Your network contains an Active Directory forest named contoso.com. The forest contains a single
domain. All domain controllers run Windows Server 2012 R2.
The domain contains two domain controllers. The domain controllers are configured as shown in the
following table.
Active Directory Recycle Bin is enabled.
You discover that a support technician accidentally removed 100 users from an Active Directory
group named Group1 an hour ago.
You need to restore the membership of Group1.
What should you do?
A.
Recover the items by using Active Directory Recycle Bin.
B.
Modify the Recycled attribute of Group1.
C.
Perform tombstone reanimation.
D.
Perform an authoritative restore.
Explanation:
Active Directory Recycle Bin helps minimize directory service downtime by enhancing your ability to
preserve and restore accidentally deleted Active Directory objects without restoring Active Directory
data from backups, restarting Active Directory Domain Services (AD DS), or rebooting domain
controllers.
When you enable Active Directory Recycle Bin, all link-valued and non-link-valued attributes of the
deleted Active Directory objects are preserved and the objects are restored in their entirety to the
same consistent logical state that they were in immediately before deletion. For example, restored
user accounts automatically regain all group memberships and corresponding access rights that they
had immediately before deletion, within and across domains.
I think AD recycle bin can’t restore group memberships
From what I’ve read online, AD recycle bin can restore group memberships.
https://blogs.technet.microsoft.com/askds/2009/08/27/the-ad-recycle-bin-understanding-implementing-best-practices-and-troubleshooting/
Find the line: Note how all the attribute data has been preserved, including group memberships – SaraDavis was a member of the Sales VPs group. Ouch, deleting an executive is never good for a career.
Correct me if I’m wrong, I’ve never used this feature before.
I’ve found several articles stating the same thing about AD Recycle Bin. Yet, it does state that the users were removed from the group and not deleted.
question does not state that users have been deleted (or group)only that their membership has been removed.which in my opinion means that you wont find anything in recycle bin as nothing was deleted.therefore the answer has to be D.
I think the question is wrongly worded.
Answer A would only be correct if the group or users had been deleted.
I don’t think AD recycle bin tracks changes to group membership so it cannot be used as described here.
it’s D. an object goes to the recycle bin only when it is deleted. Removing objects from a group only modifies the group, therefore the change is permanent unless you restore from backup.
The question isn’t wrongly worded.
As the question stands, nothing has been deleted, hence you won’t find anything in the AD Recycle Bin.
The only option is to perform an authoritative restore, D.
If the question said that Group1 had been deleted, then yes, you could use AD Recycle Bin to recover the group, and retain all it’s group memberships.
Just Passed 70-411 Exam Yesterday! 9xx/1000!!
Total 42 questions, around 5-8 new questions, 4 of them were on RODC.
I used the premium 70-411 dumps from here: http://www.passleader.com/70-411.html (445q), all new Qs were from it and wrong answers have been corrected, good enough for passing!
spam…delete massage
By the way, you can download part of that 445q 70-411 dumps here:
https://drive.google.com/open?id=0B-ob6L_QjGLpfnVfbXEwbmlUa1paemdDc19zQ1JWdVpqU1poRlB2TnktaWlBUFhfQXNJZVU
Hope these help! Good Luck!
D