Info on the Active Directory Recycle Bin….
Recently, I delivered a brief session to a user group on some new features in Windows 2008 R2. One of those features was the Active Directory Recycle Bin. This feature allows administrators to recover deleted AD objects without having to shut down a server to go into Directory Service Restore Mode. This helps alleviate server downtime to restore objects that may have been deleted accidentally.
We did introduce something called “tombstone reanimation” in Windows 2003 which allowed an administrator to recover objects up to 180 days (default value) after they were deleted. However certain attributes of deleted objects were permanently “mangled” so, while this bridged a gap, it did not provide a completely reliable online method of restoring deleted AD objects.
In Windows 2008 R2 that is at a Forest Mode of Windows 2008 R2, you can now recover those deleted objects inline and do so reliably. We still have the same 180 day default which you can modify if necessary and it does require the use of scripts and/or tools like LDP to do the object recovery.
Here were some of the questions I received when talking about AD Recycle Bin Features -
What is the default size (how much will it hold)?
There isn’t a “size” per-say. AD Objects get a Deleted Object Lifetime (DOL) value assigned to them when deleted. Normally, this is 180 days by default. (If you upgraded from Windows 2003 then it is NOT 180 days). You can delete as many objects as you want and they will stay in the Recycle Bin for whatever the DOL value is. So effectively the “size” of the Recycle Bin is actually dependent upon the free space available on the drive where NTDS.DIT sits.
Can the size of the AD recycle Bin be changed?
Since there is no size, you would actually be modifying either the DOL value on the object itself or modify the Tombstone Lifetime (TSL) for the system. If there is a LOT of change in your environment then you will effectively chew up more disk space holding those objects. You will need to evaluate for your environment whether to adjust this value up or down if you are concerned with disk space.
If the Recycle Bin gets full, does it do FIFO deletion of objects?
Again, no size. I don’t know if anyone knows what error messages you will get if you somehow manage to run out of disk space and delete objects that would be stored in the AD Recycle Bin. I am still asking around for what this might be.
Is there a TTL stamped on the data in the AD Recycle bin or will it stay there and be retrievable indefinitely?
See above.
There is some great information on the AD Recycle Bin posted here --
AD Recycle Bin – Understanding, Implementing, best Practices and Troubleshooting
Cheers!