Active Directory's Recycle Bin

I happened across this article last night while flying back from Boston - "Criticisms and kudos for the Active Directory Recycle Bin". As you probably know, Microsoft introduces the concept of a recycle bin for Active Directory in Windows Server 2008 R2. Allow me to give you the executive summary of the article along with a few of my own tidbits:

• All domain controllers have to be running Windows Server 2008 R2
• The Recycle Bin has to be enabled to work. Don't delete something, enable the Recycle Bin and then expect to restore the item. (Why not enable the Recycle Bin by default - just like my Windows7 desktop does?)
• There's no GUI to help in the restore process. You have to use PowerShell or LDP.
  
• The Recycle Bin does not backup Group Policy Objects (GPO). This is a glaring hole.
• The Recycle Bin only supports restoring deletions - not changes that are made to objects.
  

Take a look at our PowerGUI tool to wrap your PowerShell scripts into - I'd rather PowerShell/PowerGUI than LDP any day of the week! It might make it easier and more repeatable to wrap PowerGUI around your recovery scripts.

Don't forget you can always take a look at a 3rd party recover tool like Quest's Recover Manager for Active Directory.

The Active Directory Recycle Bin is a welcome addition to Windows Server overall but like any insurance policy you need to read the fine print and plan accordingly. Last thing you want to be doing is trying to learn PowerShell to restore some executive's user object...

Technorati Tags:
Quest Software, QSFT, Active Directory, Microsoft, MSFT