Which naming context should you use?

HOTSPOT

Your network contains an Active Directory forest named contoso.com. The forest contains a
single domain. All domain controllers run Windows Server 2012 R2 and are configured as
DNS servers. All DNS zones are Active Directory-integrated. Active Directory Recycle Bin is
enabled.
You need to modify the amount of time deleted objects are retained in the Active Directory
Recycle Bin.
Which naming context should you use?
To answer, select the appropriate naming context in the answer area.

HOTSPOT

Your network contains an Active Directory forest named contoso.com. The forest contains a
single domain. All domain controllers run Windows Server 2012 R2 and are configured as
DNS servers. All DNS zones are Active Directory-integrated. Active Directory Recycle Bin is
enabled.
You need to modify the amount of time deleted objects are retained in the Active Directory
Recycle Bin.
Which naming context should you use?
To answer, select the appropriate naming context in the answer area.

Answer:

Explanation:

Starting in Windows Server 2008 R2, Active Directory now implements a true recycle bin. No
longer will you need an authoritative restore to recover deleted users, groups, OU’s, or other
objects. Instead, it is now possible to use PowerShell commands to bring back objects with
all their attributes, backlinks, group memberships, and metadata.
The amount of time that an object can be recovered is controlled by the Deleted Object
Lifetime (DOL). This time range can be set on the msDS-deletedObjectLifetime attribute. By
default, it will be the same number of days as the Tombstone Lifetime (TSL). The TSL set for
a new forest since Windows Server 2003 SP1 has been 180 days*, and since by default
DOL = TSL, the default number of days that an object can be restored is therefore 180 days.
If tombstoneLifetime is NOT SET or NULL, the tombstone lifetime is that of the Windows
default: 60 days. This is all configurable by the administrator.
Set-ADObject -Identity “CN=Directory Service,CN=Windows
NT,CN=Services,CN=Configuration,DC=contoso,DC=com” -Partition
“CN=Configuration,DC=contoso,DC=com” -Replace: @(“msDS-DeletedObjectLifetime” =
365)
msDS-deletedObjectLifetime
New to Windows Server 2008 R2
Is set on the “CN=Directory Service,CN=Windows NT, CN=Services, CN=Configuration,
DC=COMPANY,DC=COM” container
Describes how long a deleted object will be restorable
To modify the deleted object lifetime by using Ldp.exe
To open Ldp.exe, click Start, click Run, and then type ldp.exe.
To connect and bind to the server hosting the forest root domain of your Active Directory
environment, under Connections, click Connect, and then click Bind.
In the console tree, right-click the CN=Directory Service,CN=Windows
NT,CN=Services,CN=Configuration container, and then click Modify.
In the Modify dialog box, in Edit Entry Attribute, type msDS-DeletedObjectLifeTime.
In the Modify dialog box, in Values, type the number of days that you want to set for the
tombstone lifetime value. (The minimum is 3 days.)
In the Modify dialog box, under Operation click Replace, click Enter, and then click Run.
http: //technet. microsoft. com/en-us/library/dd392260%28v=ws. 10%29. aspx
http: //blogs. technet. com/b/askds/archive/2009/08/27/the-ad-recycle-bin-understandingimplementing-best-practices-and-troubleshooting. aspx



Leave a Reply 1

Your email address will not be published. Required fields are marked *


JohnyBoy

JohnyBoy

http://blogs.technet.com/b/askds/archive/2009/08/27/the-ad-recycle-bin-understanding-implementing-best-practices-and-troubleshooting.aspx

To control the length of a time that deleted objects will be recoverable, you will need to modify the msDS-deletedObjectLifetime attribute that lives on the Directory Service container. Microsoft really hopes you won’t mess with it but I know you will, so here’s how to do it correctly in PowerShell. Remember that you are setting this value in days:

Set-ADObject -Identity “CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=” -Partition “CN=Configuration,DC=” -Replace:@{“msDS-DeletedObjectLifetime” = }