The World According to Mitch

The day to day ramblings of an IT Professional (and so much more…)

Active Directory Recycle Bin

A few years ago, Microsoft introduced the Active Directory Recycle Bin to Windows Server.  Wonderful!  It is not enabled out of the box, but it is reasonably simple to enable… except, it is not.

Firstly, you can do it in the GUI… Open the Active Directory Administrative Center, navigate to local (local), and then in the Actions Pane click Enable Recycle Bin…  You will get a warning about how serious this is – that is, it is irreversible.  Thanks, let’s go ahead.  We’re done.

The other way to do it, and obviously my preferred method, is with PowerShell.  Use the following cmdlet:

Enable-ADOptionalFeature –Identity ‘CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=local,DC=domain,DC=name’ –Scope ForestOrConfigurationSet –Target ‘local.domain.name’

Once again, you will get a warning that “Enabling ‘Recycle Bin Feature” is an irreversible action! You will not be able to disable ‘Recycle Bin Feature’ on ‘CN=Partitions,CN=Configuration,DC=local,DC=domain,DC=name’ if you proceed.”

(Yes, the warning is in orange… not my choice)

You press YES, you go ahead, and it’s done…

…or IS IT?

“A referral was returned from the server”

This error can come equally and identically from the GUI as from PowerShell… It simply means, THIS DID NOT WORK.

I have read all sorts of articles and forums on this, people telling people that they had the syntax wrong.  “Change single quotes to double quotes, or remove the quotes, that’s what will work.”  Some of these may be accurate.  In my experience, it is not a syntax error.

There are five (5) Flexible Single Master Operations (FSMO) roles on our domain.  Two of these, namely the Schema Master and the Domain Naming Master have to be on the same domain controller in order for this to work.  Otherwise… no.

I should also take a moment to mention that anytime you are doing anything with the Schema Master role, you have to be a member of the Schema Administrators security group.  I hear from people all the time ‘…but I am a member of the Enterprise Admins group!’ Nothing doing… except that, if you are a member of the EA group, you can add yourself pretty easily to the SA group.

So… transfer the Schema master role and you will be fine.  Good luck!

Oh yeah… here’s how.

  1. Use ntdsutil.exe.  I will not bore you with the details… somewhere under roll – connections – servers – bla bla bla.
  2. Use PowerShell.  Here’s your cmdlet:

Move-ADDirectoryServerOperationMasterRole -Identity “Target-DC” -OperationMasterRole SchemaMaster

Let me know if you run into any further issues, but this should solve it for you!

Advertisement

Mitch Garvis

, , ,

9 responses to “Active Directory Recycle Bin”

  1. A2Z Avatar
    A2Z

    I have never had this problem but if I ever do, I will absolutely NOT remember the solution… but I will remember that you wrote about it and be able to find this again.

    Reply
  2. Jnana Ranjan Dash Avatar
    Jnana Ranjan Dash

    The solution is quite good for having Schema Master & domain naming master on the same DC. But can you please explain why this is required and what are the role of these teo FSMO roles in enabling Recycle Bin feature ?

    Reply
  3. Vanessa Avatar
    Vanessa

    wow, thank you very much for this post! it helped me finally activate the recycle bin! (tried over 1 year…)

    Reply
    1. Mitch Garvis Avatar
      Mitch Garvis

      Vanessa I am so glad I could help!

      Reply
  4. Kel Avatar
    Kel

    Just had this come up today. This solution worked great.

    Reply
  5. kelemvor33 Avatar
    kelemvor33

    Had this come up today. This solution worked great.
    Thanks.

    Reply
  6. Rajneesh Avatar
    Rajneesh

    it did work for me too, have to move the DN role to Schema role holder, but don’t understand why it is a requirement to have both roles to be on the same DC. Even this is not mentioned in MS Technet library.

    Reply
  7. Jeen Pallickaparampil Avatar
    Jeen Pallickaparampil

    Thank you! I have been indexing the Internet and trying all the other suggestions from the other websites with syntax and everything you mentioned. This worked.

    Reply
  8. Ricardo Domingues Avatar
    Ricardo Domingues

    Need to say thank you for this! Saved my life today.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: