Empty Active Directory Recycle Bin
I did not find a ready-made recipe anywhere, although I did Google as much as I could. I'll tell you the history and treatment of the problem that arose before me. Ready recipe.
Good practice rules in system administration recommend including a basket of remote objects in Active Directory.
But as a result of this, additional problems may arise, for example, such as I had to face.
It all started with the fact that it was necessary to install an additional domain controller in read mode (RODC) in the corporate network.
')
But when raising the member server to the role of RODC, an error appeared, as a result of which the server refused to perform this operation:
Error screen:
The solution to the problem was suggested by one English-language website ; you just need to empty the AD basket.
Run the PowerShell script.
Instead of% domain% and% name%, you need to enter your own values, such as here:
After emptying the recycle bin, the server safely became a read-only domain controller, and replicated AD objects.
Good practice rules in system administration recommend including a basket of remote objects in Active Directory.
But as a result of this, additional problems may arise, for example, such as I had to face.
It all started with the fact that it was necessary to install an additional domain controller in read mode (RODC) in the corporate network.
')
But when raising the member server to the role of RODC, an error appeared, as a result of which the server refused to perform this operation:
The replication operation failed because the link value points to a reusable target.
This is a replication of the operation.
Error screen:
The solution to the problem was suggested by one English-language website ; you just need to empty the AD basket.
Run the PowerShell script.
Get-ADObject –SearchBase “CN=Deleted Objects,DC=%domain%,DC=%name%” –ldapFilter “(objectClass=*)" -includeDeletedObjects | Remove-ADObject
Instead of% domain% and% name%, you need to enter your own values, such as here:
Get-ADObject –SearchBase “CN=Deleted Objects,DC=habrahabr,DC=ru” –ldapFilter “(objectClass=*)" -includeDeletedObjects | Remove-ADObject
After emptying the recycle bin, the server safely became a read-only domain controller, and replicated AD objects.
Source: https://habr.com/ru/post/222703/
All Articles