Your network contains an Active Directory forest named contoso.com. The forest contains a single
domain. All domain controllers run Windows Server 2012 R2.
The domain contains two domain controllers. The domain controllers are configured as shown in the
following table.
Active Directory Recycle Bin is enabled.
You discover that a support technician accidentally removed 100 users from an Active Directory
group named Group1 an hour ago.
You need to restore the membership of Group1.
What should you do?
A.
Recover the items by using Active Directory Recycle Bin.
B.
Modify the Recycled attribute of Group1.
C.
Perform tombstone reanimation.
D.
Perform an authoritative restore.
Explanation:
Active Directory Recycle Bin helps minimize directory service downtime by enhancing your ability to
preserve and restore accidentally deleted Active Directory objects without restoring Active Directory
data from backups, restarting Active Directory Domain Services (AD DS), or rebooting domain
controllers.
When you enable Active Directory Recycle Bin, all link-valued and non-link-valued attributes of the
deleted Active Directory objects are preserved and the objects are restored in their entirety to the
same consistent logical state that they were in immediately before deletion. For example, restored
user accounts automatically regain all group memberships and corresponding access rights that they
had immediately before deletion, within and across domains.
I donĀ“t think so. They didn’t delete anything so “Recover the items by using Active Directory Recycle Bin” or “Perform tombstone reanimation” are not the solution.
I think we should perform an authoritative restore.
http://www.aiotestking.com/microsoft/you-need-to-restore-the-membership-of-group1-2/
http://www.aiotestking.com/microsoft/you-need-to-restore-the-membership-of-group1-4/
0
0
Reading comments from v 5 of this dump I would think D
0
0
agree. I’ll go with D
0
0
D
0
0
There’re two domain controllers (2012), DC1 = a physical machine, DC2 = VM. On DC1 the AD snapshots are being taken on a daily basis, on DC2 – AD snapshots and system state backups.
AD Recycle Bin is enabled.
An administrator accidentally deleted 100 users from AD group Group1.
You need to restore the group1’s membership.
1) Apply a snapshot to VM1
2) Export/import data by using DSAmain
3) AD Recycle Bin
4) Modifying is Recycled attribute of Group1
0
0
I would go with Answer 1 here.
0
0
Pretty sure the answer is D.
Read the following article about AD Recycle Bin
http://davidmtechblog.blogspot.com/2014/03/windows-server-2012-active-directory.html
0
0
Incorrect. Answer is D because you are modifying, not deleting in this case.
Does anyone actually skim through these to correct the answers? lol
0
0
If you were to use and Authoritative Restore would you not run the risk of losing any user password changes or updates since the last backup? Why can’t you restore from the recycling bin?
0
0
The provided answer is completely wrong. The Recycle Bin doesn’t track trivial changes; i.e. changes to the membership of a group. You need to do an authoritative restore to get everything back the way it was.
0
0
The reason why the Authoritative restore is the correct option is the specific wording of the question. It states the users were removed from the group. The technician did not delete the users. There would be nothing in the AD Recycle Bin or this issue.
0
0