Enabling AD DS Recycle Bin fails

All replies

• 

  

  0

  Sign in to vote

  You haven’t provided the actual command here so we can’t really validate the syntax error.  Anyway, try the following syntax:

  Enable-ADOptionalFeature -Identity `CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration, DC=MYDOMIAN,DC=COM -Scope ForestOrConfigurationSet -Target `DOMAIN.COM'

  Or provide the complete command here.

  ---

  Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+| Houston, TX
  Blogs - http://blogs.sivarajan.com/
  
  
  
  This posting is provided AS IS with no warranties,and confers no rights.

  Monday, October 10, 2011 5:59 PM
• 

  

  0

  Sign in to vote

  What happens if you use this syntax for enabling AD Recycle Bin?

  Enable-ADOptionalFeature -Identity ‘CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=testenv,DC=local’ -Scope ForestOrConfigurationSet -Target 'testenv.local'

  Can you post command output error (if any)? Thank you in advance

  ---

  Regards, Krzysztof ---- Visit my blog at http://kpytko.wordpress.com

  Monday, October 10, 2011 6:03 PM
• 

  

  0

  Sign in to vote

  Sorry, I kind of had it hidden in the middle of the post.  As posted.
  
  Enable-ADOptionalFeature -Identity 'Recycle Bin Feature' -Scope ForestOrConfigurationSet -Target xyz.priv   where xyz.priv is my actual domain.

   

   

  Also, as not posted, but what I also tried for syntax.

  Enable-ADOptionalFeature -Identity 'CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=XYZ,DC=priv' -Scope ForestOrConfigurationSet -Target xyz.priv   where xyz.priv is my actual domain.

  Additionally,

  Enable-ADOptionalFeature

  cmdlet Enable-ADOptionalFeature at command pipeline position 1

  Supply values fo rhte following parameters:

  Identity: Recycle Bin Feature

  Scope: ForestOrConfigurationSet

  Target: xyz.priv

   

   

  Monday, October 10, 2011 6:06 PM
• 

  

  0

  Sign in to vote

  What error message are you getting form the following command?

  Enable-ADOptionalFeature -Identity 'CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=XYZ,DC=priv' -Scope ForestOrConfigurationSet -Target xyz.priv where xyz.priv is my actual domain.

  ---

  Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+| Houston, TX
  Blogs - http://blogs.sivarajan.com/
  
  
  
  This posting is provided AS IS with no warranties,and confers no rights.

  Monday, October 10, 2011 6:14 PM
• 

  

  0

  Sign in to vote

  OK, so if you are sure that you ran PowerShell AD module in elevated command-line and used Enterprise/Schema Admin account the only one thing I can think of is to try changing ' character with " (quote) in sybtax. Sometimes I had similar problems but in other cmd-lets. Please try to run this syntax

  Enable-ADOptionalFeature -Identity "CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=testenv,DC=local"-Scope ForestOrConfigurationSet -Target "testenv.local"

  if still fails, please provide here link to MS Sky Drive where you could place an output of this command which should be run on a DC

  dcdiag /e /c /v >c:\dcdiag.log

  or workstation with Administrative/RSAT Tools

  dcdiag /s:<DC-NAME> /e /c /v >c:\dcdiag.log

  we will see if there are any errors in your forest/domain environment.

  Thank you in advance

   

  ---

  Regards, Krzysztof ---- Visit my blog at http://kpytko.wordpress.com

  Monday, October 10, 2011 6:14 PM
• 

  

  0

  Sign in to vote

  The different methods of changing syntax result in the following after select Yes to the warning Prompt.

   

  Enable-ADOptionalFeature : A referral was returned from the server at Line:1 char:25

  +

  Enable-AdoptionalFeature <<<<  -Identity 'Recycle Bin Feature' -Scope ForestOrConfigurationSet -Target xyz.priv

  +

  CategoryInfo  : NotSpecified:  (Recycle Bin Feature:ADOptionalFeature) [Enable-ADOptionalFeature], ADException

  +

  FullyQualifiedErrorID : A Referral was returned from the server,Microsoft.ActiveDirectory.Management.Commands.EnableADOptionalFeature

  Monday, October 10, 2011 6:26 PM
• 

  

  0

  Sign in to vote

  Can you post on Sky Drive the output of dcdiag /e /c /v ?

