How do I get the current status of the Active Directory Recycle Bin?

A quick refresher on the Active Directory Recycle Bin:

Requires a Forest Functional Level of Windows Server 2008 R2 (or above)
Needs to be enabled (use the enable-adoptionalfeature cmdlet in PowerShell, or use the GUI in the Active Directory Administrative Center)

What it gives you (in summary), is extended time with which to recover objects that have been deleted from the “visible” Active Directory. So with the Recycle Bin enabled, the default lifespan of a deleted item is 180 days (Deleted Object Lifetime); after which, the object is tombstoned and not recoverable by the Recycle Bin feature. After an additional 180 days (Tombstone Lifetime), the object is physically deleted from the database.

Graphically, it looks like this:

And here’s a quick bit of code that will tell you the current state of your Forest Functional Level, if the Recycle Bin is enabled, and if so, which DCs it has been successfully applied to (it should be all of them – if it’s not, you have a problem).

# Get the Recycle Bin feature details
$recyclebin = get-adoptionalfeature "recycle bin feature";

# Get the current Forest Functional Level
$forestmode = (get-adforest).forestmode;

# If the Recycle Bin is not enabled
if (($recyclebin.enabledscopes).count -eq 0) {
	
    write-host "Recycle Bin is not enabled" -foregroundcolor "red";

# If it is enabled
} else {
	
    write-host "Recycle Bin is enabled for these Domain Controllers:" -foregroundcolor "green";

    # Loop through each DC it is enabled on
    foreach ($scope in $recyclebin.enabledscopes) {

        # Print the name of the DC to the screen
        write-host ($scope -split ",")[1].substring(3);
    }
}

# Display the required and current Forest Functional Levels
write-host "Required Forest Functional Level:" $recyclebin.requiredforestmode "`nCurrent Forest Functional Level:" $forestmode;

# Get the Recycle Bin feature details

$recyclebin = get-adoptionalfeature "recycle bin feature";

# Get the current Forest Functional Level

$forestmode = (get-adforest).forestmode;

# If the Recycle Bin is not enabled

if (($recyclebin.enabledscopes).count -eq 0) {

write-host "Recycle Bin is not enabled" -foregroundcolor "red";

# If it is enabled

} else {

write-host "Recycle Bin is enabled for these Domain Controllers:" -foregroundcolor "green";

# Loop through each DC it is enabled on

foreach ($scope in $recyclebin.enabledscopes) {

# Print the name of the DC to the screen

write-host ($scope -split ",")[1].substring(3);

}

# Display the required and current Forest Functional Levels

write-host "Required Forest Functional Level:" $recyclebin.requiredforestmode "`nCurrent Forest Functional Level:" $forestmode;

HKEY_LOCAL_MACHINE

Every problem is an opportunity.

How do I get the current status of the Active Directory Recycle Bin?

Leave a Reply Cancel reply