its members have permissions to read deleted AD object. Juicy information can be found in there.
ldapsearch can be use to enumerate deleted AD objects
ldapsearch -x -H ldap://$IP -D "Ad_Recyle_Bin_User@contoso.local" -w 'Password!' -b "CN=Deleted Objects,DC=contoso,DC=local" -E '!1.2.840.113556.1.4.417' '(&(objectClass=*)(isDeleted=TRUE))'
Using the ActiveDirectory powerhsell module, we can enumerate deleted AD objects
Get-ADObject -filter 'isDeleted -eq $true' -includeDeletedObjects -Properties *
Last updated 1 year ago
