Firstly, all domain controllers within the Active Directory forest must be running Windows Server 2008 R2. Secondly, the functional level of the Active Directory forest must be Windows Server 2008 R2. Detailed training about Active Directory. Objects, Components, Logical structure, administration, backup.
-->
This guide provides step-by-step instructions and background information for enabling and using the Active Directory® Recycle Bin feature in the Windows Server® 2008 R2 operating system.
Active Directory Recycle Bin helps minimize directory service downtime by enhancing your ability to preserve and restore accidentally deleted Active Directory objects without restoring Active Directory data from backups, restarting Active Directory Domain Services (AD DS), or rebooting domain controllers.
When you enable Active Directory Recycle Bin, all link-valued and non-link-valued attributes of the deleted Active Directory objects are preserved and the objects are restored in their entirety to the same consistent logical state that they were in immediately before deletion. For example, restored user accounts automatically regain all group memberships and corresponding access rights that they had immediately before deletion, within and across domains.
Active Directory Recycle Bin is functional for both AD DS and Active Directory Lightweight Directory Services (AD LDS) environments.
Important
By default, Active Directory Recycle Bin in Windows Server 2008 R2 is disabled. To enable it, you must first raise the forest functional level of your AD DS or AD LDS environment to Windows Server 2008 R2, which in turn requires all forest domain controllers or all servers that host instances of AD LDS configuration sets to be running Windows Server 2008 R2. After you set the forest functional level of your environment to Windows Server 2008 R2, you can use the instructions in this guide to enable Active Directory Recycle Bin.
In this release of Windows Server 2008 R2, the process of enabling Active Directory Recycle Bin is irreversible. After you enable Active Directory Recycle Bin in your environment, you cannot disable it. For more information, see Appendix A: Additional Active Directory Recycle Bin Tasks.
In this guide
Download the step-by-step guide from http://technet.microsoft.com/en-us/library/dd392261.aspx
We’ve all heard of the many benefits of Active Directory (AD) for IT admins– it makes your job simpler because there’s a central vault of user information, and it’s scalable, supporting millions of objects in a single domain. However, it can be a pain in the ACLs to implement and maintain—a cluttered, misconfigured AD can cause even the most veteran sysadmins anxiety.
Don’t go into panic mode, instead review our list of Active Directory tutorials, which explains this essential Windows service in 10 different ways:
Active Directory is what makes businesses work if you’re a corporation with tens (or even hundreds) of thousands of users. Here are some great videos to help you understand:
A high-level overview on AD (it’s an informational video, not tutorial)
Also, listen to Eli the Computer Guy on Active Directory for Windows Server 2012. He knows what he’s talking about.
Explained by System and Network Admins, this Q&A from Server Fault does a thorough job explaining AD.
If you’re a visual learner, I think you’d like to see these slides covering all the components of AD and how they work together.
Even if you’re not studying for your certification, it’s fun to test yourself with these flashcards.
Straight from the source, what is Azure Active Directory?
Now that you know what Azure AD is, you’ll really like Sean Deuby’s compare/contrast of Windows Azure Active Directory and Windows Server Active Directory.
At Varonis, checklists have been a beneficial tool, streamlining our process and benefiting many departments as well as cross functional teams. While every organization operates differently, here’s a possible checklist for you to consider when planning, installing and configuring AD. And info on documenting Active Directory environments
A checklist, along with a gentle push in the right direction, such as this detailed AD planning and design guide just might be the right level of guidance you’ll need. And straight from the source: Best Practices for Active Directory Design to Manage Windows Networks
Top Active Directory Complaint: Lockouts!
Once you’re all set up, a common AD complaint is troubleshooting an account lockout issue. The Directory Services team does a great job explaining AD’s UI behavior for account lockouts. It also discusses the differences between Server 2003, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012
Also, don’t miss Andy’s excellent Secrets of Active Directory Lockouts: How to Find Apps with Stale Credentials
Download Account Lockout Tool from Microsoft (Supported Operating Systems: Windows 2000, Windows NT, Windows Server 2003)
While a mailing list isn’t a tutorial, sometimes you just need human help. Created in January 2001 with the aim of discussing Active Directory, it has over 1,000 subscribers and 5,000 site members.