Why not enable AD recycle bin?

Not really any good reason, unless you have a really large org or some policy preventing this.

There have been some issues with ntds.dit growing large when using older platforms and using AD integrated DNS zones.

However, if this is not your case:

Go to your domain naming master, find it like this:

netdom.exe query fsmo

or

Import-Module ActiveDirectory
Get-ADForest | Format-List DomainNamingMaster

Open AD Administrative Center by running dsac.exe

Right-click on your domain and “Enable Recycle Bin”

You will see that new container named “Deleted Objects” appears near “Computers” container

This feature is recommended by MS when using AzureAD sync

More articles

SPF, DKIM and DMARC

A little overview of : SFP (Sender Policy Framework) DKIM (Domain Keys Identified Mail) DMARC (Domain-based Message Authentication, Reporting & Conformance)

Read More »