Forum Discussion

LBXComputers's avatar
LBXComputers
Brass Contributor
May 08, 2026

AD Recycle Bin – “The specified value already exists” but Recycle Bin is non‑functional

I am unable to enable the Active Directory Recycle Bin in an on‑premises Active Directory forest.

Environment
  • On‑prem AD DS
  • Forest Functional Level: Windows2016Forest
  • Mixed DC versions (2016 / 2022)

When attempting to enable the Recycle Bin using the following command:

Enable-ADOptionalFeature -Identity "Recycle Bin Feature" -Scope ForestOrConfigurationSet -Target "domain.local"

the operation fails with the error:

“The specified value already exists”

However, the AD Recycle Bin is clearly not operational.

Observed behaviour
  • Deleted objects are hard‑deleted immediately
  • Nothing ever appears under CN=Deleted Objects
  • LDAP queries using (isDeleted=TRUE) return no results
  • msDS-deletedObjectLifetime and tombstoneLifetime are unset (defaults)
  • CN=Optional Features does not exist in the Configuration naming context

Running:

Get-ADOptionalFeature "Recycle Bin Feature"

shows EnabledScopes referencing an NTDS Settings object, rather than the forest naming context (e.g. DC=domain,DC=local).

This strongly suggests that the Recycle Bin optional feature has never been successfully enabled at forest scope, but the environment is now in a state where the enable command is blocked because AD believes it already exists.

At present:

  • Recycle Bin is non‑functional
  • Deleted objects cannot be recovered
  • Re‑enabling the feature is not possible via PowerShell or ADAC

Has anyone seen this state before, or is aware of a supported method to:

  • correct the optional feature metadata, or
  • complete Recycle Bin enablement properly at forest scope?

Any guidance would be appreciated, especially if this requires Microsoft AD DS intervention rather than a configuration change.

(Microsoft support routing has been problematic, so I’m hoping someone here may have encountered this scenario before.)

Active Directory
management
windows server

1 Reply

  • kyazaferr's avatar
    kyazaferr
    MCT
    May 08, 2026

    What you are describing does look like a partially-created or corrupted Optional Feature state rather than a normal Recycle Bin configuration issue.

    A few observations from your description strongly suggest inconsistent AD metadata:

    * `EnabledScopes` pointing to an NTDS Settings object is abnormal

    * Missing `CN=Optional Features` is highly suspicious

    * `Enable-ADOptionalFeature` returning:

    > “The specified value already exists”

    usually means AD believes the feature object/link already exists somewhere in the Configuration partition

    * But operational behavior clearly indicates Recycle Bin was never fully enabled forest-wide

    Normally, once Recycle Bin is enabled:

    * `CN=Deleted Objects` becomes populated

    * Deleted objects are retained as logically deleted objects

    * `(isDeleted=TRUE)` queries return results

    * `Get-ADOptionalFeature` should show the forest DN under `EnabledScopes`

     

    The fact that none of that is occurring suggests the enablement transaction likely failed or replication/state became inconsistent at some point.

     

    A few things I would verify before considering metadata repair:

     

    1. Confirm Optional Feature object existence directly:

     

    id="xqj5r7"

    Get-ADObject -SearchBase ((Get-ADRootDSE).ConfigurationNamingContext) `

    -LDAPFilter "(objectClass=msDS-OptionalFeature)" `

    -Properties *

    ```

     

    2. Specifically inspect the Recycle Bin object:

     

    l id="rmh8e2"

    Get-ADOptionalFeature "Recycle Bin Feature" | fl *

    ```

    Pay close attention to:

    * EnabledScopes

    * msDS-RequiredForestBehaviorVersion

    * ObjectGUID

    3. Verify replication consistency across all DCs:

     id="y7tv4m"

    repadmin /replsummary

    repadmin /showrepl *

    dcdiag /e /c /v

    ```

    4. Check whether any DCs were historically force-demoted or restored from snapshot/backup, especially around the time Recycle Bin may have been enabled.

    I have seen similar symptoms after:

    * failed forest recovery operations

    * lingering metadata

    * interrupted schema/configuration replication

    * unsupported snapshot restores

    * partially replicated optional feature enablement

    One important point:

     

    `CN=Optional Features` should absolutely exist in the Configuration partition in a healthy forest at this functional level. Its absence alone suggests possible Configuration NC corruption or incomplete schema/configuration replication.

     

    At that stage, manually editing Optional Feature metadata via ADSIEdit is risky and generally unsupported unless directed by Microsoft CSS.

     

    Because this involves:

     

    * Configuration partition integrity

    * Forest-wide optional feature metadata

    * Potential replication inconsistency

     

    this is probably beyond a normal configuration issue and may require Microsoft AD DS escalation/support.

     

    Before opening a support case, I would collect:

     id="n8xp6a"

    repadmin /showobjmeta

    repadmin /showattr

    dcdiag /test:CheckSecurityError

    ```as well as:

    * full `dcdiag`

    * `repadmin /showrepl`

    * AD database event logs

    * schema/configuration partition exports

    I would avoid attempting manual deletion/recreation of Optional Feature objects unless Microsoft explicitly advises it.