What happens when one of my Active Directory Objects gets Deleted?
Published Mar 15 2019 01:28 PM 570 Views
First published on MSDN on Aug 25, 2008

Don't let it happen!

This goes beyond clusters.  If an identity is deleted, nothing using that identity will be able to log on or authenticate against it.  The service or application that you went through all the pains to make highly available on your cluster will no longer be available to clients.  Once an object is deleted, you have (by default) 180 days, in a Windows Server 2003 Domain, to recover the object from the deleted objects store (see http://support.microsoft.com/?kbid=840001 or Mark Russinovich's Active Directory tools: http://technet.microsoft.com/en-us/sysinternals/bb963906.aspx )

What if the object has been permanently deleted?  Can I recreate a new object with the same name and have clustering still work?  Unfortunately, no.  Network Names depend on the specific Active Directory objects, not their names.  This is especially true of the CNO.  So, be careful and don't delete your cluster computer objects.

The network names rotate their passwords according to domain and system policy, so you can use the last password set date in your Active Directory scripts to keep these objects around.

Matt Kurjanowicz
Software Development Engineer
Clustering & High Availability

Version history
Last update:
‎Mar 15 2019 01:28 PM
Updated by: