Which naming context should you use?

HOTSPOT
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All
domain controllers run Windows Server 2012 R2 and are configured as DNS servers. All DNS zones are Active
Directory-integrated. Active Directory Recycle Bin is enabled.
You need to modify the amount of time deleted objects are retained in the Active Directory Recycle Bin.
Which naming context should you use?
To answer, select the appropriate naming context in the answer area.
Hot Area:

HOTSPOT
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All
domain controllers run Windows Server 2012 R2 and are configured as DNS servers. All DNS zones are Active
Directory-integrated. Active Directory Recycle Bin is enabled.
You need to modify the amount of time deleted objects are retained in the Active Directory Recycle Bin.
Which naming context should you use?
To answer, select the appropriate naming context in the answer area.
Hot Area:

Answer:

Explanation:
Starting in Windows Server 2008 R2, Active Directory now implements a true recycle bin. No longer will you
need an authoritative restore to recover deleted users, groups, OU’s, or other objects. Instead, it is now
possible to use PowerShell commands to bring back objects with all their attributes, backlinks, group
memberships, and metadata.
The amount of time that an object can be recovered is controlled by the Deleted Object Lifetime (DOL). This
time range can be set on the msDS-deletedObjectLifetime attribute. By default, it will be the same number of
days as the Tombstone Lifetime (TSL). The TSL set for a new forest since Windows Server 2003 SP1 has
been 180 days*, and since by default DOL = TSL, the default number of days that an object can be restored is
therefore 180 days. If tombstoneLifetime is NOT SET or NULL, the tombstone lifetime is that of the Windows
default: 60 days. This is all configurable by the administrator.
Set-ADObject -Identity “CN=Directory Service,CN=Windows
NT,CN=Services,CN=Configuration,DC=contoso,DC=com” -Partition “CN=Configuration,DC=contoso,DC=com”
-Replace: @(“msDS-DeletedObjectLifetime” = 365)
msDS-deletedObjectLifetime
New to Windows Server 2008 R2
Is set on the “CN=Directory Service,CN=Windows NT, CN=Services,CN=Configuration,
DC=COMPANY,DC=COM” container
Describes how long a deleted object will be restorable
To modify the deleted object lifetime by using Ldp.exe
To open Ldp.exe, click Start, click Run, and then type ldp.exe.
To connect and bind to the server hosting the forest root domain of your Active Directory environment, under
Connections, click Connect, and then click Bind.
In the console tree, right-click the CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration
container, and then click Modify.
In the Modify dialog box, in Edit Entry Attribute, type msDS-DeletedObjectLifeTime.
In the Modify dialog box, in Values, type the number of days that you want to set for the tombstone lifetime
value. (The minimum is 3 days.)
In the Modify dialog box, under Operation click Replace, click Enter, and then click Run.
http://technet.microsoft.com/en-us/library/dd392260%28v=ws.10%29.aspx
http://blogs.technet.com/b/askds/archive/2009/08/27/the-ad-recycle-bin-understanding-implementing-bestpractices-and-troubleshooting.aspx



Leave a Reply 1

Your email address will not be published. Required fields are marked *


fiber

fiber

http://blogs.technet.com/b/askds/archive/2009/08/27/the-ad-recycle-bin-understanding-implementing-best-practices-and-troubleshooting.aspx

To control the length of a time that deleted objects will be recoverable, you will need to modify the msDS-deletedObjectLifetime attribute that lives on the Directory Service container. Microsoft really hopes you won’t mess with it but I know you will, so here’s how to do it correctly in PowerShell. Remember that you are setting this value in days:

Set-ADObject -Identity “CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=” -Partition “CN=Configuration,DC=” -Replace:@{“msDS-DeletedObjectLifetime” = }