Does RMAD support the Active Directory Recycle Bin being enabled and can it leverage the AD Recycle Bin during restore operations?
Enabling the AD Recycle Bin is not a requirement for RMAD, but RMAD does work with the AD Recycle Bin enabled, however it behaves differently depending on what state the object is in and the version or RMAD you are using.
When an object is deleted in a forest where Microsoft’s Active Directory Recycle Bin feature is enabled, the object goes through the following states:
Deleted state. The object retains all its attributes, links, and group memberships that existed immediately before the moment of deletion. The object remains in this state for a specified configurable period of time that is called deleted object lifetime (default is the tombstone lifetime which by default is 180 days). When the applicable deleted object lifetime period expires, the object is transferred to the next state—“recycled”.
While an object remains in the “deleted” state, you can use Recovery Manager for Active Directory to undelete (reanimate) the object with all its attributes, links, and group memberships that existed immediately before the moment of deletion. No backups are required in this recovery scenario.
Alternatively, you can authoritatively restore the object to its backed-up state from a backup created with Recovery Manager for Active Directory. Recovery Manager first restores all the attributes preserved in the object’s tombstone and then the remaining attributes are then restored from backup. If the backed-up value of an attribute differs from the value restored from the tombstone, then the backed-up value is restored. As a result, after the recovery operation completes, the restored object has the same attribute values, group memberships, and security descriptor as it had when the backup was created.
Recycled state. After a deleted object is transferred to the “recycled” state, most of the object’s attributes are purged (stripped away), and the object retains only those few attributes that are essential to replicate the object’s new state to other domain controllers in the forest. The object remains in the recycled state for a specified configurable period of time that is called recycled object lifetime (which is the Tombstone Lifetime which by default is 180 days).
With RMAD versions earlier than 8.5.1, you can use the Deleted Objects container provided by Recovery Manager for Active Directory to view a list of the recycled objects in the domain, but those objects cannot be restored. With RMAD 8.5.1 and later, you can use the Deleted Objects container to not only view the recycled objects in the domain but to also recover recycled objects from backups created with RMAD.
© ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center