With Windows Server 2008 R2, Active Directory has now a recycle bin. With this feature you do not have to use for example Windows Server Backup to initiate an authoritative AD restore, instead you can quickly recover deleted Users, OUs, Groups and other objects through Active Directory Administrative Center (Windows Server 2012 an upwards) or PowerShell

Enabling AD Recycle Bin (PowerShell commands

Enable-ADOptionalFeature 'Recycle Bin Feature' -Scope ForestOrConfigurationSet -Target ajni.lab

Type A (=Yes to All) to enable the feature

(Optional) Check Deleted Object’s Lifetime

Get-ADObject "CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=ajni,DC=lab" -Property msDS-DeletedObjectLifetime | fl

If you do not see the Property named "msDS-DeletedObjectLifetime", it means that it has the default value of 60 days.

You can change is with this command – do not forget to replace DC=ajni, DC=lab with your domain name:

Set-ADObject -Identity "CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration, DC=ajni,DC=lab" -Partition "CN=Configuration, DC=ajni,DC=lab" -Replace:@{"msDS-DeletedObjectLifetime" = 120}

Checking the property again, you‘ll see your new value:

You can also have a look at this property with ADSIedit:

Restoring an Object

In our example we deleted an OU called “ImportantOU”

Let’s list all Deleted Objects:

Get-ADObject -filter 'isdeleted -eq $true -and name -ne "Deleted Objects"' -includeDeletedObjects

And then restore our important OU. Before Restoring we can check if the Filter finds our OU:

Get-ADObject -Filter 'msDS-LastKnownRDN -eq "ImportantOU"' -IncludeDeletedObjects

Now restore:

Get-ADObject -Filter 'msDS-LastKnownRDN -eq "ImportantOU"' -IncludeDeletedObjects | Restore-ADObject

Our important OU is back from the dead:

We can also restore from Active Directory Administrative Center (ADAC)

Note that while AD Recycle Bin gives you the flexibility of quickly restoring deleted AD Objects, you should also have a functional Windows Server Backup and VM Backup with solutions like HPE Data Protector or VEEAM. Just in case something goes horribly wrong!

Hi Folks!

Here is a quick command to find locked out users in your domain. Pretty straightforward:

If that's too much Information you can only select the username:

The command is not getting recognized? Be sure to install the RSAT (Remote Server Administration Tools) for AD DS (Active Directory Domain Services), which also install the Powershell Snap-In via Server Manager (if you are using a Windows Server OS to manage your AD):

Alternatively you can download the RSAT for Windows 10.

If you have performance problems with your computer, specifically while playing a video game, your computer might have installed a faulty patch. After installing KB4482887, as stated on the Microsoft page, "users may notice graphics and mouse performance degradation with desktop gaming when playing certain games, such as Destiny 2." Check Microsoft's site for full details: https://support.microsoft.com/en-us/help/4482887/windows-10-update-kb4482887

How to uninstall this update

You can easily uninstall this update from control panel - just search for it - or you can hit Run > control.exe. Under Programs & Features hit View Installed Updates. You can also use the Modern System Settings App to achieve the same goal.

Locate the correct update and uninstall it. Your PC will reboot.

That's it!
Another way of preventing such things is not to download/install updates on day one. By installing them you are essentially beta testing for Microsoft. ?