Once you have installed Windows 2008 R2 on all Domain Controllers and the Forest Functionality mode is set to Windows 2008 R2, the Recycle Bin is an available option. However, it is not automatically enabled. In order to use it, it has to be enabled first.
Here’s the Powershell command (all one line) to run as an Enterprise Admin:
import-module activedirectory ;
Enable-ADOptionalFeature –Identity ‘CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=Domain,DC=COM’ –Scope ForestOrConfigurationSet –Target ‘Domain.COM’
Once the AD Recycle Bin is enabled, Powershell commands provide access to it (along with other methods).
PowerShell Command to change the tombstone lifetime. This example changes it to 365 days (1 year):
Set-ADObject
-Identity “CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=Domain,DC=COM” –Partition “CN=Configuration,DC=Domain,DC=COM” –Replace:@{“tombstoneLifetime”=365}
PowerShell Command to change the deleted object lifetime. This example changes it to 365 days (1 year):
Set-ADObject
-Identity “CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=DOMAIN,DC=COM” –Partition “CN=Configuration,DC=DOMAIN,DC=COM” –Replace:@{“msDS-DeletedObjectLifetime”=365}
This Microsoft article provides additional information on restoring deleted objects using the recycle bin.
Here’s an example of what the Microsoft Article describes.
Find all deleted computers:
$DeletedComputers = Get-ADObject -SearchBase “CN=Deleted Objects,DC=DOMAIN,DC=COM” -Filter {ObjectClass -eq “computer”} -IncludeDeletedObjects -Properties lastKnownParent
Find all deleted users:
$DeletedUsers = Get-ADObject -SearchBase “CN=Deleted Objects,DC=DOMAIN,DC=COM” -Filter {ObjectClass -eq “user”} -IncludeDeletedObjects -Properties lastKnownParent
Once you have discovered the deleted objects, it is trivial to restore them:
$DeletedComputers | Restore-ADObject
$DeletedUsers | Restore-ADObject
Did you delete a bunch of users on a specific date and need to recover (undelete) them?
Try this:
$ChangeDate = Get-Date (“9/6/2011″)
Get-ADObject -Filter { (whenChanged -eq $changeDate) -and (isDeleted -eq $true) -and (name -ne “Deleted Objects”) -and (ObjectClass -eq “user”) } -IncludeDeletedObjects -Properties * | Restore-ADObject
Use Get-Help Get-ADObject for additional information on finding deleted objects. Hint: You can also filter on the IsDeletedattribute just remember the -IncludeDeletedObjects parameter.
Lot of tahnx sir