Microsoft's official enterprise support blog for AD DS and more
Ned here again. We recently had a very lively discussion about 'Lag Sites' as a disaster recovery option. If you've been digging around the MS Download Center, you may have already come across Introduction to Windows Server 2008 R2. After some digging, you'll come across:
Improvements in Active Directory Domain ServicesThe Active Directory Domain Service server role in Windows Server 2008 R2 includes the following improvements:• Recovery of deleted objects. Domains in Active Directory now have a Recycle Bin feature that allows you to recover deleted objects. If an Active Directory object is inadvertently deleted, you can restore the object from the Recycle Bin. This feature requires the updated R2 forest functional level.
So while this won't be a replacement for solid backups, it certainly should augment them well and allow admins to get data back quickly without the need for complex lag site arrangements, or worries that the deletion has occured before the backups have had a chance to capture it. As always, this is pre-release documentation and there are no guarantees made about the component availablity or even if it will be included yet. Definitely keep your eyes open for it though. :-)
Definitely skim that document, there are all sorts of interesting tid-bits in there for the sharp-eyed. More news to come...
- Ned Pyle
PingBack from http://www.safewordfordforcitrix.com/ask-the-directory-services-team-follow-up-on-lag-sites-sort-of
203 Microsoft Team blogs searched, 94 blogs have new articles in the past 7 days. 223 new articles found
Fully agree that the Recycle Bin feature will be really great, once companies have reached that Win2008 R2 Forest Functional level and enabled this feature. I think it will actually be one of those special features that will drive admins to move to R2, as fast as they can, though this naturally takes some time in large, multi domain forests... I.e. those forests, that benefit the most from this feature ;-)
It would be good to hear comments from others about what their expectations are on the AD recycle bin. For example, would companies want to be able to control that specific data is removed right away from a deleted object (one that's in a state which allows to be recovered online), or is it ok to always keep all attributes until full removal of the object in the AD database a few weeks later?