Active Directory Recycle Bin can be activated only where all domain controllers that run on Windows Server 2008 R2 or higher. Note: Enabling Active Directory Recycle Bin is irreversible.
Execute the following command to enable Active Directory Recycle Bin for your Forest (replace -Target domain):
Enable-ADOptionalFeature –Identity 'CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=acme,DC=com' –Scope ForestOrConfigurationSet –Target 'acme.com'
If you are using Windows Server 2016, Windows Server 2012 R2, or Windows Server 2012, you can use the Active Directory Administrative Center to enable the Recycle Bin.
In case of some problems with enabling the Recyle Bin: Probably the roles ‘schema operations master’ and ‘domain naming operations master’ are not on the same domain controller server in the forest.
To give Recycle Bin Read permissions for a specific user account make sure you have the permissions to set delegations on the specifiec OU. As a Domain Administrator you might take ownership first of the Recycle Bin
dsacls "CN=Deleted Objects,DC=acme,DC=com" /takeownership
Then grant Read Permissions (GR = Generic Read) to the specific user account
dsacls "CN=Deleted Objects,DC=acme,DC=com" /g ACME\adsyncuser:GR