Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Server

Windows Server 2012 : Enabling advanced features using ADAC (part 1) - Enabling and using the Active Directory Recycle Bin

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
8/27/2014 3:54:38 AM

Enabling and using the Active Directory Recycle Bin

Administrators of Active Directory environments sometimes make mistakes—for example, deleting the user account for a user who still needs access to the corporate network. The effects of such mistakes can range from lost end-user productivity to broken network functionality.

Windows Server 2008 R2 previously introduced a feature called the Active Directory Recycle Bin to provide administrators with a way of recovering directory objects that were accidentally deleted. However, using the AD Recycle Bin in Windows Server 2008 R2 environments proved difficult for some administrators because enabling and using this feature could be performed only from the command-line, either by using the Ldp.exe utility or with Windows PowerShell cmdlets. Windows Server 2012 simplifies this task—now you can use the GUI-based ADAC for both enabling the AD Recycle Bin and recovering deleted objects.

Understanding the AD Recycle Bin

To understand the limitations of the AD Recycle Bin, you need to know how it works. When the AD Recycle Bin feature is enabled in an Active Directory environment, directory objects can be in one of the following four states (which are illustrated Figure 1):

  • Live The object is functioning in Active Directory and is located in its proper container within the directory. As an example, a user account object that is live is one that a user can utilize for logging on to the network.

  • Deleted The object has been moved to the Deleted Objects container within Active Directory. The object is no longer functioning in Active Directory, but the object’s link-valued and non-link-valued attributes are preserved, allowing the object to be recovered by restoring it from the AD Recycle Bin if the lifetime of the deleted object has not yet expired. (By default, when the AD Recycle Bin is enabled, the deleted object lifetime is configured as 180 days.) For example, a user account in the deleted state cannot be used for logging on to the network, but if the user account is restored to its live state, it can again be used for logon purposes.

  • Recycled The deleted object lifetime has expired for the object. The object remains in the Deleted Objects container, but most of its attributes are now stripped away. The object can no longer be recovered by restoring it from the AD Recycle Bin or by taking other steps, such as reanimating Active Directory tombstone objects.

  • Removed The recycled object lifetime has expired for the object. The Active Directory garbage collection process has physically removed the object from the directory database.

The four states of Active Directory objects when the AD Recycle Bin is enabled.
Figure 1. The four states of Active Directory objects when the AD Recycle Bin is enabled.

Enabling the AD Recycle Bin

By default, the AD Recycle Bin feature is disabled until you choose to enable it. Enabling the AD Recycle Bin in your environment requires that the forest functional level be Windows Server 2008 R2 or higher. This means that all domain controllers in your forest must be running Windows Server 2008 R2 or higher.

To enable the AD Recycle Bin using ADAC, perform the following steps:

  1. Log on using credentials of an account that belongs to the Enterprise Admins or Schema Admins group.

  2. Right-click on the forest root domain in the navigation pane, and select Raise The Forest Functional Level:

    image with no caption
  3. Ensure that the forest functional level for your environment is Windows Server 2008 R2 or higher.

  4. Right-click again on the forest root domain, and select Enable Recycle Bin.

  5. Review the warning, and click OK to proceed with enabling the AD Recycle Bin.

  6. Refresh ADAC, and wait until all domain controllers in the forest have replicated the configuration change before attempting to use the AD Recycle Bin to restore deleted objects.

Note

Using Windows PowerShell to enable the AD Recycle Bin

You can also use Windows PowerShell to perform all of the actions required to enable the AD Recycle Bin for your environment. For example, you can use the Set-ADForestMode cmdlet to raise the forest functional level to Windows Server 2008 R2 or higher. And you can use the Enable-ADOptionalFeature cmdlet to enable the AD Recycle Bin feature. Use the Get-Help cmdlet to display the syntax and examples for each of these cmdlets.

Using the AD Recycle Bin

After the AD Recycle Bin is enabled, using it to restore deleted directory objects is straightforward as long as the deleted object lifetime of the objects has not expired. For example, Figure 2 shows how to restore the user account for Marie Dubois after it was accidentally deleted. The following menu options are available:

  • Restore Restore the deleted object to its original location within Active Directory.

  • Restore To Restore the deleted object to a container you specify using Column Explorer.

  • Locate Parent Display the container where the deleted object originally resided.

  • Properties Display or modify the properties of the deleted object.

Note

Restoring multiple deleted objects

You can restore multiple deleted objects in one action by multiselecting them in the Deleted Objects container and choosing the appropriate menu option.

Restoring a deleted object using the AD Recycle Bin.
Figure 2. Restoring a deleted object using the AD Recycle Bin.

Note

Using Windows PowerShell to restore deleted objects

After the AD Recycle Bin is enabled for your environment, you can also use Windows PowerShell to restore directory objects you accidentally deleted. You can do this using the Restore-ADObject cmdlet. Use the Get-Help cmdlet to display the syntax and examples for this cmdlet.

Quick check

  • If a directory object is in the Recycled state, can you still restore it using the AD Recycle Bin?

Quick check answer

  • No. If an object is in the Recycled state, its deleted object lifetime has expired. The object is still in the Deleted Objects container, but because most of its attributes have been stripped away, you can no longer recover it by restoring it from the AD Recycle Bin.

Other -----------------
- SQL Server 2012 : Latch Contention Examples - UP Latches in tempdb, Spinlock Contention in Name Resolution
- SQL Server 2012 : Latch Contention Examples - Queuing
- SQL Server 2012 : Latch Contention Examples - Inserts When the Clustered Index Key Is an Identity Field
- SQL Server 2012 : Latches and Spinlocks - Monitoring Latches and Spinlocks
- SQL Server 2012 : Latches and Spinlocks - SuperLatches/Sublatches
- SQL Server 2012 : Latches and Spinlocks - Latch Types, Latch Modes
- Sharepoint 2013 : Overview of The Client-Side Object Model and Rest APIs - Client-Side Object Model API Coverage
- Sharepoint 2013 : Overview of The Client-Side Object Model and Rest APIs - REST and OData (part 3) - Creating, Updating, and Deleting
- Sharepoint 2013 : Overview of The Client-Side Object Model and Rest APIs - REST and OData (part 2) - Filtering and Selecting
- Sharepoint 2013 : Overview of The Client-Side Object Model and Rest APIs - REST and OData (part 1) - Getting Started with REST and OData
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
 
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server