Active Directory Domain Servers > How to Enable Active Directory Recycle Bin (Server 2016)

How to Enable Active Directory Recycle Bin (Server 2016)

by

In this tutorial, you will learn how to enable the Active Directory Recycle bin on Windows Server 2016.

I’ll show you how to enable it through the GUI as well as with Powershell.

The AD recycle bin comes in handy when you accidentally delete an AD object and need to restore it.

Active Directory Recycle Bin Benefits

The AD Recycle bin allows you to quickly recover deleted objects without the need to restore an Active Directory backup.

The recycle bin feature preserves all link valued and non link valued attributes. This means that a restored object will retain all its settings when restored.

By default, a deleted object can be restored within 180 days. This time is controlled by the Deleted Object Lifetime (DOL) which can be set on the msDS-deletedObjectLifetime attribute.

In addition, its default value is the same as the Tombstone Lifetime.

Confused?

Just remember the default setting to restore a deleted object is 180 days.

If you want a deeper dive into these settings then check the AD Recycle Bin guide from Microsoft.

Related: Dcdiag: How to Check Domain Controller Health

Steps to Enable the AD Recycle Bin on Windows Server 2016

Note: Once you enable the Active Directory Recycle Bin you can’t turn it off.

Follow these simple 3 steps:

Step 1: Open Server Manager

Step 2: Open the Active Directory Administrative Center

From the Server Manager go to tools and select Active Directory Administrative Center

Step 3: Enable Recycle Bin

Within the Active Directory Administrative Center click on your local domain then click on “Enable Recycle Bin”

Click OK to confirm

Click OK on the next pop up

All done, AD recycle bin is now enabled.

Enable AD Recycle Bin with PowerShell

Follow these steps to enable the recycle bin with PowerShell

Step 1. Logon to your Domain Controller

Step 2: Load the AD Powershell module

Import-module ActiveDirectory

Step 3: Run the following cmdlet to enable the Recycle Bin

Enable-ADOptionalFeature 'Recycle Bin Feature' -Scope ForestOrConfigurationSet -Target <your forest root domain name>

Here is an example using the ad.activedirectorypro.com domain.

Enable-ADOptionalFeature 'Recycle Bin Feature' -Scope ForestOrConfigurationSet -Target ad.activedirectorypro.com

How to Verify AD Recycle Bin is enabled

Use this Powershell command to verify it is enabled

Get-ADOptionalFeature -filter *

Notice the enabled scope, if it was not enabled the scope would be empty.

Recommended Tool: Permissions Analyzer for Active Directory

Get instant visibility into user and group permissions in your Active Directory domain.

With Permissions Analyzer you can quickly view assigned and inherited permissions for any user or group.

Don’t let permission problems slow you down or put your data at risk. Get Permissions Analyzer for Active Directory today and take control of your permission management.

Download Free Tool

14 thoughts on “How to Enable Active Directory Recycle Bin (Server 2016)”

  1. very gooooooooooooood,thank you

    Reply
    • Avatar photo

      You’re welcome, bahamin.

      Reply

  2. Helpful dude.. Thanks a lot

    Reply

  4. Lifesaver 🙂

    Reply

  5. Wow , So easy to understand through this page. Thanks and Keep going.

    Reply
    • Avatar photo

      Thanks Nikki. More tutorials on the way. I’m planning to add more video tutorials for Active Directory tasks. Stay tuned.

      Reply

  6. Thank you! This helps a lot!

    Reply

  7. Thank you!

    Reply

  8. Awesome and useful! Appreciated

    Reply
    • Avatar photo

      No problem

      Reply

  9. Nice Article thanks Alot!

    Reply

  10. Are there any downsides/negatives of enabling the recycle bin. Reason for asking is because it says once enabled it cannot be disabled. Thanks

    Reply
    • Avatar photo

      I’m not aware of any downsides to turning this on.

      Reply

Leave a Comment