Your network contains an Active Directory domain named contoso.com. The domain contains
domain controllers that run Windows Server 2008, Windows Server 2008 R2 Windows Server 2012,
and Windows Server 2012 R2.
A domain controller named DC1 runs Windows Server 2012 R2. DC1 is backed up daily.
During routine maintenance, you delete a group named Group1.
You need to recover Group1 and identify the names of the users who were members of Group1
prior to its deletion. You want to achieve this goal by using the minimum amount of administrative
effort.
What should you do first?
A.
Perform an authoritative restore of Group1.
B.
Mount the most recent Active Directory backup.
C.
Use the Recycle Bin to restore Group1.
D.
Reactivate the tombstone of Group1.
Explanation:
The Active Directory Recycle Bin does not have the ability to track simple changes to objects. If the
object itself is not deleted, no element is moved to the Recycle Bin for possible recovery in the
future. In other words, there is no rollback capacity for changes to object properties, or, in other
words, to the values of these properties.
There is another approach you should be aware of. Tombstone reanimation (which has nothing to
do with zombies) provides the only way to recover deleted objects without taking a DC offline, and
it’s the only way to recover a deleted object’s identity information, such as its objectGUID and
objectSid attributes. It neatly solves the problem of recreating a deleted user or group and having to
fix up all the old access control list (ACL) references, which contain the objectSid of the deleted
object.
Restores domain controllers to a specific point in time, and marks objects in Active Directory as
being authoritative with respect to their replication partners.
Answer is incorrect.
Answer = C
I just tested this out in my lab and the AD recycle bin restores the deleted group, with the members intact.
Thats great that you tested it.. in a lab with Forest Functional level 2008 R2 or Higher… THE QUESTION SAYS THERE IS A DOMAIN CONTROLLER RUNNING SERVER 2008. WHICH MEANS OUR FOREST FUNCTIONAL LEVEL CANNOT BE HIGHER THAN 2008.
AD RECYCLE BIN DOES NOT EXIST IN FOREST FUNCTIONAL LEVEL 2008.
IT CAME TO BE IN 2008 R2.
Jesus christ.
“The domain contains domain controllers that run Windows Server 2008”
Agree, It should be C. Simple use of Recycle Bin in ADAC restores the group along with all members in it.
windows 2008 not activated need R2
Careful another question that does not ask to recover group. Answer for that one is A.
Answer is D
you need functional level of 2008 R2 for recycle bin.
Authoritative restore is a lot of effort and not online.
Tombstone is only one that recovers in this scenario.
I love how you omit each answer but the answer itself and then say the wrong answer.
You forgot to list why “Mounting the most recent AD backup” is wrong.. because it’s not wrong. That is the answer.
Snapshots are created daily. Therefore, you can mount the last snapshot, view it with DSAMAIN and get the list of users that way.
It does not say anything about RESTORING the group, just recovering who was in it.
Answer is “B”