Your network contains an Active Directory domain named contoso.com. The domain contains a
domain controller named DC1 that runs Windows Server 2012 R2. DC1 is backed up daily.
The domain has the Active Directory Recycle Bin enabled.
During routine maintenance, you delete 500 inactive user accounts and 100 inactive groups. One of
the deleted groups is named Group1. Some of the deleted user accounts are members of some of
the deleted groups.
For documentation purposes, you must provide a list of the members of Group1 before the group
was deleted.
You need to identify the names of the users who were members of Group1 prior to its deletion.
You want to achieve this goal by using the minimum amount of administrative effort.
What should you do first?
A.
Mount the most recent Active Directory backup.
B.
Reactivate the tombstone of Group1.
C.
Perform an authoritative restore of Group1.
D.
Use the Recycle Bin to restore Group1.
Explanation:
The Active Directory Recycle Bin does not have the ability to track simple changes to objects.
If the object itself is not deleted, no element is moved to the Recycle Bin for possible recovery in the
future. In other words, there is no rollback capacity for changes to object properties, or, in other
words, to the values of these properties.
The answer is A. And here is the reason why.
Yes the accounts have been deleted but so are the memberships to the groups now yes you can actually restore the accounts from the recycle bin. But the accounts will not be put back as members of any group. So you would have to assign them manually. But the question stated that least amount of admin effort must be used. So yes you will do a restore from the backup to get all the accounts, groups and their memberships.
Why wouldn’t you just perform the authoritative restore take the information then remove the object again?
similar to question 190. this is the answer.
check for when dc is 2008 or not. if 2008 cannot use AD backup