Referring to the following step of the Directory services account permission assignment, after obtaining the ownership permissions of the 'Deleted objects' container ACL, it just left as is? How do we revoke this properly?
# Take ownership on the deleted objects container:$params = @("$deletedObjectsDN", '/takeOwnership') C:\Windows\System32\dsacls.exe $params
Yes, you can keep the ownership of the deleted object container. It has no impact on the permissions.
If you want to remove the permissions you assigned, you can run the following two 2 lines instead of the two prior ones: $params = @("$deletedObjectsDN", '/R', $Identity) C:\Windows\System32\dsacls.exe $params
I'll update the public documentation to include them as well.