What server upgrade would be complete without some Active Directory enhancements? This release is no exception.
One of the best enhancements (in my opionion) is that Active Directory now has a recycle bin. It’s something that needs to be enabled and has its own requirements before you can do so. To enable this recycle bin you’ll need to have all your domain controllers running Windows 2008 R2, and your domain needs to be in Windows 2008 R2 functional mode. At this point you can enable the recycle bin (there is a document available on TechNet which shows the process) which will now save you from yourself.
What this recycle bin does is allows you to completely recovery any AD object that you deleted without having to do an authoritative restore on all or part of your AD database. In the event that an object (account, OU, etc) is deleted you can restore it with a simple powershell applet. There’s no UI for the recycle bin, however Kirk Munro (Blog | Twitter) has released the Active Directory Recycle Bin PowerPack. A video about the PowerPack is available on YouTube.
Personally I hope to never need this feature, but I can’t wait to upgrade all my domain controllers to Windows 2008 R2 so that I can enable it.
Now by default the recycle bin holds the objects for 180 days (you can adjust this). After this 180 days the objects will be moved into the tomb-stoned state where you can still get them back, but its a different process. However if you need to restore something after 180 days and don’t notice it you are probably doing something wrong.