Computers & ProgrammingComputers & NetworkingWindows Server

How to Enable the AD 2008 R2 Recycle Bin

To enable the Recycle Bin for your Active Directory 2008 R2 infrastructure, there are basically two steps that need to be completed.

  • Raise the Forest Functional Level
  • Enable the Active Directory Recycle Bin

Raise the Forest Functional Level

You can enable Active Directory Recycle Bin only if the forest functional level of your environment is set to Windows Server 2008 R2. Membership in Domain Admins or Enterprise Admins is the minimum required to complete this procedure. You can raise the forest functional level by using the following methods:

  1. Active Directory Domains and Trusts Admin Console
  2. Active Directory module for Windows PowerShell (Set-ADForestMode)

Click Start, Administrative Tools, right-click Active Directory Module for Windows PowerShell, and then click Run as administrator.

Set-ADForestMode –Identity domainName.ext -ForestMode Windows2008R2Forest

Ldp.exe

  • To open Ldp.exe, click Start, click Run, and then type ldp.exe.
  • To connect and bind to the server that hosts the forest root domain of your AD DS environment, under Connection, click Connect, and then click Bind.
  • Click View, and then click Tree. In BaseDN, select the configuration directory partition, and then click OK.
  • In the console tree, double-click the distinguished name of the configuration directory partition, and then navigate to the CN=Partitions container.
  • Right-click the CN=Partitions container’s distinguished name, and then click Modify.
  • In the Modify dialog box, in Edit Entry Attribute, type msDS-Behavior-Version.
  • In the Modify dialog box, in Values, type 4, which is the value of the Windows Server 2008 R2 forest functional level.
  • In the Modify dialog box, under Operation, click Replace, click Enter, and then click Run.

Note: After you have raised the forest functional level, you cannot roll back or lower the forest functional level, with one exception: when you raise the forest functional level to Windows Server 2008 R2 and if Active Directory Recycle Bin is not enabled, you have the option of rolling the forest functional level back to Windows Server 2008.

You can lower the forest functional level only from Windows Server 2008 R2 to Windows Server 2008. If the forest functional level is set to Windows Server 2008 R2, it cannot be rolled back, to Windows Server 2003.

Enable the Active Directory Recycle Bin

After the forest functional level of your environment is set to Windows Server 2008 R2, you can enable Active Directory Recycle Bin by using the following methods listed below.

You should note that the process of enabling Active Directory Recycle Bin is irreversible. After you enable Active Directory Recycle Bin in your environment, it cannot be disabled.

Active Directory module for Windows PowerShell (Set-ADForestMode)

  • Click Start, Administrative Tools, right-click Active Directory Module for Windows PowerShell, and then click Run as administrator
Enable-ADOptionalFeature –Identity ‘CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration, DC=domainName,DC=ext’ –Scope ForestOrConfigurationSet –Target ‘domainName.ext’

Ldp.exe

  • To open Ldp.exe, click Start, click Run, and then type ldp.exe.
  • To connect and bind to the server that hosts the forest root domain of your AD DS environment, under Connection, click Connect, and then click Bind.
  • Click View, click Tree, in BaseDN, select the configuration directory partition, and then click OK.
  • In the console tree, double-click the distinguished name of the configuration directory partition, and then navigate to the CN=Partitions container.
  • Right-click the CN=Partitions container’s distinguished name, and then click Modify.
  • In the Modify dialog box, make sure that the DN box is empty.
  • In the Modify dialog box, in Edit Entry Attribute, type enableOptionalFeature.
  • In the Modify dialog box, in Values, type CN=Partitions,CN=Configuration,DC=domainName,DC=ext:766ddcd8-acd0 445e-f3b9-a7f9b6744f2a. Replace domainName and ext with the appropriate forest root domain name of your AD DS environment.
  • In the Modify dialog box, under Operation, click Add, click Enter, and then click Run.
  • To verify that Active Directory Recycle Bin is enabled, navigate to the CN=Partitions container. In the details pane, locate the msDS-EnabledFeature attribute, and confirm that its value is set to CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration, DC=domainName,DC=ext.

Note: 766ddcd8-acd0-445e-f3b9-a7f9b6744f2a is the Active Directory Recycle Bin globally unique identifier (GUID).

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top