70-411 Free Dumps Study Materials
Question 2: HOTSPOT
Your network contains an Active Directory forest named contoso.com. The forest contains a single
domain. All domain controllers run Windows Server 2012 R2 and are configured as DNS servers. All
DNS zones are Active Directory-integrated. Active Directory Recycle Bin is enabled.
You need to modify the amount of time deleted objects are retained in the Active Directory Recycle
Bin.
Which naming context should you use? To answer, select the appropriate naming context in the
answer area.
Correct Answer:Starting in Windows Server 2008 R2, Active Directory now implements a true recycle bin. No longer
will you need an authoritative restore to recover deleted users, groups, OU's, or other objects.
Instead, it is now possible to use PowerShell commands to bring back objects with all their attributes,
backlinks, group memberships, and metadata.
The amount of time that an object can be recovered is controlled by the Deleted Object Lifetime
(DOL). This time range can be set on the msDS-deletedObjectLifetime attribute. By default, it will be
the same number of days as the Tombstone Lifetime (TSL). The TSL set for a new forest since
Windows Server 2003 SP1 has been 180 days*, and since by default DOL = TSL, the default number of
days that an object can be restored is therefore 180 days. If tombstoneLifetime is NOT SET or NULL,
the tombstone lifetime is that of the Windows default: 60 days. This is all configurable by the
administrator.
Set-ADObject -Identity "CN=Directory Service,CN=Windows
NT,CN=Services,CN=Configuration,DC=contoso,DC=com" -Partition
"CN=Configuration,DC=contoso,DC=com" -Replace: @("msDS-DeletedObjectLifetime" = 365) msDS-
deletedObjectLifetime New to Windows Server 2008 R2 Is set on the "CN=Directory
Service,CN=Windows NT, CN=Services, CN=Configuration, DC=COMPANY,DC=COM" container
Describes how long a deleted object will be restorable To modify the deleted object lifetime by using
Ldp.exe To open Ldp.exe, click Start, click Run, and then type ldp.exe.
To connect and bind to the server hosting the forest root domain of your Active Directory
environment, under Connections, click Connect, and then click Bind.
In the console tree, right-click the CN=Directory Service,CN=Windows
NT,CN=Services,CN=Configuration container, and then click Modify.
In the Modify dialog box, in Edit Entry Attribute, type msDS-DeletedObjectLifeTime.
In the Modify dialog box, in Values, type the number of days that you want to set for the tombstone
lifetime value. (The minimum is 3 days.) In the Modify dialog box, under Operation click Replace, click
Enter, and then click Run.
References:
http://technet.microsoft.com/en-us/library/dd392260%28v=ws.10%29.aspx
http://blogs.technet.com/b/askds/archive/2009/08/27/the-ad-recycle-bin-understanding-
implementing-best-practices-and-troubleshooting. aspx