locked
Active Directory Recycle Bin Empty the Recycle Bin RRS feed

  • Question

  • Hi All,

    I'm running the following script to empty out the active directory recycle bin:

    CLS
    Get-ADObject -Filter 'isDeleted -eq $true -and Name -like "*DEL:*"' -IncludeDeletedObjects | Remove-ADObject -Confirm:$false

    However I keep getting an access denied on Remove-ADObject. I'm a Enterprise Admin.

    Any thoughts on this?

    Wednesday, October 19, 2016 6:08 AM

Answers

  • Ok then,

    Whats the point of saying you can empty the recycle bin, when you can't? It defeats the purpose of the recycle bin.

    Consider the following before you gripe: If you recycle glass it never goes away.  Recycle means "keep and use forever".  You should be more environmentally conscious.

    The recycle bin is owned by AD.  Once it is enabled it cannot be removed.  Objects are retained for a very long time to protect integrity and for historical reasons.

    Many untrained techs love to write scripts to constantly empty the NTFS recycle bin. This is completely unnecessary even though it is possible.  It is a habit acquired from old Windows on old hardware when we always wanted to keep from running out of space.  Modern systems require that we carefully engineer everything to reduce maintenance and improve reliability. 

    Be sure your AD is engineered correctly and the ADRB will never be an issue.


    \_(ツ)_/

    • Proposed as answer by Hello_2018 Wednesday, November 9, 2016 3:13 AM
    • Marked as answer by Hello_2018 Wednesday, November 9, 2016 3:13 AM
    Thursday, October 20, 2016 11:50 PM

All replies

  • Hi,

    This is probably your access permission issue, please check your account to have enough privilege.


    This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing! http://sesaitech.blogspot.in/

    Wednesday, October 19, 2016 6:11 AM
  • Thanks for you reply. I'm an Enterprise Admin. What other permissions could be missing? Can you please clarify this?
    Wednesday, October 19, 2016 10:54 PM
  • Hi,

    Did you elevate by launching the console with 'Run as Administrator'?


    • Proposed as answer by Hello_2018 Thursday, October 20, 2016 7:06 AM
    Thursday, October 20, 2016 4:04 AM
  • Hi,

    Yes I have done that. Still doesn't work.

    Thursday, October 20, 2016 7:52 AM
  • HI

    Any thoughts on what can be the issue?

    Thursday, October 20, 2016 11:22 PM
  • HI

    Any thoughts on what can be the issue?

    I can recommend  a few things:

    Start by reading the documentation on what the AD recycle bin is and how it works.  Not the use of "tombstoning".

    Consider all of the commands for managing the recycle bin and ask yourself why there is no commands for deleting items or emptying the recycle bin.

    Post any questions about how to use the recycle bin in the Directory Services forum.

    Review this blog by the directory services team.

    https://blogs.technet.microsoft.com/askds/2009/08/27/the-ad-recycle-bin-understanding-implementing-best-practices-and-troubleshooting/

    In simple terms...items in the recycle bin tagged as ,objct.IsDeleted - $true cannot  be deleted again.  They are already deleted.  They will be removed at the end of the tombstone lifetime.


    \_(ツ)_/

    Thursday, October 20, 2016 11:30 PM
  • Ok then,

    Whats the point of saying you can empty the recycle bin, when you can't? It defeats the purpose of the recycle bin.

    Thursday, October 20, 2016 11:39 PM
  • Ok then,

    Whats the point of saying you can empty the recycle bin, when you can't? It defeats the purpose of the recycle bin.

    Consider the following before you gripe: If you recycle glass it never goes away.  Recycle means "keep and use forever".  You should be more environmentally conscious.

    The recycle bin is owned by AD.  Once it is enabled it cannot be removed.  Objects are retained for a very long time to protect integrity and for historical reasons.

    Many untrained techs love to write scripts to constantly empty the NTFS recycle bin. This is completely unnecessary even though it is possible.  It is a habit acquired from old Windows on old hardware when we always wanted to keep from running out of space.  Modern systems require that we carefully engineer everything to reduce maintenance and improve reliability. 

    Be sure your AD is engineered correctly and the ADRB will never be an issue.


    \_(ツ)_/

    • Proposed as answer by Hello_2018 Wednesday, November 9, 2016 3:13 AM
    • Marked as answer by Hello_2018 Wednesday, November 9, 2016 3:13 AM
    Thursday, October 20, 2016 11:50 PM
  • I had to use brackets:

    Get-ADObject -Filter {isDeleted -eq $true -and Name -like "*DEL:*"} -IncludeDeletedObjects | Remove-ADObject -Confirm:$false

    Monday, April 8, 2019 3:57 PM