How to Enable Active Directory Recycle Bin

When you install Active Directory (AD DS role) and promote the server to a Domain Controller, the Active Directory Recycle Bin is not enabled by default. While this should be a must, unfortunately, it is not baked into the deployment. So, it’s always important to enable AD Recycle Bin on Windows Server after the setup. In this article, you will learn how to enable the Active Directory Recycle Bin.

Table of contents

Enable Active Directory Recycle Bin

Note: If you have multiple domain controllers in the organization, you only have to enable the Active Directory Recycle Bin on one Domain Controller. It will enable it for the entire forest and replicate it to the other Domain Controllers.

  1. Sign in on the Domain Controller
  2. Start Server Manager
  3. Click on Tools > Active Directory Administrative Center
Enable Active Directory Recycle Bin Active Directory Administrative Center
  1. Click on the domain and select Enable Recycle Bin

Note: Once you enable the Recycle Bin in Active Directory, you can’t disable it anymore.

Enable Active Directory Recycle Bin
  1. Click OK to confirm
Enable Recycle Bin confirmation message
  1. Click OK again
Refresh AD Administrative Center
  1. Click the refresh icon and verify that the Enable Recycle Bin option is now greyed out

You successfully enabled AD Recycle Bin on Windows Server.

Enable Active Directory Recycle Bin with PowerShell

To enable AD Recycle Bin using PowerShell, follow these steps:

  1. Sign in on the Domain Controller
  2. Start PowerShell as administrator
  3. Run the Get-ADForest cmdlet to find the forest root domain
Get-ADForest | Select-Object RootDomain

In our example, the root domain is exoip.local.

RootDomain
----------
exoip.local
  1. Run the Enable-ADOptionalFeature cmdlet and fill in the root domain after the -Target parameter to enable AD Recycle Bin
Enable-ADOptionalFeature "Recycle Bin Feature" -Scope ForestOrConfigurationSet -Target "exoip.local"
  1. Press Y and Enter to confirm
  2. Run the Get-ADOptionalFeature cmdlet to verify that AD Recycle Bin is enabled successfully
Get-ADOptionalFeature "Recycle Bin Feature"

The output shows the EnabledScopes attribute, which must have a value present. If it’s empty, it means that the AD Recycle Bin is not enabled.

EnabledScopes      : {CN=NTDS Settings,CN=DC01-2022,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=
                     exoip,DC=local, CN=Partitions,CN=Configuration,DC=exoip,DC=local, CN=NTDS Settings,CN=DC02-2022,CN
                     =Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=exoip,DC=local}

That’s it!

Read more: How to Create an Active Directory Security Assessment report »

Conclusion

You learned how to enable Active Directory Recycle Bin on Windows Server. It’s essential that you enable it or double-check that it’s active in the AD forest. It tremendously helps if you have to restore deleted objects.

Did you enjoy this article? You may also like Active Directory health check with PowerShell script. Don’t forget to follow us and share this article.

ALI TAJRAN

ALI TAJRAN

ALI TAJRAN is a passionate IT Architect, IT Consultant, and Microsoft Certified Trainer. He started Information Technology at a very young age, and his goal is to teach and inspire others. Read more »

X TwitterLinkedIn

What Others Are Reading

This Post Has 0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *