Leveraging Active Directory Recycle Bin: Best practices for AD protection – Part 4
This post is part four of a series where I discuss granular recovery of Active Directory objects and different scenarios and tools for such operations.
In the previous article, I described the cases where administrators worked with Domain Controllers running Active Directory off a functional level of Windows Server 2003 and Windows Server 2008. I detailed the steps they had to do in order to reanimate the tombstone objects using LDP and Veeam Explorer for Microsoft Active Directory utilities.
Today, I’m moving on to newer systems with the Active Directory recycle bin feature enabled.
With Windows Server 2008 R2, Microsoft implemented a long-awaited Active Directory recycle bin. This extended the standard life cycle of an Active Directory object and changed the logic of object deletion. With this feature enabled, the object started going to the deleted objects container right after deletion, where it stays for the lifetime of the deleted object (equal to recycled object lifetime by default). Most important, the system is able to preserve all of the object’s link-valued and non-link-valued attributes for the same lifetime period. This means you can easily restore an object with those attributes during this period.
Once the lifetime is over, the system changes the object status to recycled and drops most of its attributes. Additionally, the object becomes logically equal to what used to be tombstone in Windows Server 2003 and Windows Server 2008. The only difference is that you can’t restore or reanimate the recycled object now. A garbage collector removes it automatically after a recycled object lifetime expires (180 days by default).
Enabling Active Directory recycle bin
Read the entire article here, Leveraging Active Directory Recycle Bin: Best practices for AD protection (Part 4)
via the fine folks at Veeam Software
White Papers
‘All You Need to Know About Microsoft Windows Nano Server’ Veeam White Paper
Now updated for Windows Server 2016 GA release! You probably heard about Windows Nano Server already … but what is it exactly, and how do you get started with it? What value will it bring to your environment? Nano Server is a headless, 64-bit only deployment option for Windows Server 2016. Microsoft created this component specifically with […]
Share this:
‘The Citrix Administrator’s Guide to Citrix ICA/HDX’ White Paper
‘The Technical Guide to Migrating from Citrix 6.5 to 7.x and Replacing EdgeSight’ White Paper
Complete Guide to Understanding the Citrix Logon Process
‘Securing IGEL OS Endpoints’ White Paper
‘Managing Java Application Performance in a Citrix Environment’ White Paper