  Please, verify also in ADSI Edit if you have proper rights to modify "Optional Features" under Configuration -> Services -> Windows NT -> Directory Service ?

  Click right mouse button on "Optional Features" choose Properties and go to "Security" tab. Check who can do the chages there?

  ---

  Regards, Krzysztof ---- Visit my blog at http://kpytko.wordpress.com

  Monday, October 10, 2011 6:32 PM
• 

  

  0

  Sign in to vote

  Yes, I had already verified through Sites and Services, and now verified using ADSI edit.  Effective permissions show my user as having Full Control over the object.
  
  The current ACL shows Domain Admins (Special Permissions, All but Full Control) Enterprise Admin (Full Control)

   

  dcdiag is still running as this domain has 30 domain controllers (this is a single domain forest).  So far, all tests have passed -

  Monday, October 10, 2011 6:53 PM
• 

  

  0

  Sign in to vote

  I wouldn't do a /e on 30 DC's

  --
  Paul Bergson
  MVP - Directory Services
  MCITP: Enterprise Administrator
  MCTS, MCT, MCSE, MCSA, Security+, BS CSci
  2008, Vista, 2003, 2000 (Early Achiever), NT4
  http://www.pbbergs.com    Twitter @pbbergs
  http://blogs.dirteam.com/blogs/paulbergson

  Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.

  Monday, October 10, 2011 7:09 PM
• 

  

  0

  Sign in to vote

  Hi,

   

  From the command you provided in your reply, it seems the last single quotes for xyz.priv are missing. In the last part of the command, please change -Target xyz.priv to -Target 'xyz.priv' for a test.

   

  If the problem continues, please check the schema version.

   

  1.    Run the following PowerShell command to check the schema version:

   

  Get-ADObject "cn=schema,cn=configuration,dc=xyz,dc=priv" -properties objectversion

   

  In the result, make sure the objectversion is 47.

   

  2.    Click Start, click Administrative Tools, right-click Active Directory Module for Windows PowerShell, and then click Run as administrator. Run the command to enable AD Recycle Bin again.

   

  Regards,

  Bruce

  Thursday, October 13, 2011 7:40 AM
• 

  

  0

  Sign in to vote

  see:

   

   

  The exact command is:

  Enable-ADOptionalFeature �??Recycle Bin Feature�?? �??Scope ForestOrConfigurationSet �??Target DOMAIN.COM

  <o:p></o:p>

  Cheers,<o:p></o:p>

  
  (HOPEFULLY THIS INFORMATION HELPS YOU!)
  Jorge de Almeida Pinto | MVP Identity & Access - Directory Services
  
  -------------------------------------------------------------------------------------------------------
  * This posting is provided "AS IS" with no warranties and confers no rights!
  * Always evaluate/test yourself before using/implementing this!
  * DISCLAIMER: http://jorgequestforknowledge.wordpress.com/disclaimer/
  -------------------------------------------------------------------------------------------------------
  ################# Jorge's Quest For Knowledge ###############
  ###### BLOG URL: http://JorgeQuestForKnowledge.wordpress.com/ #####
  #### RSS Feed URL: http://jorgequestforknowledge.wordpress.com/feed/ ####
  -------------------------------------------------------------------------------------------------------<o:p></o:p>

  "Kyle SA3" wrote in message news:055cade6-af10-439a-8d4a-72abb8769bbe@communitybridge.codeplex.com...

  Trying to enable the AD DS Recycle bin, and it is failing with an error message (at end of post)

  
  

  Going through the check list for enabling this feature, as well as numerous other posts from technet / Microsoft.

  Forest Functional Level - ((get-adforest)) ForestMode:Windows2008R2Forest .  Verified.

  Credentials: My user is an Enterprise / Schema admin. I added it to Domain Admins specifically when this command failed as a test.

  Running PowerShell as an Administrator (Elevated Privileges) :: or without, and it is the same result.

  To double check the module load, import-module activedirectory has been run.

  Enable-ADOptionalFeature -Identity 'Recycle Bin Feature' -Scope ForestOrConfigurationSet -Target xyz.priv   ((where xyz.priv is my actual domain)) there are no sub-domains.  Also, entering the Distinguished name for the recycle bin feature has the same results.

  WARNING: Enabling 'Recycle Bin Feature' on 'CN=Partitions,CN=Configuration,DC=xyz,DC=priv' is an irreversible action! You will not be able to disable 'Recycle Bin Feature' on 'CN=Partitions,CN=Configuration,DC=xyz,DC=priv' if you proceed.

  Enable-ADOptionalFeature : A referral was returned from the server at Line:1 char:25

  +

  Enable-AdoptionalFeature <<<<  -Identity 'Recycle Bin Feature' -Scope ForestOrConfigurationSet -Target xyz.priv

  +

  CategoryInfo  : NotSpecified:  (Recycle Bin Feature:ADOptionalFeature) [Enable-ADOptionalFeature], ADException

  +

  FullyQualifiedErrorID : A Referral was returned from the server,Microsoft.ActiveDirectory.Management.Commands.EnableADOptionalFeature

   

  Also - If I run just Enable-ADOptionalFeature  it prompts me for -Identity, -Scope, -Target, and when supplied comes back with the same error.

   

  I've tried this short hand, or with the full DN going as far as copying it from the atrribute set from Sites and Services.  I even verified effective security permissions on the Recycle Bin Feature msDS object, and the configuration partition lists the object 'CN=xyz'  crossRef properly when looking at it through ADSI edit.

   

  Do I really have a typo somewhere, or process error?

   

  
  

  ---

  Jorge de Almeida Pinto [MVP-DS] (http://jorgequestforknowledge.wordpress.com/)

  Thursday, October 13, 2011 7:56 PM
• 

  

  0

  Sign in to vote

  I just got the command to work, without using quotes on the -Target  and using the netbios name of the forest. 

  The final command used was

  Enable-ADOptionalFeature -Identity 'Recycle Bin Feature' -Scope ForestOrConfigurationSet -Target DOMAIN

  -Target DOMAIN   not -Target 'Domain'  and not -Target 'Domain.priv'.  No quotes, no root domain of .com, .priv, etc. 

   

  ...

   

  Thank you all for you responses.

   

   

  • Proposed as answer by Meinolf Weber Sunday, October 16, 2011 8:33 AM
  • Marked as answer by Bruce-Liu Monday, October 17, 2011 2:03 AM

  Friday, October 14, 2011 10:12 PM
• 

  

  0

  Sign in to vote

  Thanks for your feedback. If you have more questions in the future, you’re welcomed to this forum.

   

  Have a nice day!

   

  Regards,

  Bruce

  Monday, October 17, 2011 2:03 AM
• 

  

  2

  Sign in to vote

  I had the same error and then tried this on the Domain Naming Master and it was working.

  • Proposed as answer by Mike_SWE Wednesday, January 22, 2014 12:50 PM

  Wednesday, May 23, 2012 10:13 PM
• 

  

  2

  Sign in to vote

  I searched all over for the issue of the "A referral was returned from the server" error.  I tried every variation of the command -- with double-quotes, single-quotes, with just "Recycle Bin Feature" and with the full path, target of netbios name vs full domain name, specifying and not specify server... everything.  None of it worked.  What finally worked for me was putting the Schema and Domain Naming roles both on the same box.
  
  Here was my final command anyway:
  
  Enable-ADOptionalFeature –Identity 'CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=my,DC=domain,DC=name' –Scope ForestOrConfigurationSet –Target 'my.domain.name'

  • Proposed as answer by Davide Schiavoni Monday, July 29, 2019 10:27 AM

  Wednesday, August 30, 2017 7:37 PM
• 

  

  0

  Sign in to vote

  Thank You Matt,

  my Schema and Domain Naming roles were separeted and the Recycle Bin Feature won't enabling. Moving the roles on same server, all works fine!!

  • Proposed as answer by Tonnie P Thursday, July 23, 2020 2:35 PM

  Monday, July 29, 2019 9:54 AM
• 

  

  0

  Sign in to vote

  It worked for me too.

  Domain naming and Schema Master roles must reside on same DC.

  My DC OS version is Windows 2016

  
  

  • Edited by MMORADI Tuesday, August 6, 2019 1:18 PM
  • Proposed as answer by Tonnie P Thursday, July 23, 2020 2:35 PM

  Tuesday, August 6, 2019 1:17 PM