To enable the Recycle Bin for your Active Directory 2008 R2 infrastructure, there are basically two steps that need to be completed.
- Raise the Forest Functional Level
- Enable the Active Directory Recycle Bin
Raise the Forest Functional Level
You can enable Active Directory Recycle Bin only if the forest functional level of your environment is set to Windows Server 2008 R2. Membership in Domain Admins or Enterprise Admins is the minimum required to complete this procedure. You can raise the forest functional level by using the following methods:
- Active Directory Domains and Trusts Admin Console
- Active Directory module for Windows PowerShell (
Set-ADForestMode
)
Click Start, Administrative Tools, right-click Active Directory Module for Windows PowerShell, and then click Run as administrator.
Set-ADForestMode –Identity domainName.ext -ForestMode Windows2008R2Forest
Ldp.exe
- To open
Ldp.exe
, click Start, click Run, and then typeldp.exe
. - To connect and bind to the server that hosts the forest root domain of your AD DS environment, under Connection, click Connect, and then click Bind.
- Click View, and then click Tree. In BaseDN, select the configuration directory partition, and then click OK.
- In the console tree, double-click the distinguished name of the configuration directory partition, and then navigate to the
CN=Partitions
container. - Right-click the
CN=Partitions
container’s distinguished name, and then click Modify. - In the Modify dialog box, in Edit Entry Attribute, type
msDS-Behavior-Version
. - In the Modify dialog box, in Values, type
4
, which is the value of the Windows Server 2008 R2 forest functional level. - In the Modify dialog box, under Operation, click Replace, click Enter, and then click Run.
Note: After you have raised the forest functional level, you cannot roll back or lower the forest functional level, with one exception: when you raise the forest functional level to Windows Server 2008 R2 and if Active Directory Recycle Bin is not enabled, you have the option of rolling the forest functional level back to Windows Server 2008.
You can lower the forest functional level only from Windows Server 2008 R2 to Windows Server 2008. If the forest functional level is set to Windows Server 2008 R2, it cannot be rolled back, to Windows Server 2003.
Enable the Active Directory Recycle Bin
After the forest functional level of your environment is set to Windows Server 2008 R2, you can enable Active Directory Recycle Bin by using the following methods listed below.
You should note that the process of enabling Active Directory Recycle Bin is irreversible. After you enable Active Directory Recycle Bin in your environment, it cannot be disabled.
Active Directory module for Windows PowerShell (Set-ADForestMode)
- Click Start, Administrative Tools, right-click Active Directory Module for Windows PowerShell, and then click Run as administrator
Enable-ADOptionalFeature –Identity ‘CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration, DC=domainName,DC=ext’ –Scope ForestOrConfigurationSet –Target ‘domainName.ext’
Ldp.exe
- To open
Ldp.exe
, click Start, click Run, and then typeldp.exe
. - To connect and bind to the server that hosts the forest root domain of your AD DS environment, under Connection, click Connect, and then click Bind.
- Click View, click Tree, in BaseDN, select the configuration directory partition, and then click OK.
- In the console tree, double-click the distinguished name of the configuration directory partition, and then navigate to the
CN=Partitions
container. - Right-click the
CN=Partitions
container’s distinguished name, and then click Modify. - In the Modify dialog box, make sure that the DN box is empty.
- In the Modify dialog box, in Edit Entry Attribute, type
enableOptionalFeature
. - In the Modify dialog box, in Values, type
CN=Partitions,CN=Configuration,DC=domainName,DC=ext:766ddcd8-acd0 445e-f3b9-a7f9b6744f2a
. Replace domainName and ext with the appropriate forest root domain name of your AD DS environment. - In the Modify dialog box, under Operation, click Add, click Enter, and then click Run.
- To verify that Active Directory Recycle Bin is enabled, navigate to the
CN=Partitions
container. In the details pane, locate themsDS-EnabledFeature
attribute, and confirm that its value is set toCN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration, DC=domainName,DC=ext
.
Note: 766ddcd8-acd0-445e-f3b9-a7f9b6744f2a
is the Active Directory Recycle Bin globally unique identifier (GUID).