Pop Quiz: Clean Up Active Directory
Applies to the "Configure and Manage Active Directory" objective of Exam 70-417.
Q: A company's administrator is attempting to clean up Active Directory metadata for a recently decommissioned domain controller using the Active Directory Sites and Services console but receives an Access is Denied message.
Which of the following is the most likely explanation for the Access is Denied message when attempting to cleanup Active Directory metadata?
- Object is marked with read only access
- Domain administrator account is required
- Local administrator account is required
- Object is marked for prevent from accidental deletion
Answer and explanation are below.
Answer is D. An Access is denied message when attempting to cleanup Active Directory metadata is most likely that the object is protected against accidental deletion.
Quick Tip: To prevent the error when using in Active Directory Sites and Services, right-click the domain controller or the NTDS Settings object, click Properties, click Object, and clear the Protect object from accidental deletion check box. When using Active Directory Users and Computers, the Object tab appears only after clicking View and then clicking Advanced Features.
Bonus Question: What are the steps necessary to upgrade a cluster from Windows Server 2008 R2 to Windows Server 2012? (The answer, of course, will be revealed next time!)
Answer to bonus question from last time: Active Directory metadata cleanup methods include GUI tools such as Active Directory Users and Computers, the command line tool Ntdsutil, and by using a script.
Andy Barkl, MCT/MCITP/MCSA, A+, Network+, Security+, CCNA has been studying technology for 30 years. Of the last 15 years, he has spent much of his time parting the knowledge and experience he has gained through IT exams, over 300, to help others be prepared and successful. He teaches classes in Phoenix, Ariz. where he has lived most of his life. He can be reached by e-mail at email@example.com.