New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Proposal: Restore users and groups from Recycle Bin if possible #211
Comments
Would this be a optional property on an existing resource(s) so that it first checks if the account to be created is present in the recycle bin, if it is, then it is restored from the recycle bin? |
Sure, that might be a good idea. Sounds good! I'll get started then :) |
Sound great, looking forward to the PR. Labeling this as in progress. |
Hi @johlju , will take a bit more time I think. One conceptual question: When restoring, there is currently one error that can theoretically occur, while the other errors that could happen during a restore are already being checked. The issue is that the parent container of an object could have been deleted as well. In this case the restore fails of course. Since we certainly don't want to simply restore the OU as well I am currently thinking of returning from the Set-TargetResource function entirely as we do not want to create the object even though it could be restored. So in my opinion the options are:
My issue with all approaches is: I could not find a way of finding out what the error was apart from reading the exception message. The exception type is always the same generic ADException, only the text differs. I don't want to parse text that may or may not be translated to another language. |
Since this functionality is added as a new optional property that determine if the account should always be tried to be restored from the recycle bin, I think it correct to throw the exception that is returned by the restore command, or another appropriate error message, so the user know what happened. |
Hi!
I would like to add some functionality so that users and groups that have been removed are restored from the Active Directory recycle bin, if it is available. My customers have the case that it is possible that someone deletes users and groups accidentally, which DSC easily corrects - however, since new objects are created instead of deleted ones recovered, there are all kinds of issues.
Implementing that would add a lot of value, as the SID remains the same and no orphaned ACEs and other issues would occur.
If this makes sense and I am not the only one who wants this I would be happy to implement it.
The text was updated successfully, but these errors were encountered: