Windows system >> Windows Server System Tutorial >> Windows Server FAQ

Active Directory Object Removal and Protection Deep Understanding

  
        

Everyone knows that in the 2000 and 2003 eras, when we removed an object from AD, AD did not delete the object directly, but instead marked the object as a tombstone object. Moreover, the tombstone object will be stored in the active directory for another 180 days (60 days in 2000 and 2003, and 180 days after SP1 in 2003). This time is the tombstone survival time. This tombstone survival time can be modified by the administrator using Adsiedit.msc. We only need to find the tombstoneLifetime attribute under Configuration\\Services\\Windows NT\\Directory Service to change it.

Note: Tombstone lifetime (tombstoneLifetime) refers to the time interval from the start of deleting an object in AD to the time when the object is actually deleted. The default value is 180 days. : This deletion is copied to other DCs in the domain. Restoring DC's "System Status Data" backup is time-limited and cannot be restored from a backup of system state data older than the tombstone's default 180-day lifetime. If the Active Directory object is deleted, it does not disappear directly. Instead, it is placed in an invisible CN named deleted object, which is stored for 180 days (default). In this 180 days, it can be restored. On the domain controller, The process called “Garbage Collection” is executed every 24 hours, and the deleted records of more than 180 days are actually deleted. That can only be restored by backup. Discussed here is within 180 days.

Now, let's take a look at using Microsoft's Active Directory LDP tool.

Select connection and enter the domain controller to connect to. We can find that the port used by the LDAP protocol is port 389.


bind in the menu, the selection input connected to the operator's identity credentials. After inputting, we can see that authendicated user=“administrator”

select options in the menu, select the menu item controls, and select return deleted object

In the Active Control window, the ID is displayed. This number is an ID recognized by the management information base. It represents the deleted object.

View menu, select tree, enter the domain DN

In the subdirectory, select the cn=deleted object container, find the deleted object in it

Enter the attribute value isdeleted, select delete in the operation, click Enter to add it to the entry list

Enter another attribute distinguishedName in the attribute. In Values, enter the location DN where the recovery object is to be stored. In the operation, select replace, click enter, and add it to the entry list.

select check Synchronous and Extended, then click on the Run button. The deleted object is restored. Active Directory Object Protection in Windows Server 2008 era

In addition to the above 03, ADDS in Windows Server 2008. When we create an object, we can directly check whether to enable anti-missing protection.



Check this, conan.han feels good, at least in some cases to prevent the blood engineers from deleting resources (including myself, haha), protecting the OU, the importance of resources Needless to say sex, delete an OU by mistake, then the information of this department... If you want to delete, at this time, windows will remind you to keep the knife!



Ok, the customer problem has just come out, how can I solve it?

Windows Server FAQ
Windows system
When win server2012 installs .NET Framework, it can not find the source file

system disk, so the source file can not be found. Solution: Insert the 2012 installation CD or load

Personal webmaster's win2003 server configuration and security

personal webmasters win2003 server configuration and security - Discuz example, suitable for rookie

Windows server 2008 R2 cross-hardware platform upgrade 2012

         With the changes of time, todays software has more hardware requirements. In the past, the

Windows Server 2008 WDS Deployment Client System

        WDS (Windows Deployment Servic), the Windows deployment service, is Microsofts latest image

Create a 4th primary partition under Windows Server 2008

Windows Server 2008 disks are divided into MBR and GPT partitions. This article only discusses MBR (
Active Directory Object Removal and Protection Deep Understanding

        Everyone knows that in the 2000 and 2003 eras, when we removed an object from AD, AD did not
  • Windows Server FAQ
  • Server 2000
  • Server 2003
  • Server 2008
  • Windows Server Tutorial

    • Solution for the display driver to stop responding when playing games in wn7 system

    Linux crashes the problem of processing

    How to hide the blue double arrow in the upper right corner of the Win10 folder?

    5 ways to get genuine Windows 7 without spending money or spending very little

    Notebook Win8 network is restricted or no connection, how to do

    What should I do if the Win7 system computer time synchronization error occurs?

    How to set up LAN proxy server in Win8

    How to restore the initial password of win7 system Win7 system restores the initial password of the administrator account

    Windows XP shutdown and automatic restart solution

    Windows 2003 operating system acceleration 20 strokes

  • Windows XP System Tutorial
  • Windows 7 System Tutorial
  • Windows 8 System Tutorial
  • Windows 10 System Tutorial
  • Windows 2003 System Tutorial
  • Windows 2008 System Tutorial
  • Windows Vista System Tutorial
  • Windows tutorial synthesis
  • Windows Server System Tutorial
  • Linux system Tutorial
  • Computer software Tutorial
  • Windows NT Tutorial
    • Copyright © Windows knowledge All Rights Reserved