Enabling Active Directory Recycle Bin on Windows 2008 R2

Well I have been a bit lazy recently in terms of my certification and in particular refreshing my MCSA (2003). So, I have decided to make a start, which will ultimately be disrupted by my summer holidays (or should I say honeymoon!). First up I am going to prepare for the 70-640: Windows Server 2008 Active Directory: Configuring.

I personally find hands on experience and discussing/blogging about a subject allows it to stay fresh in my mind, whereas reading the training kit or various other materials page by page can become a little tedious (even though it can be required and the materials are generally well written by their respective authors).

So firstly, I wanted to get to grips with the Active Directory Recycle Bin feature which was introduced in Windows Server 2008 R2.

So the virtual lab has been created, so lets make a start…

Forest Functional Level

This is required to be ‘Windows Server 2008 R2’ which is not an issue as I will be installing a new domain in a new forest (where the forest root domain is ‘dean.local’) and will select this to be the functional level on install (default is set to ‘Windows Server 2003).

So what if I had to raise the forest functional level? This can be completed using various steps, I will concentrate on using Active Directory Domains and Trusts snap-in or Active Directory Module for Windows Powershell;

Active Directory Domains and Trusts


1) Start > Administrative Tools > Active Directory Domains and Trusts

2) Highlight and right-click  ‘Active Directory Domains and Trusts’ and select ‘Raise Forest Functional Level’

3) Select ‘Windows Server 2008 R2’ from the drop down menu and select OK.

Active Directory Module for Windows Powershell

1) Start > Administrative Tools > Active Directory Module for Windows Powershell

2) From the command prompt; the cmdlet Set-ADForestMode would be used with the following parameters:

Set-ADForestMode [-Identity] <ADForest> [-ForestMode] <ADForestMode>

For my example, the below command would be used:

Set-ADForestMode -Identity dean.local -ForestMode WindowsServer2008R2Forest

So now we have a supported forest function level how do we enable Active Directory Recycle Bin?

Enabling the Active Directory Recycle Bin

This can be done using either Ldp.exe or the Enable-ADOptionalFeature cmdlet, I will use the cmdlet option as this is the recommended method to be used by Microsoft.

1) Start > Administrative Tools > Active Directory Module for Windows Powershell

2) From the command prompt the cmdlet Enable-ADOptionalFeature would be used with the following parameters:

Enable-ADOptionalFeature -Identity <ADOptionalFeature> -Scope <ADOptionalFeatureScope> -Target <ADEntity>

For my example, the below command would be used:

Enable-ADOptionalFeature –Identity ‘CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=dean,DC=local’ –Scope ForestOrConfigurationSet –Target ‘dean.local’

As we see from the above the ADOptionalFeature for the Recycle Bin we are enabling is named:

“CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=dean,DC=local’

As enabling the Recycle Bin is an irreversible action, you will be prompted to confirm if you want to perform this action.

So how do I know that this feature has been enabled? Well a quick check of the Directory Service log and I have noticed that two EventIDs have been generated 2136 and 2119 as below:

EventID 2136

Internal Event: An optional feature has been enabled

Optional feature name: Recycle Bin Feature
Optional feature guid: 766ddcd8-acd0-445e-f3b9-a7f9b6744f2a
Scope of optional feature: CN=Partition,CN=Configuration,DC=dean,DC=local

EventID 2119

This Active Directory Domain Services server now supports the Recycle Bin optional feature. When all servers support the optional feature, objects may be undeleted without loss of data.

So now that I have enabled Active Directory Recycle Bin, I shall go away and gets some hands-on experience, remember object may be undeleted without the loss of data!

The next post will confirm that…

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s