Active Directory Recycle Bin

Enable Active Directory Recycle Bin

• Enable-ADOptionalFeature –Identity ‘CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=corp,DC=alphabook,DC=cn’ –Scope ForestOrConfigurationSet –Target ‘corp.alphabook.cn’
• Or from Active Directory Administrative Center, click alphabook (local), click Enable Recycle Bin...

Check the deleted user accounts

• Get-ADObject -IncludeDeletedObjects -Filter {IsDeleted -eq $True} -Properties * | Format-table Deleted,DisplayName,SamAccountName,UserPrincipalName

Restore a single deleted user account

• Get-ADObject -Filter {SamAccountName -eq "user01"} -IncludeDeletedObjects | Restore-ADObject

TombstoneLifetime

• Open ADSI Edit
• Connect to Configuration (Select a well known Naming Context:)
• CN=Configuration,DC=corp,DC=alphabook,DC=cn
  • CN=Services
    • CN=Windows NT
      • CN=Directory Service
      • From the Attribute Editor tab in CN=Directory Service Properties, the default value of tmobstoneLifetime is 180 (days)