Windows Server 2008 R2 introduced a new “Recycle Bin” feature to Active Directory. While it provides a long-desired native object recovery capability for AD, it falls a bit short of some of the early hype. There’s no actual “Recycle Bin” icon anywhere, for example, and recovering object hierarchies—such as a deleted OU and all of its children —is largely a manual task, requiring complicated PowerShell commands to be executed in a specific order. In my video, I show you how to use the Active Directory Recycle Bin.
Still, the new feature is light-years better than the old way of taking a domain controller offline, performing an authoritative restore from a backup (you did make a backup, right?) and then allowing the recovered object to replicate.
But the Recycle Bin does have a few caveats, and many businesses will find that its features and usage patterns don’t meet their needs very well. When the Recycle Bin isn’t enough, what is? What features and capabilities would a third-party recovery solution need to offer in order to be compelling?
Third-party solutions have been around since Windows 2000, and many of them provide rich feature sets, easier operation, and in many cases additional functionality. But with the introduction of the new Recycle Bin feature, many third-party solutions have to struggle to gain administrators’ attention, since there’s a feeling that the built-in feature is more than enough. That’s often because many admins aren’t aware of the scope of the built-in feature, and might not be aware of what else is out there. In this article, I’ll attempt to lay out all the details of the built-in Active Directory Recycle Bin, and provide a glimpse of what the third-party market can offer than goes above and beyond what’s native.
Have you used the Recycle Bin or found yourself wishing you had something to recover AD objects?