Welcome to my Microsoft Tips & Tricks section. In this session I will describe how I did a Clean-Up of my MS Active Directory Recycle Bin.
Not long ago, I was in the process of setting up a Read-Only Domain Controller for a customer, which in itself is no big job, but during setup I got the following error:
The reason for this error was that the customer had tried uninstalling AD from the server, but didn’t cleanup properly afterwards. Therefore the old server-object was left in Active Directory Recycle Bin. Read more about that functionality here: The AD Recycle Bin: Understanding, Implementing, Best Practices, and Troubleshooting
To fix this issue and finish RODC-setup, I did as follows:
- Logged into a domain controller
- Start > All Programs > Administrative Tools > Active Directory Module for Windows PowerShell > Right-click “Run As Administrator”
- Ran the following cmd from PowerShell to see what objects reside in Recycle Bin
- “Get-ADObject -ldapFilter:”(msDS-LastKnownRDN=*)” -IncludeDeletedObjects”
- Ran the following cmd from Powershell to empty the Recycle Bin
- “Get-ADObject -Filter ‘isDeleted -eq $true -and Name -like “*DEL:*”‘ -IncludeDeletedObjects | Remove-ADObject -Confirm:$false”
After remediating the error by running this cmd, I ran through RODC-setup without any more hick-ups. It worked nicely in Microsoft Windows Server 2016.
Big thanks to:
Brian Dwyer’s post “How to Empty the Active Directory Recycling Bin”
John Policelli’s article: “Introducing the Active Directory Recycle Bin in Windows Server 2008 R2”
Disclaimer: Every tips/tricks/posting I have published here, is tried and tested in different it-solutions. It is not guaranteed to work everywhere, but is meant as a tip for other users out there. Remember, Google is your friend and don’t be afraid to steal with pride! Feel free to comment below as needed.