forest. This operation can take some time in a large organization.

Note that if you do this, you can use only Windows Server 2008 R2 resources in the domain and you can’t go back to any other mode. You should use Windows Server 2008 R2 mode only when you’re certain that you don’t need old Windows NT domain structures; Windows NT BDCs; or Windows 2000, Windows Server 2003, or Windows Server 2008 domain structures. As always, you should test any procedure in a lab before performing it in a production environment.

After these operations have been performed, you can access the recycle bin (as well as other new features). From now on, when an Active Directory object is deleted, the object is put in a state referred to as logically deleted, moved to the Deleted Objects container, and its distinguished name is altered. A deleted object remains in the Deleted Objects container for the period of time set in the delete object lifetime value, which is 180 days by default.

From the Microsoft Press book Windows Server 2008 Administrator’s Pocket Consultant, Second Edition by William R. Stanek.

Looking for More Tips?

For more tips on Microsoft products and technologies, visit the TechNet Tips library.

Additional resources