Recently I was feeling a little ambitious and decided I wanted to test Windows server 2008 R2 Active Directory Recycle Bin. The Recycle bin concept is a new feature in Windows server 2008 R2. This feature is disabled by default, in order to enable it, your forest functional level must be at Windows Server 2008 R2.
Since my environment is a clean install of Windows Server 2008 R2 and during the promotion of my first domain controller, I selected to set the functional levels to Windows Server 208 R2; I was prepared to enable the Recycle Bin.
Note: If you have upgraded your network environment from earlier versions of Windows Server, you must first prepare you forest and domain to support the AD Recycle bin. Prepare the forest by first running the adprep /forestprep on the schema master (you can locate which DC holds the schema master by running “dsquery server -hasfsmo schema“.
Next, the domain(s) where you want to enable the Recycle Bin also needs to be prepared using adprep /domainprep gpprep on the server that holds the infrastructure master role.
Also of note if your environment includes Active Directory Lightweight Directory Schema, you must also upgrade the AD LDS schema before you enable the Recycle Bin. You can do this with ldifde.exe.
However, as I mentioned earlier my environment is already prepared, thus I will delineate the steps I took as follows:
I used the PowerShell Enable-ADOptionalFeature cmdlet, but you can also use the Ldp.exe command line utility.
The exact PowerShell steps are as follows:
You first need to import the Active Directory module by running the following command at an elevated command prompt.
1) Import-Module activedirectory. This is the same as selecting Start -> Administrative Tools, -> Active Directory PowerShell.
Then run the Enable-ADOptionalFeature
2) Enable-ADOptionalFeature –Identity ‘CN=Recycle Bin Feature, CN=Optional Features, CN=Directory Service, CN=Windows NT, CN=Services, CN=Configuration, DC=hrylab, DC=net’ –Scope ForestOrConfigurationSet –Target ‘hrylab.net’.
In an elevated command prompt, an elevated command prompt is achieved by right clicking the PowerShell icon on the task bar in Windows server 2008 R2 or Windows 7 and selecting run as administrator.
After the second command, PowerShell returned no status. Thus, I had to run the ldp.exe command line utility to verify as to whether the Recycle Bin was enabled.
The Ldp.exe steps I took to verify that the Recycle Bin option was enabled are as follows:
1) At an elevated command prompt, I typed ldp.exe and press enter.
2) From the ldp.exe dialog box that opened, I selected Connection from menu bar and in the connection dialog box, I typed Labserver the domain controller for my environment, which is the only DC installed at this time in the forest root domain. I clicked Connect.
3) Click Bind from the menu bar.
4) Navigate to the configuration partition container in the Tree, then from the View pull-down Menu d double click (note: you have to double click on the cn= partition else you will not see any details in the details pane and there is no “+” icon that usually guides one to expand ) on CN=Partition, CN=configuration, DC=hrylab, DC=net and from the details pane on the right I looked for and found the attribute msDs=Feature: with the value CN=Recycle Bin Feature, CN=Optional Features, CN=Directory Service, CN=WindowsNT, CN=Services, CN=Configuration, DC=hrylab, DC=net.
Next display the Deleted Objects container. The deleted objects container is where Active Director Objects. By default the CN=Deleted Objects container is not displayed. Here I used the ldp.exe administration tool to display this container.
To display the Deleted Object container I took the following steps:
Note: That in order to complete the steps you need to a member of the Domain Admins group.
1) Open ldp.exe from an elevated command prompt.
2) From the Options pull-down menu, I clicked Controls.
3) In the Controls dialog Box, I expanded the Load Predefined pull-down menu -> clicked Returned deleted objects -> clicked Okay.
Finally, I needed to confirm that Deleted Object Container is displayed:
1) From the Connections pull-down menu, I selected Connect, entered my domain controller Labserver, and then select Bind.
2) I selected the View option and from the drop-down menu I selected BaseDN and typed DC=hrylab, DC=net
3) And from the console tree, double-clicked my root distinguished name (DN) and located CN=Deleted Objects, DC=hrylab, DC=net container.
Alternatively, a simpler PowerShell cmdlets is:
Enable-ADOptionalFeature ‘Recycle Bin Feature’ -Scope ForestOrConfigurationSet –Target ‘hrylab.net’ .
The figure below shows the result of executing this cmdlets on my Domain Controller.
Note2: An elevated command prompt in Windows 2008R2 can be reached using one of the following:
1) By typing cmd in the Start Windows search bar and pressing the following combination key strokes Shift+Ctrl+Enter.
2) By pinning the command (cmd) prompt to the task bar ( yes, Windows server 2008 R2 supports the task bar, because it was written using Windows 7 kernel and networking stack) and right clicking it and selecting Run as Administrator from the pop-up menu.
3) By right clicking the CMD icon in the start menu area and selecting Run as Administrator.
Harrison R. Yorke's Blog 