Windows Server

Enable Active Directory Recycle Bin: How to delete and restore objects using Active Directory Administrative Center

There are many methods to restore a deleted user account, computer account, and security groups from Active Directory., these objects are known collectively as security principals. See this guide on how to remove Microsoft Exchange Server from Active Directory and also the sign-in method you are trying to use is not allowed.

For some related content on Active Directory, see the following guides. Active Directory Authentication methods: Kerberos and NTLM, Concept of AD Computer Account, how to create a contact in AD, and for a detailed list of articles on Active Directory, visit the following link.

Note: You can also use the following methods to restore a deleted objects and I will be discussing all this tools in a different (single) blog post. 
 - PowerShell commands
 - LDP utility
 - The ADRestore Tool

Step 1: Enable AD Recycle Bin: The method involves enabling the AD Recycle Bin in order to be able to recover a user object via the ADAC. Active Directory Recycle Bin can be activated only where all domain controllers are running Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and on Windows Server 2019.

To enable AD Recycle bin with the ADAC, follow the steps below
– Launch the AD Administrative Center
– Click on enable recycle bin by right-clicking on your domain or under the “Task”,
– Select Enable recycle bin

You will be asked to confirm if you wish to perform the operation.Note: When is Active Directory Recycle Bin, it cannot be reversed (disabled).
– Click on OK to enable the Recycle Bin.

Now, we have successfully enabled the AD Recycle Bin as shown below.

If you are having issues or prompted with permission errors when enabling the recycle bin, please visit this guide “how to fix insufficient access right to perform this operation“.

Alternatively, you can also execute the following command to enable Active Directory Recycle Bin: The following Windows PowerShell cmdlet perform the same function as the preceding procedure. Enter each cmdlet on a single line.

Enable-ADOptionalFeature –Identity ‘CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=www,DC=domain,DC=com’ –Scope ForestOrConfigurationSet –Target ‘www.domain.com’

Enable-ADOptionalFeature -Identity 'CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=techdirectarchive,DC=local' -Scope ForestOrConfigurationSet -Target 'techdirectarchive.local'

Step 2: Delete an AD User Object: Before I proceed, I would love to demonstrate the process of deleting a user account, let me work you through how a user account can be deleted in AD.

Here are the steps to delete a user account in Active Directory.
– Launch the Active Directory User and Computer Object
– Locate the OU and right-click on the user to delete

Click on delete to delete the object as shown below.

As you can see below, the user object has been deleted.

Step 3: Restore the Deleted User Account: Now that we have the AD Recycle Bin enabled, we can now restore this user using Active Directory Administrative Center (ADAC).

The Active Directory Administrative Center (ADAC) in Windows Server includes enhanced management experience features. These features ease the administrative burden for managing Active Directory Domain Services (AD DS).

Now that we are sure that we have deleted this user object, let proceed and have it recovered using the ADAC method.
– Navigate to Start and type dsac.exe or
– Open “Active Directory Administrative Centre” from the Server Manager as shown below

This will open the Active Directory Administrative Center (ADAC) window.
– In the left pane click domain name and
– Select the “Deleted Objects” container in the context menu.
– Click on Restore to restore the object and that is all.

Alternatively, you can click on “Restore to” as shown in the image above and restore it to a different OU.
– Object restored successfully as shown in the image below.

Step 4: Navigate to Active Directory User and Computers: You will have to verify if truly the object has been restored.
– Click on the OU and refresh it.
– You should now see the user in the list as shown below

I hope you found this blog post helpful. If you have any questions, please let me know in the comment session. I welcome you to follow me on Twitter and Facebook.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x