Home » Microsoft » 70-411 » What should you do?
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All domain controllers run Windows Server 2012 R2.
The domain contains two domain controllers. The domain controllers are configured as shown in the following table.
Active Directory Recycle Bin is enabled.
You discover that a support technician accidentally removed 100 users from an Active Directory group named Group1 an hour ago.
You need to restore the membership of Group1.
What should you do?
A. Recover the items by using Active Directory Recycle Bin.
B. Modify the Recycled attribute of Group1.
C. Perform tombstone reanimation.
D. Perform an authoritative restore.
Correct Answer: A
Explanation/Reference:
Explanation:
Active Directory Recycle Bin helps minimize directory service downtime by enhancing your ability to preserve and restore accidentally deleted Active Directory objects without restoring Active Directory data from backups, restarting Active Directory Domain Services (AD DS), or rebooting domain controllers.
When you enable Active Directory Recycle Bin, all link-valued and non-link-valued attributes of the deleted Active Directory objects are preserved and the objects are restored in their entirety to the same consistent logical state that they were in immediately before deletion. For example, restored user accounts automatically regain all group memberships and corresponding access rights that they had immediately before deletion, within and across domains.
Agree with KenRyu: see question 125 same question. Answer is Perform an authoritative restore
Agree with KenRyu
This is incorrect. You can only restore deleted objects. The objects were not deleted in this scenario but removed from the group. to see those objects or the group membership you should perform an authoritative Restore to recover group membership