Tech Tip of the Day – Recovering Deleted AD Objects

Standard

When Microsoft released Server 2008 R2, the put in a feature of an Active Directory Recycle Bin to allow for the recovery of deleted Active Directory Object.  However, being Microsoft and never making anything easy, it could only be administered via PowerShell. image

With the release of Windows Server 2012, the Active Directory Admin Center now includes a GUI-based for both enabling the Recycle Bin and also restoring deleted objects.  Of course, to use the Active Directory Recycle Bin feature, your AD Forest must be Windows Server 2008 R2 or later and you must be a member of the Enterprise Admins group.

To use this, you must first enable.  Right Click on your forest name in the ADAC and select the Recycle Bin Option.

image

Once you have enabled the Recycle Bin, you will find a new “Deleted Objects” container in your AD structure.  Now, when objects are deleted, they will be temporarily stored in that container for up to 180-Days and are easily recovered.  And for those of you that have stricter retention policies in place, that 180-Days is by default, but can be easily reset by using ADSIEdit and inserting a new value for the msDS-DeletedObjectLifetime attribute on the CN=Directory Service,CN=Windows NT,CN=Services container.

See – Wasn’t that painless?

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s