Using the AD Recycle Bin
To enable the AD Recycle Bin your Forest Function Level needs to be set to at least Windows Server 2008 R2. You can check this with:Get-ADForrest
Check to see if the AD Recycle Bin is already enabled in your environment. Note the EnableScopes property. This will show a Distinguished Name if the AD Recycle Bin has been enabled, if it has not been enabled you will see a pair of brackets or nothing at all.
Get-ADOptionalFeature -Filter *
To enable the AD Recycle Bin run the below command. Note, once you enable this feature you can't disable it.
Enable-ADOptionalFeature -Identity 'Recycle Bin Feature' -scope ForestorConfigurationSet -target 'example.com'
Now you can practice deleting an object and recovering it.
Create the object:
New-ADUser -Name nickdeleteme
Note the user's GUID:
Get-ADUser -Identity nickdeleteme
Delete the user:
Remove-ADUser -Identity nickdeleteme
Restore the user object:
Restore-ADObject -Identity aa8c430f-2047-46e6-a79d-a3f5a20f12b1
You can view the current contents of the AD Recycle Bin using the below command:
Get-ADObject -SearchBase "CN=Deleted Objects,DC=example,DC=com" -ldapFilter "(objectClass=*)" -includeDeletedObjects | Sort-Object -Property name
You can filter these results with Where-Object. Let's say you want to find the GUID for the user with a SAMAccountName of zaxx:
Get-ADObject -SearchBase "CN=Deleted Objects,DC=example,DC=com" -ldapFilter "(objectClass=*)" -includeDeletedObjects | Sort-Object -Property name| Where-Object {$_.name -like "*zaxx*"}