Your network contains an Active Directory forest named contoso.com. The forest contains a single
domain. All domain controllers run Windows Server 2012 R2.
The domain contains two domain controllers. The domain controllers are configured as shown in the
following table.
Active Directory Recycle Bin is enabled.
You discover that a support technician accidentally removed 100 users from an Active Directory
group named Group1 an hour ago.
You need to restore the membership of Group1.
What should you do?
A.
Recover the items by using Active Directory Recycle Bin.
B.
Modify the Recycled attribute of Group1.
C.
Perform tombstone reanimation.
D.
Perform an authoritative restore.
Explanation:
Active Directory Recycle Bin helps minimize directory service downtime by enhancing your ability to
preserve and restore accidentally deleted Active Directory objects without restoring Active Directory
data from backups, restarting Active Directory Domain Services (AD DS), or rebooting domain
controllers.
When you enable Active Directory Recycle Bin, all link-valued and non-link-valued attributes of the
deleted Active Directory objects are preserved and the objects are restored in their entirety to the
same consistent logical state that they were in immediately before deletion. For example, restored
user accounts automatically regain all group memberships and corresponding access rights that they
had immediately before deletion, within and across domains.
This answer A is wrong, The recycle bin doesn’t store the members of a group that were removed, only if the whole group is removed. Big discussion on a previous version and the result is D. Perform an authoritative Restore. Answer B is just rubbish, C is the same as using the recycle bin.
D seems to be correct. Nothing was really deleted
Answer A is Wrong, nothing was deleted. Using active directory recycle bin is useless to restore group membership. Answer D is correct
I think A is correct. The group itself hasn’t been deleted, only 100 user account. If you restore them from the AD Recycle Bin, their membership to Group1 is restored too.
Its funny wording.
If it said “they removed 100 users that where members of a group”, then it would be clearer the answer is A.
But since it says “You need to restore the membership of Group1” then it not talking about users being delete, its talking about the membership links. So D works good.
A is correct. IMHO
Since the users arn’t deleted, just the membership A cannot be correct. It should be done through an authorative restore, so D.
We are not talking about tracking the membership before and after the deletion.
Broken links doesn’t sound like good bet. We have to restore.
The only way to fully restore the “membership of Group1” is to restore the deleted members.
The Recicle Bin is a quick tool for providing restore, membership of deleted objects included.
Answer: A
The members are not deleted FYI. they are only removed from the group!
There weren’t any OBJECTS deleted which means de AD Recycle bin is NOT going to help you.
If you actually removed GROUP1 – yes then it would’ve been possible. However, it specically states that the MEMBERSHIP needs to be restored implying that nothing was actually ‘deleted’.
Answer D is correct!
Agree. It clearly says ” support technician accidentally removed 100 users from an Active Directory group”. Users arent deleted, the group MEMBERSHIP is. No object is deleted, therefore wont recycle bin help.
It is likely that the now changed group (missing deleted users) has replicated to both DCs.
Thus an authoritative restore from AD snapshot (via mounting the snapshot) would be necessary to flag the recovered Group (inc all correct memberships) as authoritative and replicate back out to DCs, as opposed to receiving replication of an empty Group from other DCs.
D.
answer is D
https://social.technet.microsoft.com/Forums/windowsserver/en-US/8b2d8c60-2288-4dd6-b8f5-17acb88701f3/any-tool-to-restore-the-user-group-membership?forum=winserverDS
A is correct!!!
Tested in my lab,takes a minute try it
Group membership will automatically be restored once you restore the User
whoops ignore the above comment,it would be correct if users got deleted and not removed.
Sorry. There is a similar question here and I just thought it’s been written twice.
Correct answer is D in my opinion
Just Passed 70-411 Exam Yesterday! 9xx/1000!!
Total 42 questions, around 5-8 new questions, 4 of them were on RODC.
I used the premium 70-411 dumps from here: http://www.passleader.com/70-411.html (445q), all new Qs were from it and wrong answers have been corrected, good enough for passing!
Stop advertising, son of bitch.
And, you can download part of that 445q 70-411 dumps here:
https://drive.google.com/open?id=0B-ob6L_QjGLpfnVfbXEwbmlUa1paemdDc19zQ1JWdVpqU1poRlB2TnktaWlBUFhfQXNJZVU
Hope these help! Good Luck!
FYI People. Restoring through Active Directory Recycle Bin in Server 2012 + does allow you to restore memberships of groups/users:
Source: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/adac/introduction-to-active-directory-administrative-center-enhancements–level-100-#bkmk_restore_del_obj
I tested in lab, you can delete accounts + group, then restore it via Recycle bin, I confirm you can retrieve accounts, group, and group membership, then “A” looks good.