Empty Active Directory Recycle Bin
I have not found a ready-made recipe anywhere, although I googled it as best I could. I’ll tell you the history and treatment of the problem that arose before me. Ready recipe.
Good manners in system administration recommend that you include a basket of deleted objects in Active Directory.
But as a result of this, additional problems may arise, for example, with those that I had to face.
It all started with the fact that it was necessary to install an additional domain controller in read mode (RODC) on the corporate network .
But when upgrading a member server to the role of RODC, an error occurred, as a result of which the server refused to perform this operation:
Error screen: One English site suggested a
solution to the problem , you just need to empty the AD basket. We execute the PowerShell script. Instead of% domain% and% name%, you need to put your own values, as for example here: After emptying the recycle bin, the server safely became a read-only domain controller and replicated AD objects.
Good manners in system administration recommend that you include a basket of deleted objects in Active Directory.
But as a result of this, additional problems may arise, for example, with those that I had to face.
It all started with the fact that it was necessary to install an additional domain controller in read mode (RODC) on the corporate network .
But when upgrading a member server to the role of RODC, an error occurred, as a result of which the server refused to perform this operation:
The replication operation failed because the link value indicates a reusable target.
The replication operation failed because the target object referred by a link value is recycled.
Error screen: One English site suggested a
solution to the problem , you just need to empty the AD basket. We execute the PowerShell script. Instead of% domain% and% name%, you need to put your own values, as for example here: After emptying the recycle bin, the server safely became a read-only domain controller and replicated AD objects.
Get-ADObject –SearchBase “CN=Deleted Objects,DC=%domain%,DC=%name%” –ldapFilter “(objectClass=*)" -includeDeletedObjects | Remove-ADObject
Get-ADObject –SearchBase “CN=Deleted Objects,DC=habrahabr,DC=ru” –ldapFilter “(objectClass=*)" -includeDeletedObjects | Remove-ADObject