Microsoft released the SIGred security patch for Windows Servers 2008 to 2019. All these Windows…
How to Enable Active Directory Recycle Bin
When you install Active Directory (AD DS role) and promote the server to a Domain Controller, the Active Directory Recycle Bin is not enabled by default. While this should be a must, unfortunately, it is not baked into the deployment. So, it’s always important to enable AD Recycle Bin on Windows Server after the setup. In this article, you will learn how to enable the Active Directory Recycle Bin.
Table of contents
Enable Active Directory Recycle Bin
Note: If you have multiple domain controllers in the organization, you only have to enable the Active Directory Recycle Bin on one Domain Controller. It will enable it for the entire forest and replicate it to the other Domain Controllers.
- Sign in on the Domain Controller
- Start Server Manager
- Click on Tools > Active Directory Administrative Center
- Click on the domain and select Enable Recycle Bin
Note: Once you enable the Recycle Bin in Active Directory, you can’t disable it anymore.
- Click OK to confirm
- Click OK again
- Click the refresh icon and verify that the Enable Recycle Bin option is now greyed out
You successfully enabled AD Recycle Bin on Windows Server.
Enable Active Directory Recycle Bin with PowerShell
To enable AD Recycle Bin using PowerShell, follow these steps:
- Sign in on the Domain Controller
- Start PowerShell as administrator
- Run the Get-ADForest cmdlet to find the forest root domain
Get-ADForest | Select-Object RootDomain
In our example, the root domain is exoip.local.
RootDomain
----------
exoip.local
- Run the Enable-ADOptionalFeature cmdlet and fill in the root domain after the -Target parameter to enable AD Recycle Bin
Enable-ADOptionalFeature "Recycle Bin Feature" -Scope ForestOrConfigurationSet -Target "exoip.local"
- Press Y and Enter to confirm
- Run the Get-ADOptionalFeature cmdlet to verify that AD Recycle Bin is enabled successfully
Get-ADOptionalFeature "Recycle Bin Feature"
The output shows the EnabledScopes attribute, which must have a value present. If it’s empty, it means that the AD Recycle Bin is not enabled.
EnabledScopes : {CN=NTDS Settings,CN=DC01-2022,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=
exoip,DC=local, CN=Partitions,CN=Configuration,DC=exoip,DC=local, CN=NTDS Settings,CN=DC02-2022,CN
=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=exoip,DC=local}
That’s it!
Read more: How to Create an Active Directory Security Assessment report »
Conclusion
You learned how to enable Active Directory Recycle Bin on Windows Server. It’s essential that you enable it or double-check that it’s active in the AD forest. It tremendously helps if you have to restore deleted objects.
Did you enjoy this article? You may also like Active Directory health check with PowerShell script. Don’t forget to follow us and share this article.
This Post Has 0 Comments