Your network contains an Active Directory forest named contoso.com. The forest contains a single
domain. All domain controllers run Windows Server 2012 R2. The domain contains two domain
controllers. The domain controllers are configured as shown in the following table.
Active Directory Recycle Bin is enabled. You discover that a support technician accidentally removed
100 users from an Active Directory group named Group1 an hour ago. You need to restore the
membership of Group1.
What should you do?
A.
Export and import data by using Dsamain.
B.
Apply a virtual machine snapshot to VM1.
C.
Recover the items by using Active Directory Recycle Bin.
D.
Modify the isRecycled attribute of Group1.
Explanation:
As far as the benefits of the Windows 2012 Recycle Bin, they are the same as the Windows 2008 R2
recycle bin with the exception of the new user interface which makes it more user-friendly. These
additional benefits include:
All deleted AD object information including attributes, passwords and group membership can be
selected in mass then undeleted from the user interface instantly or via Powershell
User-friendly and intuitive interface to filter on AD objects and a time period · Can undelete
containers with all child objects
https://www.simple-talk.com/sysadmin/exchange/the-active-directory-recycle-bin-in-windowsserver-2008-r2/
http://communities.quest.com/community/quest-itexpert/blog/2012/09/24/the-windows-server-
2012-recycle-bin-and-recovery-manager-for-active- directory
Answer is C based on “explanation”, but A is highlighted. ?????????????
0
0
A.
Export and import data by using Dsamain.
Only valid solution
B.
Apply a virtual machine snapshot to VM1.
It would replicate changes back from the other domain controller.
C.
Recover the items by using Active Directory Recycle Bin.
Group 1 is NOT deleted.
D.
Modify the isRecycled attribute of Group1.
Group 1 is NOT deleted
0
0
Fully agree with the poster’s comments here.The answer is A.
There is another question which is EXACTLY the same but A answer is Authoritative restore. Which is also a choice.
The rest of the answers won’t restore members in a group.
1
0
very strange answer….
1
0
Can’t be C because the objects itself were not removed, just removed from the group.
B and D don’t make sense so that leaves A.
1
0
+1
0
0
A is the correct answer.
You use the dsamain tool to look at Active Directory snapshots.
More info: http://windowsitpro.com/windows-server-2008/using-active-directory-snapshots-and-dsamain-tool
So the idea is you would mount an AD snapshot, use DSAMAIN to look at who was in the group before they were removed, and you manually add them back in.
From the link above….
“As we have seen, just because we can’t directly restore objects from a snapshot or backup exposed via Dsamain doesn’t mean it’s useless. We can use tools to do comparisons between a snapshot and another snapshot or the live AD, and we can copy attributes from a snapshot in the live AD—we just can’t perform a traditional restore and keep attributes such as SID. We can use the information exposed through Dsamain to make sure we have the right backup to restore from or use it to get the information we need to perform an object reanimation.”
0
0