One of the most significant additions to Windows Server 2008 R2’s implementation of AD DS is the Active Directory Recycle Bin. A Windows Server 2008 R2 Active Directory forest and domain now allows for the recovery of deleted OUs, users, groups, or other AD objects. There are a few prerequisites that must be satisfied, however, before the AD Recycle Bin can be enabled:
. The AD DS forest and domain must be in Windows Server 2008 R2 functional level.
. When restoring objects, the OU in which they previously existed must first be restored. If the object resided in a nested OU structure, the top-level OU must first be restored, followed by the next-highest child OU, and so on.
. Membership in the Enterprise Administrators group is required to enable the AD Recycle Bin.
. The process of enabling the AD Recycle Bin is nonreversible.
Enabling the AD Recycle Bin
To enable the Active Directory Recycle Bin, perform the following steps:
1. Click Start, All Programs, Administrative Tools. Right-click on Active Directory Module for Windows PowerShell and then click Run As Administrator.
2. From the PowerShell prompt, type the following command.
Enable-ADOptionalFeature –Identity ‘CN=Recycle Bin Feature,CN=Optional
ForestOrConfigurationSet –Target ‘companyabc.com’
Replace companyabc.com and DC=companyabc,DC=com with the appropriate name of the domain where the AD Recycle Bin will be enabled.
3. When prompted, type Y to confirm and press Enter.
4. To validate that the Recycle Bin is enabled, go to the CN=Partitions container, using an editor such as ADSIEdit. In the details pane, find the msDS-EnabledFeature attribute, and confirm that the value includes the Recycle Bin target domain name that you typed in step 2.
Source of Information : Sams - Windows Server 2008 R2 Unleashed