Active Directory Recycle Bin Step-by-Step Guide
Updated: January 6, 2009
Applies To: Windows Server 2008 R2
This guide provides step-by-step instructions and background information for enabling and using the Active Directory® Recycle Bin feature in the Windows Server® 2008 R2 operating system.
Active Directory Recycle Bin helps minimize directory service downtime by enhancing your ability to preserve and restore accidentally deleted Active Directory objects without restoring Active Directory data from backups, restarting Active Directory Domain Services (AD DS), or rebooting domain controllers.
When you enable Active Directory Recycle Bin, all link-valued and non-link-valued attributes of the deleted Active Directory objects are preserved and the objects are restored in their entirety to the same consistent logical state that they were in immediately before deletion. For example, restored user accounts automatically regain all group memberships and corresponding access rights that they had immediately before deletion, within and across domains.
Active Directory Recycle Bin is functional for both AD DS and Active Directory Lightweight Directory Services (AD LDS) environments.
Scenario Overview for Restoring Deleted Active Directory Objects
Requirements for Active Directory Recycle Bin
Step 1: Enable Active Directory Recycle Bin
Step 2: Restore a Deleted Active Directory Object
Appendix A: Additional Active Directory Recycle Bin Tasks
Appendix B: Restore Multiple, Deleted Active Directory Objects (Sample Script)
Appendix C: Possible Issues When Restoring Attributes Used by Directory-Enabled Applications