cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Does implementing AD Recyle Bin cause issues with trying to recover deleted users prior to implement

OSGDan
Copper Contributor

‎Sep 06 2019 02:22 PM

‎Sep 06 2019 02:22 PM

Does implementing AD Recyle Bin cause issues with trying to recover deleted users prior to implement

Work for a consulting firm that focuses on small business. Many do not have AD Recycle Bin enabled. Team members spend too much time using LDP to recover deleted users. So I have recommended we implement AD Recycle Bin, as I typically do on all projects. My question is based on a observation, a very small sample pool. 

1. Customer deleted a user from AD. Realized in error. Reached out for recovery same day.

2. We determined user did not have AD Recycle Bin enabled. I enabled Recycle Bin (not that I anticipated it would help in this situation, but to have it set for future). 

3. We then went through the process of recovery using LPD (which historically no issue). In this case there were errors all over. Went so far as to reach out to MS. 

4. As a test we created a new user, deleted and was able to recover with AD Recycle Bin no issue. 

 

I am thinking by enabling Recycle Bin, it may have caused an unintended consequence to those objects deleted prior to implementation. Or it may have been one of those coincidences. 

 

I am  curious if anyone knows one way or the other, as we are implementing AD Recycle Bin, and I have noticed for some customers they have deleted objects now, and currently am holding off implementing in that case. Any clarity would be helpful. 

 

ALSO - one tech related question. Appreciate that Forest / Domain Functional Level must be min 2008R2, but I am also seeing that Schema needs to be for 2008R2 min. My question - would not the Schema be min 2008R2 if one is able to raise Domain / Forest to 2008R2? 

 

 

Labels:
716 Views
0 Likes
2 Replies
Reply
2 Replies
best response confirmed by OSGDan (Copper Contributor)
HidMov

‎Sep 07 2019 03:36 PM

‎Sep 07 2019 03:36 PM

Solution

Re: Does implementing AD Recyle Bin cause issues with trying to recover deleted users prior to imple

Hi @OSGDan 

 

I hadn't come across your particular issue previously, but I'm not sure I've had to restore any users from before AD Recycle Bin had been enabled so I've just run your scenario in my lab and replicated the problem; the objects I deleted before the Recyle Bin was recovered could not be restored via LDP.

 

I've done a bit more digging and found the following MS document on this:

 

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd...

 

One of the blue boxes shows that this any deleted objects before the Recycle bin is enabled cannot be restored via LTP because they are not deleted objects anymore, but rather Recycled Objects

 

clipboard_image_0.png

 

It seems that an authoritative restore is the only way to get these objects back. I've always backed up AD before enabling Recycle Bin in a production environment anyway just in case things go south but hadn't realized before that enabling Recycle Bin would banjax anything already deleted.

 

Hope this helps,

 

Mark

 

 

1 Like
Reply
OSGDan

‎Sep 09 2019 12:01 PM

‎Sep 09 2019 12:01 PM

Re: Does implementing AD Recyle Bin cause issues with trying to recover deleted users prior to imple

@HidMov 

Thank you Mark. It did. Appreciate it. 

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by OSGDan (Copper Contributor)
HidMov

‎Sep 07 2019 03:36 PM

‎Sep 07 2019 03:36 PM

Solution

Re: Does implementing AD Recyle Bin cause issues with trying to recover deleted users prior to imple

Hi @OSGDan 

 

I hadn't come across your particular issue previously, but I'm not sure I've had to restore any users from before AD Recycle Bin had been enabled so I've just run your scenario in my lab and replicated the problem; the objects I deleted before the Recyle Bin was recovered could not be restored via LDP.

 

I've done a bit more digging and found the following MS document on this:

 

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd...

 

One of the blue boxes shows that this any deleted objects before the Recycle bin is enabled cannot be restored via LTP because they are not deleted objects anymore, but rather Recycled Objects

 

clipboard_image_0.png

 

It seems that an authoritative restore is the only way to get these objects back. I've always backed up AD before enabling Recycle Bin in a production environment anyway just in case things go south but hadn't realized before that enabling Recycle Bin would banjax anything already deleted.

 

Hope this helps,

 

Mark

 

 

View solution in original post

1 Like
Reply