Fix insufficient access rights to perform this operation when trying to enable Active Directory Recycle Bin

Posted on Christian By Christian No Comments on Fix insufficient access rights to perform this operation when trying to enable Active Directory Recycle Bin
Active Directory Recycle Bin access rights

In this article, we shall discuss how to fix insufficient access rights to perform this operation when trying to enable Active Directory Recycle Bin. The method involves enabling the AD Recycle Bin to be able to restore deleted user objects with the ADAC. You may also want to visit the following interesting articles. What are the merits and demerits of Local System Account and Service Logon Account. See how to delete and restore objects using Active Directory Administrative Center.

Active Directory Recycle Bin can be activated only where all domain controllers are running Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019. Please see the differences between an Active Directory contact and a user account object.

Note: In Windows Server 2008. You could use the Windows Server Backup feature and ntdsutil authoritative restore command to mark objects as authoritative to ensure that the restored data was replicated throughout the domain.

The drawback to the authoritative restore solution was that it had to be performed in Directory Services Restore Mode (DSRM). During DSRM, the domain controller being restored had to remain offline. Therefore, it was not able to service client requests.

Why was this error prompted?

Furthermore, If the user account lacks assigned Active Directory Recycle Bin access rights. It may lack sufficient access rights for this operation.

However, Active Directory Administration Centre or PowerShell will prompt the following error. Moreover, See the guide below on how to Enable AD recycle Bin and restore deleted users.

Enable Active Directory Recycle Bin permissions
Troubleshoot insufficient access rights

Resolution to Insufficient access rights to perform operation for AD Recycle Bin

To fix this issue. You will have to add the user account as a member to the following security groups in Active Directory. 

Domain Admin - Schema Admin - Enterprise Admin

See the image below for more information.

Active Directory access control issues

In addition, Restart your device for the new policy to apply. Now, with the correct Active Directory Recycle Bin access rights.

You can attempt to enable the AD Recycle Bin, and it will be successful.

I hope you found this blog post on how to fix Insufficient access rights to perform operation for AD Recycle Bin helpful. Please let me know in the comment session if you have any questions about Active Directory Recycle Bin access rights.

5/5 - (1 vote)
Windows Server Tags:, ,

Related Posts

More Related Articles

Setup FSx File System 1 Create and mount FSx File System: Join EC2 instance to AWS Managed AD AWS/Azure/OpenShift
Various Msiexec.exe Command Line Switches Various Msiexec.exe Command Line Switches Windows Server
troubleshooting Active Directory Replication How to troubleshoot Active Directory Replication issues Network | Monitoring
Recovery keys in AD 1 Backup existing and new BitLocker Recovery Keys to Active Directory Windows Server
banner How to Edit Windows Hosts File via PowerToy Editor Utility Web Server
maxresdefault Error 0x8007232B: Can’t activate Windows on this device as we can’t connect to your organization’s activation server Windows

Leave a Reply