Recycle Bin is very useful feature in Windows Server 2008 r2. With recycle bin you can restore all link-valued and non-link-valued attributes of the deleted Active Directory objects are preserved and the objects are restored in their entirety to the same consistent logical state that they were in immediately before deletion.

From Microsoft:

“For example, restored user accounts automatically regain all group memberships and corresponding access rights that they had immediately before deletion, within and across domains. Active Directory Recycle Bin is functional for both AD DS and Active Directory Lightweight Directory Services (AD LDS) environments”.

Requirements:

You can enable Active Directory Recycle Bin only if the forest functional level of your environment is set to Windows Server 2008 R2.

Membership in Enterprise Admins, or equivalent, is the minimum required to complete these procedures.

Enabling:

To raise the forest functional level to Windows Server 2008 R2 using the Set-ADForestMode cmdlet

1. Start PowerShell as “run as administrator”

2. import-module activedirectory

3. Enable-ADOptionalFeature -Identity ’CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=XXX,DC=com’ -Scope ForestOrConfigurationSet  -Target ’XXX.com’

WARNING: Enabling ’Recycle Bin Feature’ on

’CN=Partitions,CN=Configuration,DC=XXX,DC=com’ is an irreversible action!

You will not be able to disable ’Recycle Bin Feature’ on

’CN=Partitions,CN=Configuration,DC=XXX,DC=com’ if you proceed.

Confirm

Are you sure you want to perform this action?

Performing operation ”Enable” on Target ”Recycle Bin Feature”.

[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help

(default is ”Y”):Y

Verify:

To verify that Active Directory Recycle Bin is enabled, navigate to the CN=Partitions container.

In the details pane, locate the msDS-EnabledFeature attribute, and confirm that its value is set to CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration, DC=mydomain,DC=com,

where mydomain and com represent the appropriate forest root domain name of your AD DS environment.

Enjoy:)