none
isDeleted and isRecycled flags in a Server 2003 functional level

    问题

  • Recently, I had to restore a deleted user in Active Directory.  When trying to use the Quest AD command "restore-QADDeletedObject" I received an error about not being able to restore recycled objects.  Doing some digging showed me that the deleted user account had the isRecycled flag set to True.  I read up on the isRecycled flag and had a question.

    Our domain functional level is Server 2003.  We have one Server 2008 DC and three Server 2008 R2 DC's.  Since our functional level is 2003 we cannot enable the Active Directory Recycle Bin.  It is my understanding that the isRecycled flag is used with the Recycle Bin.

    My question is, why is the isRecycled flag being flipped for our deleted objects?

    One article I read suggested that as soon as you add a Server 2008 R2 DC to the domain every object gets the isRecycled flag set.  If this was the case, wouldn't I be able to see that flag on all the objects and not just the deleted ones?

    By the way, I was able to restore the object manually using LDP.exe and also with the Sysinternals tool "adrestore".

    2012年6月14日 17:45

答案

全部回复

  • Hello,

    please see here about the implementation from the new isRecycled attribute http://blogs.technet.com/b/askds/archive/2009/08/27/the-ad-recycle-bin-understanding-implementing-best-practices-and-troubleshooting.aspx


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    2012年6月14日 19:21
  • Thank you for your reply.  That is one of the articles I read previously.  It helped me understand more about what isDeleted and isRecycled do.  However, as I stated in my original post, we do not have the Recycle Bin enabled and we are not working at a Server 2008 R2 domain functional level.  My original questions still stand.

    Just to add more information, our schema has been extended to Server 2008 R2.  Could this be what is causing the isRecycled flags being set?

    2012年6月14日 19:49
  • Hello,

    correct, isRecycled is one of the schema adds coming with http://technet.microsoft.com/en-us/library/dd378890(v=ws.10).aspx


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    2012年6月14日 19:54
  • Thank you for your help so far.  One last question.  Why is that flag being set when objects are deleted in Active Directory?

    According to this article, http://support.microsoft.com/kb/2002034 , the flag is set as soon as you add the first Server 2008 R2 DC to the domain.  If that is the case, why is the isRecycled flag set to <not set> on live objects but gets toggled when they are deleted?  I am using ADSI Edit to look at the flags on live objects and LDP.exe to look at the flags on deleted objects.   

    From what I understand so far, that flag should only get set when the value of msDS-deletedObjectLifetime value is reached after deleting an object.  The conclusion I have drawn is that since we don't have the Recycle Bin enabled which means we don't have the msDS-deletedObjectLifetime variable at all, Active Directory treats it as being zero and instantly sets the flag upon deletion.  Is this by design?





    2012年6月15日 12:10
  • I appreciate all the answers received so far and Meinolf has been very helpful.  Does marking his replies as "Answer" mean this thread is closed?  Should I start a new one for my previous, unanswered question?
    2012年6月27日 11:58