Empty Active Directory Recycle Bin

    I have not found a ready-made recipe anywhere, although I googled it as best I could. I’ll tell you the history and treatment of the problem that arose before me. Ready recipe.

    Good manners in system administration recommend that you include a basket of deleted objects in Active Directory.
    But as a result of this, additional problems may arise, for example, with those that I had to face.

    It all started with the fact that it was necessary to install an additional domain controller in read mode (RODC) on the corporate network .

    But when upgrading a member server to the role of RODC, an error occurred, as a result of which the server refused to perform this operation:
    The replication operation failed because the link value indicates a reusable target.

    The replication operation failed because the target object referred by a link value is recycled.


    Error screen: One English site suggested a
    image

    solution to the problem , you just need to empty the AD basket. We execute the PowerShell script. Instead of% domain% and% name%, you need to put your own values, as for example here: After emptying the recycle bin, the server safely became a read-only domain controller and replicated AD objects.



    Get-ADObject –SearchBase “CN=Deleted Objects,DC=%domain%,DC=%name%” –ldapFilter “(objectClass=*)" -includeDeletedObjects | Remove-ADObject



    Get-ADObject –SearchBase “CN=Deleted Objects,DC=habrahabr,DC=ru” –ldapFilter “(objectClass=*)" -includeDeletedObjects | Remove-ADObject



    Also popular now: