How can I check whether the AD Recycle-Bin is enabled in my R2 forest?

This is one of the stories that happened to me yesterday. I was messing with my virtual machines and wanted to test something on Server 2008R2 and Active Directory when I asked myself, “did I enable the Recycle Bin feature here, already?”

Seriously -Â I mean this shouldn’t happen to you in your own forest as that’s an essential thing to know — but what if you get called in to a customer site and you’re about to determine what’s going on? Okay, so I tackled the task and went on to some testing. Since google’ing and bing’ing around is lame, I thought I’d try my luck with LDP. Apparently, the info on whether the feature is enabled or not must be stored in the Configuration partition. Why? Cause that the place the config for the whole forest is stored. I browsed around and finally found that in an attribute called “msDS-EnabledFeature”, there’s the Recycle Bin feature mentioned:

Â

Cool to see the DN of the Recylce Bin feature in AD. It’s stored under the “Optional Features” container in the Directory Service-container. That makes sense – the Recycle Bin is known as an optional feature. Interesting to see is that msDS-EnabledFeature is a linked attribute (it’s the forward link): http://msdn.microsoft.com/en-us/library/dd303325(PROT.10).aspx

So it’s safe to assume that Optional Features – the Recylce Bin feature and the ones that are to come – will be stored in CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=domain,DC=tld

The “Recylce Bin Feature” container has the backlinks of the objects that reference it. They’re stored in msDS-EnabledFeatureBL.

So — how would I script that, do you ask? Well, you can do that with the ADFind command above – or, if you like PowerShell, in a sweet script. Since there is “Enable-ADOptionalFeature”, what would be an appropriate command to check for a feature? Sure, Get-ADOptionalFeature:

Â

We’ll apply the filter * so we get all optional features out there. The Recycle Bin is the only one currently. You see “EnabledScopes” is populated with the two partitions like before. On an Active Directory on R2 that hasn’t enabled the Recycle Bin, “Enabled Scopes” isn’t populated:

Â

Parallel to that, the “msDS-EnabledFeature” attribute wouldn’t have a value set here, too.

Note that all the above was performed on DCs that are in a Windows Server 2008 R2 forest. You need the Forest Functional Level to be at 2008R2 in order to use the Recycle Bin Feature.

2 Comments so far

  1. Nils Kaczenski on December 15th, 2009

    Florian,

    once again, you came to my rescue. I’m just planning the next release of my AD documentation tool and I found that it should list whether the Recycle Bin is active or not. You showed me how to find that out!

    Thanks, Nils

  2. florian on December 15th, 2009

    Thanks Nils,

    good to read these postings are of use. I’m looking forward to Jose VNext :)