The Active Directory and Azure AD Recycle Bins exist as tools for protecting you against the accidental deletion of directory objects…but not all of them. If an administrator accidentally deletes an Active Directory user account, for example, it is possible to retrieve the deleted user from the Recycle Bin. Even so, the Recycle Bin has a number of inherent limitations, and there is a possibility that a user object that needs to be restored may not exist within the Recycle Bin. Here are three reasons an AD object may not be recoverable: 

 1. The Recycle Bin is not enabled on-premises

Although the Azure AD Recycle Bin is enabled automatically, the Active Directory Recycle Bin must be manually enabled before it can be used. Until an administrator takes the steps necessary to enable the Active Directory Recycle Bin, there is no native protection against the deletion of AD objects.  

 2. Items within the Azure AD Recycle Bin are subject to a short retention period

Once this retention period expires, the item is purged and no longer available for recovery. The default retention period for deleted Active Directory objects is 180 days. In the case of the Azure AD however, objects are only retained in the Recycle Bin for 30 days. Administrators are able to decrease the retention period, but it cannot be increased beyond the 30-day limit.  

 3. An object may be hard deleted

A hard delete either removes a deleted object from the Recycle Bin, or it bypasses the Recycle Bin altogether. In either case, restoring the object is impossible. 

To learn more download “8 Truths & Tips: Avoiding Outages in Azure Active Directory and Hybrid AD, a paper by Microsoft MVP Brien Posey or register to attend or view our webinar, “Preventing Azure and Hybrid AD Outages: The Unsettling Truth”. 

Looking for a solution to help prevent Azure AD outages? Cayosoft Guardian recovers and protects Azure Active Directory and hybrid AD data. With Guardian monitoring all directory changes, administrators can quickly see, understand and rollback mistakes or malicious changes across their entire hybrid AD environment  

Check out these relevant resources.