Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All
domain controllers run Windows Server 2012 R2.
The domain contains two domain controllers. The domain controllers are configured as shown in the following
table.
Active Directory Recycle Bin is enabled.
You discover that a support technician accidentally removed 100 users from an Active Directory group named
Group1 an hour ago.
You need to restore the membership of Group1.
What should you do?
A.
Recover the items by using Active Directory Recycle Bin.
B.
Modify the is Recycled attribute of Group1.
C.
Perform tombstone reanimation.
D.
Perform an authoritative restore.
Explanation:
Active Directory Recycle Bin helps minimize directory service downtime by enhancing your ability to preserve
and restore accidentally deleted Active Directory objects without restoring Active Directory data from backups,
restarting Active Directory Domain Services (AD DS), or rebooting domain controllers.
When you enable Active Directory Recycle Bin, all link-valued and non-link-valued attributes of the deleted
Active Directory objects are preserved and the objects are restored in their entirety to the same consistent
logical state that they were in immediately before deletion. For example, restored user accounts automatically
regain all group memberships and corresponding access rights that they had immediately before deletion,
within and across domains.
But he didnt delete group1…I think D is the answer
I think you are right.
who is right?
https://technet.microsoft.com/en-us/library/cc816878(v=ws.10).aspx
Yeah A is wrong D is the right Answer.
Recycle Bin does not save deleted memberships, only deleted objects.
Since the group is not deleted only the users got removed, recycle bin doesn’t show anything.
Tested this on my lab.
You are incorrect Windows 2012 recycle bin restores all of the objects attributes are maintained including group membership page 435 MS70-411 book. Doing a manual restore does not restore attributes.
Niels link is for 2008 and if I am correct we are testing on Windows 2012 R2
sorry but this is correct.
i don’t give anything about links, i tested this in my lab in person.
and i saw it with my own eyes that there isn’t anything in the recycle bin when you remove members from a group 🙂
Please set up a lab and see for yourself.
The point is that only members got deleted and not the group itself.
Agree that the correct answer is D.
What got deleted by the technician were object attribute values not individual user objects.
You are correct. AD recycle bin does not track changes to objects. If the group was deleted, then you would use AD RB. SInce it was only changes to the group object, you have to use an authoritative restore.
I agree also, question is badly worded, unless you read carefully you think he has deleted 100 users (who were in group1) rather than deleting 100 memberships of group1. Which occured makes the answer A or D.
See step 4 of the link
https://technet.microsoft.com/en-us/library/hh831702.aspx
Taste it.
Sorry to be rude here, but you paste a link with confidence and arrogance. If you could actually read properly, you’d see that the link you provided was restoring USER OBJECTS using AD Recycle Bin. We’re not talking about user objects here, we’re talking about group memberships.
Your link proves nothing and shows that you don’t comprehend what you’re reading. Please take your time with these questions as they can easily trick you.
Answer is D: Perform an Authoritative Restore
After re-reading, I feel as though I’m the silly one. I might be wrong. I’m no longer sure of this answer.
Answer is D.
The objects are STILL in the AD. There is no deletion. So there is no Recycle bin objects to restore.
The database linkage has to be restored with and Authoritative Restore.
correct:
“accidentally removed 100 users ***from an Active Directory group**** named
Group1 an hour ago.”
Removed. NOT Deleted. D is the right one there.