What happens when one of my Active Directory Objects gets Deleted?

What happens when one of my Active Directory Objects gets Deleted?

Rate This
  • Comments 8

Don't let it happen!

This goes beyond clusters.  If an identity is deleted, nothing using that identity will be able to log on or authenticate against it.  The service or application that you went through all the pains to make highly available on your cluster will no longer be available to clients.  Once an object is deleted, you have (by default) 180 days, in a Windows Server 2003 Domain, to recover the object from the deleted objects store (see http://support.microsoft.com/?kbid=840001 or Mark Russinovich's Active Directory tools: http://technet.microsoft.com/en-us/sysinternals/bb963906.aspx)

What if the object has been permanently deleted?  Can I recreate a new object with the same name and have clustering still work?  Unfortunately, no.  Network Names depend on the specific Active Directory objects, not their names.  This is especially true of the CNO.  So, be careful and don't delete your cluster computer objects.

The network names rotate their passwords according to domain and system policy, so you can use the last password set date in your Active Directory scripts to keep these objects around.

 

Thanks,
Matt Kurjanowicz
Software Development Engineer
Clustering & High Availability

Leave a Comment
  • Please add 5 and 6 and type the answer here:
  • Post