Many companies and people in the past have encountered where they lost users, groups or other resources from Active Directory either by disaster or human error. Since Windows Server 2008 R2, you can use the Active Directory Recycle Bin to easily recover from this.

The AD Recycle Bin features requires a forest functional level of Server 2008 R2 or higher and is disabled by default. Also, once it has been enabled it cannot be disabled.

With Windows Server 2008 R2 you could only enable the AD Recycle Bin using Windows PowerShell and you could also only restore objects using CLI. With Windows Server 2012 you can both enable and restore very easily from the GUI using Active Directory Administrative Center (ADAC).

The script can be found here.

The script basically performs the following steps:

1. Determine the current forest.
2. Use parts of the current forest name to dynamically generate a command that is appropriate for every environment to enable the Active Directory Recycle Bin Feature.
3. If the Active Directory Recycle Bin Feature hasn’t been enabled yet, enable it.

Even though it has become very easy to do using the GUI in Windows Server 2012, automating is Always better. Therefore I also added it to the script I used in: Home LAB Setup guide – 04 Configuring Server 2012 VM as DC with DNS and DHCP using PowerShell