May 2019
Intermediate to advanced
620 pages
21h 41m
English
Content preview from Active Directory Administration Cookbook
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
How it works...
When you delete a user object, the object no longer uses its RID, but the RID and the corresponding SID and DNT in the domain partition cannot be reused.
When you attempt to delete a user object that has the Protect from accidental deletion option enabled, you will not be able to delete the object. First, the option needs to be disabled.
Many organizations are wary of deleting user objects, because they fear their auditing systems may no longer be able to put a name to the RID or corresponding SID. Instead, most of them opt to disable user objects. Unfortunately, many admins forget to actually delete the object beyond the auditing retention period, getting stuck with numerous objects that take up space in the Active Directory ...