Active Directory Recycle Bin is enabled. You discover that a support technician accidentally
removed 100 users from an Active Directory group named Group1 an hour ago. You need to restore
the membership of Group1. What should you do?
A.
Perform tombstone reanimation.
B.
Export and import data by using Dsamain.
C.
Perform a non-authoritative restore.
D.
Recover the items by using Active Directory Recycle Bin.
The Recycle bin is Enabled 🙂
D
You are wrong. There is nothing in the recyclebin, because the users weren’t deleted. They are no member of this group anymore, so you need to restore the group object from a backup or an active directory snapshot.
Answer A is nonsense, because the group and user objects weren’t deleted.
Answer C is nonsense, unless there would be only one domain controller. In the case of more than one domain controller, after the non-authoritative restore, the most current version will survive and that is the one with the 100 users removed from the group membership list.
Answer D is nonsense, because the group and user objects weren’t deleted.
Answer B is plausible, but not recommended. Read this: http://www.technologyfolio.com/restore-active-directory-object-from-snapshot-and-dsamain-tool/
Not true musiman,
When you have enabled the recycle bin in the AD Administrative Center, you can not only recover useraccounts, but also usergroups
D is the correct answer
DaveB, the recyclebin can be used to recover a deleted group. BUT… the group has not been deleted!!! There were 100 users removed from the membership list. You cannot recover the 100 memberships from the recyclebin, because the recyclebin only contains deleted users, group, computers, OU’s.
You’re correct Musiman. The group itself is not removed, only the members…
The group was not deleted….unless I miss-read it. The user removed users from a group so there for nothing was deleted. I would go with B
Auditing modified and deleted objects
Dsamain.exe helps you examine any changes that are made to Active Directory data. For example, if an object is accidentally modified, you can use this tool to examine the changes and to help you better decide how to correct them if necessary.
By scheduling a task to regularly create snapshots of the AD DS database, you can keep detailed records of AD DS data as it changes over time. You can create AD DS snapshots without devoting as much time and storage space as Windows Server Backup requires for critical-volume backups.
Because the question doesn’t contains much information:
B is the solution
https://technet.microsoft.com/en-us/library/cc753609(v=ws.10).aspx
Only B make sense
2017 New 70-743 Exam Questions Updated Today! Share her and wish more people can share free questions here with me:
QUESTION 73
You have an Active Directory domain that contains several Hyper-V hosts that run Windows Server 2016.
You plan to deploy network virtualization and to centrally manage Datacenter Firewall policies.
Which component must you install for the planned deployment?
A. the Routing role service
B. the Canary Network Diagnostics feature
C. the Network Controller server role
D. the Data Center Bridging feature
Answer: C
QUESTION 74
You have a virtual machine named VM1 that runs Windows Server 2016.
VM1 hosts a service that requires high network throughput.
VM1 has a virtual network adapter that connects to a Hyper-V switch named vSwitch1. vSwitch1 has one network adapter. The network adapter supports Remote Direct Memory Access (RMDA), the single root I/O virtualization (SR-IOV) interface, Quality of Service (QoS), and Receive Side Scaling (RSS).
You need to ensure that the traffic from VM1 can be processed by multiple networking processors. Which Windows PowerShell command should you run in the host of VM1?
A. Set-NetAdapterRss
B. Set-NetAdapterRdma
C. Set-NetAdapterSriov
D. Set-NetAdapterQoS
Answer: A
QUESTION 75
You have a server named Server1 that runs Windows Server 2016. Server1 is a Hyper-V host that hosts a virtual machine named VM1.
Server1 has three network adapter cards that are connected to virtual switches named vSwitch1, vSwitch2 and vSwitch3.
You configure NIC Teaming on VM1 as shown in the exhibit. (Click the Exhibit button.)
image_thumb
You need to ensure that VM1 will retain access to the network if a physical network adapter card fails on Server1.
What should you do?
A. From Hyper-V Manager on Server1, modify the settings of VM1.
B. From Windows PowerShell on VM1, run the Set-VmNetworkAdapterTeamMapping cmdlet.
C. From Windows PowerShell on Server1, run the Set-VmNetworkAdapterFailoverConfiguration cmdlet.
D. From Windows PowerShell on Server1, run the Set-VmSwitch cmdlet.
Answer: B
QUESTION 76
You have a server named Server1 that runs Windows Server 2016.
You plan to deploy Internet Information Services (IIS) in a Windows container.
You need to prepare Server1 for the planned deployment.
Which three actions should you perform? Each correct answer presents part of the solution.
A. Install the Container feature.
B. Install Docker.
C. Install the Base Container Images.
D. Install the Web Server role.
E. Install the Hyper-V server role.
Answer: ABC
QUESTION 77
Your network contains an Active Directory domain. The domain contains two Hyper-V hosts.
You plan to perform live migrations between the hosts.
You need to ensure that the live migration traffic is authenticated by using Kerberos.
What should you do first?
A. From Server Manager, install the Host Guardian Service server role on a domain controller.
B. From Active Directory Users and Computers, add the computer accounts for both servers to the Cryptographic Operators group.
C. From Active Directory Users and Computers, modify the Delegation properties of the computer accounts for both servers.
D. From Server Manager, install the Host Guardian Service server role on both servers.
Answer: C
QUESTION 79
You have an Active Directory domain named Contoso.com. The domain contains servers named Server1, Server2 and Server3 that run Windows Server 2016.
Server1 and Server2 are nodes in a Hyper-V cluster named Cluster1.
You add a Hyper-V Replica Broker role named Broker1 to Cluster1.
Server3 is a Hyper-V server. A virtual machine named VM1 runs on Server3. Live Migration is enabled on all three servers and it is configured to use Kerberos authentication only.
You need to ensure that you can perform the migration of VM1 to Server2.
What should you do?
A. Add the Server computer account to the Replicator group on Server1 and Server2.
B. Modify the Delegation settings on the Server3 computer account.
C. Modify the Storage Migration settings on Server3.
D. Modify the Cluster permissions for Cluster1.
Answer: B
More 70-743 practice questions can be got from:
http://www.vcp550dumps.com/?s=70-743
Wish more poeple can share you exam pass experience here!
The answer is D.
Explanation is from page 208 of the book “Training Guide: Administering Windows Server 2012; 70-411”
“The simplest way to recover deleted Active Directory objects is to use the Active Directory Recycle Bin. In some environments, the Active Directory Recycle Bin may not be enabled for business reasons; for example, if the forest is still operating at the Windows Server 2003 or
Windows Server 2008 forest functional level.
If the Active Directory Recycle Bin is not available, and you need to recover a deleted object, you’ll need to restart the computer in DSRM
and perform an authoritative restore.”
Do people not read anymore?
The question says they were “removed from group1” not deleted.
Therefore the 100 users, though no longer in group1, are still present in whatever OU the Company users are stored in – Users, SBSUsers, ContosoUsers whatever it is.
They haven’t been deleted from AD, just removed from “group1”, so you can’t restore them from the re-cycle bin they’re not there to restore.
You need a content differentiating tool that will tell you who is now missing from group1 so you can stick them back in there.
“DSAMAIN Tool: This is not the most recommended way to restore objects from Active Directory it is more intended to find content differences in the Active Directory over time [pre-deletion v post-deletion] without the need to fully restore a DC”
Exactly what you need to find your 100 users and get them back in group1.
Job done, go to the pub!
Good explanation indeed, also good reading ..haha
It tricked me as well, but the difference is as said, btween removed or deleted..
So thank for triggering my assumption and reminding me of good reading skills…:-)