Wednesday, March 14, 2012

Enabling Active Directory Recycle Bin in Windows Server 8 beta

Active Directory Recycle Bin started in Windows Server 2008 R2. it can help administrator to recover the Active Directory deleted item without down time. As a before, when administrators delete an item on Active Directory, administrators need to restore system state backup and perform "ntdsutil authoritative restore" command to recover the deleted items. It will take a down time for restore. On Windows Server 8 beta, administrators can manage the Active Directory Recycle Bin by GUI interface. On Windows Server 2008 R2, Active Directory Recycle Bin only manages by PowerShell.

If you plan to enable Active Directory Recycle Bin in Windows Server 8 beta, consider the following"
  • By default, Active Directory Recycle Bin in Windows Server 8 beta is disabled". To enable it, you must first raise the forest functional level of your AD DS or AD LDS environment to Windows Server 2008 R2 or higher.This in turn requires that all domain controllers in the forest or all servers that host instances of AD LDS configuration sets be running Windows Server 2008 R2 or higher.
  • The process of enabling Active Directory Recycle Bin is irreversible. After you enable Active Directory Recycle Bin in your environment, you cannot disable it.
  • To manage the Recycle Bin feature through a user interface, you must install the version of Active Directory Administrative Center in Windows Server 8 beta
Reference from Microsoft Technet

The goal
Enable and test the Active Directory Recycle Bin in Windows Server 8 beta

I will enable the Active Directory Recycle Bin in Windows Server 8 beta in my test lab. There is 1 domain controller named dc01.fabrikam.com which is installed Windows Server 8 beta with Windows Server 2003 forest functional level in the test lab.

1. At DC01, log in as Domain Administrator.
2. Launch "Active Directory Administrative Center".


3. Click "fabrikam (local)".


Now, the "Active Directory Recycle Bin" cannot be enabled because the forest functional level is mismatch and there is no "Deleted Objects" folder in the Active Directory.

4. Close "Active Directory Administrative Center".
5. Launch "Active Directory Domains and Trusts".
6. Right -click "fabrikam.com", select "Raise Domain Functional Level".


7. Next to "Select an available domain functional level", select "Windows Server 2008 R2".


8. Click "Raise", then click "OK" twice.
9. Right-click "Active Directory Domains and Trusts", select "Raise Forest Functional Level".


10. Next to "Select an available forest functional level", select "Windows Server 2008 R2".


11. Click "Raise", then click "OK" twice.
12. Close "Active Directory Domains and Trusts".
13. Launch "Active Directory Administrative Center".
14. Click "fabrikam (local)".
15. Click "Enable Recycle Bin".


16. Click "OK" to enable the "Active Directory Recycle Bin".


After you enable Active Directory Recycle Bin in your environment, you cannot disable it.

17. Click "OK".
18 . Press "Refresh" button.



The "Deleted Objects" was created automatically.


This folder is used to storing the deleted objects.

19. Right-click "fabrikam (local)", select "New > Organization Unit".


20. Next to "Name" type "Sales".
21. Uncheck "Protect from accidental deletion".

22. Click "OK".
23. Double-click "Sales".
24. Next to "Tasks", click "New > User".


25. Create a user named, Peter.
26. Next to "Tasks", click "New > Group". 
27. Create a group named, "Manager".


28. Select "fabrikam (local)".
29. Right-click "Sales" OU, select "Delete".

30. Click "Yes".


31. Because there are some objects in Sales OU, check "Use delete subtree server control", then click "Yes".
32. Double-click "Deleted Objects".


33. Right-click "Peter", select "Restore".


"Restore" is used to restoring objects to original location.

34. You will get the following error.


Because the OU was deleted, Peter cannot be restored to original location. To restore Peter to original location, we need to restore the OU first.

35. Right-click "Peter", select "Restore to".


"Restore to" is used to restoring objects to other location.

36. Select "Users", click "OK".
37. Navigate to "Users" folder.


Peter has been restored in "Users" folder.

38. Navigate to "Deleted Objects", select and right-click "Sales" OU and "Manager" group, click "Restore".
39. Navigate to "Sales" OU.


As a result, all objects were restored.

This posting is provided “AS IS” with no warranties, and confers no rights!

2 comments:

  1. Why is AD recycle bin irreversible. Is it possible to revert to a system state backup from before the feature was enabled?

    ReplyDelete
    Replies
    1. It is a forest wide option of Active Directory. If it is enabled, you cannot revert it.

      Delete