Two Very Important Attributes with Active Directory Recycle Bin

I’ve blogged several times about the AD Recycle Bin (ADRB).  It has been a popular subject here at the Life of Brian and I can see why.  It is a feature all AD admins have been screaming about for years.  I wanted to spend 5 mins of your life going over two attributes that confuse everyone…even me from time to time.

There are over a dozen attributes that deal with ADRB but I want to focus on two of them, isDeleted and isRecycled.  The first time I read through the documentation on these attributes I thought it was pretty straight forward, isDeleted is when an object is deleted and isRecycled is when an attribute is recycled.  Well it is NOT that simple.  Let me explain these attributes a bit further for your understanding.

The isDeleted attribute has been around since Windows 2000 and exists on every AD object.  It describes if an object is deleted (makes sense) but also if it is restorable.  After the ADRB is enabled you have the ability to restore deleted objects (that were deleted after it was enabled).

The isRecycled attribute is new to Windows Server 2008 R2 and only exists on an object after it has been recycled.  By default, a deleted object will become a recycled object after the msDS-deltedObjectLifetime (another new attribute in Server 2008 R2) expires.  Now that object is what I like to call dead dead.  This means that you can’t restore it with all its pretty properties.  Its kind of like the old way of restoring an object just to get its SID back.

I think you can see where the confusion comes into play.  When I hear or read the term isDeleted my gut reaction is to think that it is deleted (dead dead) and when it says isRecycled I think it can be restored fully…well the sad truth is that it is the opposite.

Leave a comment