You are one of two network administrators for your organization.
Your IT partner does most of the work in Active Directory.
While working in Active Directory, your partner accidently deleted a user from the Sales OU.
You recover the user from tape backup but you want to help prevent this from happening
again in the future.
What can you do?
A.
Enable the Active Directory Recycle Bin.
B.
Use ADSI Edit to restore the user.
C.
Take away all rights from the other administrator.
D.
Use the Directory Services Restore Mode Lockout command.
Explanation:
http://technet.microsoft.com/en-us/library/dd392261%28v=ws.10%29.aspx
Active Directory Recycle Bin Step-by-Step Guide
Active Directory Recycle Bin helps minimize directory service downtime by enhancing your
ability to preserve and restore accidentally deleted Active Directory objects without restoring
Active Directory data from backups, restarting Active Directory Domain Services (AD DS), or
rebooting domain controllers.
When you enable Active Directory Recycle Bin, all link-valued and non-link-valued attributes
of the deleted
Active Directory objects are preserved and the objects are restored in their entirety to the
same consistent logical state that they were in immediately before deletion. For example,
restored user accounts automatically regain all group memberships and corresponding
access rights that they had immediately before deletion, within and across domains.
Active Directory Recycle Bin is functional for both AD DS and Active Directory Lightweight
Directory Services (AD LDS) environments.
Important
By default, Active Directory Recycle Bin in Windows Server 2008 R2 is disabled. To enable
it, you must first raise the forest functional level of your AD DS or AD LDS environment to
Windows Server 2008 R2, which in turn requires all forest domain controllers or all servers
that host instances of AD LDS configuration sets to be running Windows Server 2008 R2.
After you set the forest functional level of your environment to Windows Server 2008 R2, you
can use the instructions in this guide to enable Active Directory Recycle Bin. In this release
of Windows Server 2008 R2, the process of enabling Active Directory Recycle Bin is
irreversible. After you enable Active Directory Recycle Bin in your environment, you cannot
disable it.