Forum Discussion

LBXComputers's avatar
LBXComputers
Brass Contributor
May 08, 2026

AD Recycle Bin – “The specified value already exists” but Recycle Bin is non‑functional

I am unable to enable the Active Directory Recycle Bin in an on‑premises Active Directory forest. Environment On‑prem AD DS Forest Functional Level: Windows2016Forest Mixed DC versions (2016 / 2...
Active Directory
management
windows server
kyazaferr's avatar
kyazaferr
MCT
May 08, 2026

What you are describing does look like a partially-created or corrupted Optional Feature state rather than a normal Recycle Bin configuration issue.

A few observations from your description strongly suggest inconsistent AD metadata:

* `EnabledScopes` pointing to an NTDS Settings object is abnormal

* Missing `CN=Optional Features` is highly suspicious

* `Enable-ADOptionalFeature` returning:

> “The specified value already exists”

usually means AD believes the feature object/link already exists somewhere in the Configuration partition

* But operational behavior clearly indicates Recycle Bin was never fully enabled forest-wide

Normally, once Recycle Bin is enabled:

* `CN=Deleted Objects` becomes populated

* Deleted objects are retained as logically deleted objects

* `(isDeleted=TRUE)` queries return results

* `Get-ADOptionalFeature` should show the forest DN under `EnabledScopes`

 

The fact that none of that is occurring suggests the enablement transaction likely failed or replication/state became inconsistent at some point.

 

A few things I would verify before considering metadata repair:

 

1. Confirm Optional Feature object existence directly:

 

id="xqj5r7"

Get-ADObject -SearchBase ((Get-ADRootDSE).ConfigurationNamingContext) `

-LDAPFilter "(objectClass=msDS-OptionalFeature)" `

-Properties *

```

 

2. Specifically inspect the Recycle Bin object:

 

l id="rmh8e2"

Get-ADOptionalFeature "Recycle Bin Feature" | fl *

```

Pay close attention to:

* EnabledScopes

* msDS-RequiredForestBehaviorVersion

* ObjectGUID

3. Verify replication consistency across all DCs:

 id="y7tv4m"

repadmin /replsummary

repadmin /showrepl *

dcdiag /e /c /v

```

4. Check whether any DCs were historically force-demoted or restored from snapshot/backup, especially around the time Recycle Bin may have been enabled.

I have seen similar symptoms after:

* failed forest recovery operations

* lingering metadata

* interrupted schema/configuration replication

* unsupported snapshot restores

* partially replicated optional feature enablement

One important point:

 

`CN=Optional Features` should absolutely exist in the Configuration partition in a healthy forest at this functional level. Its absence alone suggests possible Configuration NC corruption or incomplete schema/configuration replication.

 

At that stage, manually editing Optional Feature metadata via ADSIEdit is risky and generally unsupported unless directed by Microsoft CSS.

 

Because this involves:

 

* Configuration partition integrity

* Forest-wide optional feature metadata

* Potential replication inconsistency

 

this is probably beyond a normal configuration issue and may require Microsoft AD DS escalation/support.

 

Before opening a support case, I would collect:

 id="n8xp6a"

repadmin /showobjmeta

repadmin /showattr

dcdiag /test:CheckSecurityError

```as well as:

* full `dcdiag`

* `repadmin /showrepl`

* AD database event logs

* schema/configuration partition exports

I would avoid attempting manual deletion/recreation of Optional Feature objects unless Microsoft explicitly advises it.