Robert Waldinger - How to recover active directory if disaster should occur

•Download as PPTX, PDF•

1 like•4,822 views

Robert Waldinger discusses how to recover Active Directory if a disaster occurs. He outlines several use cases for AD recovery including recovering objects, attributes, GPOs, Sysvol, and an entire forest. Waldinger emphasizes that recovery plans should be documented, tested, and updated regularly. He demonstrates recovering objects using Windows Server 2012 Admin Center and configuring the AD Recycle Bin. Waldinger also shows recovering single attributes with Recovery Manager for AD and recovering GPO changes. The presentation concludes with emphasizing familiarity with AD recovery tools and performing regular disaster recovery tests.

Technology

Robert Waldinger
How to recover Active Directory
if disaster should occur

Bio – Robert Waldinger
•
•
•
•

System Consultant
Work for Dell Software
Live in Munich
Blog:

http://de.community.dell.com/techcenter/b/
windows_management/

Disaster
• „it can never happen to me“
• „oh really?“

How do companies prepare for a
Disaster?
•

Disasters are unpredictable – recovery shouldn’t be

•

Recovery should be:
– Planned, predictable and controlled
– Documented for the people that will use it
• Adjustable for unavailable team members

– Tested, practiced and updated periodically
• Automate where possible
• Without practice, chance of success < 10%
• Without planning, chance of success = 0%

AD-Recovery Use Cases
•
•
•
•
•

Recover object
Recover attribute
Recover GPO
Recover Sysvol
Forest Recovery

Tombstone Reanimation
• isDeleted attribute
• „CN=Deleted Objects“ (naming context)
• 180 days – Default since Win 2003 SP1
delete

Live

Tombstoned

Reanimate tombstone/
authoritative restore

Garbagecollection

Physically deleted

Recycle Bin
• Prerequesites
– All DC‘s must run Windows Server 2008 R2 or higher
– Forest Level Windows Server 2008 R2

• Enable Recycle Bin
– Enable-ADOptionalFeature –Identity ‘CN=Recycle Bin
Feature,CN=Optional Features,CN=Directory Service,CN=Windows
NT,CN=Services,CN=Configuration,DC=test,DC=lab’ –Scope
ForestOrConfigurationSet –Target ‘test.lab’
delete

Live

Deleted

Undelete/
authoritative restore

Recycle

Recycled

Garbagecollection

Physically deleted

Deleted object lifetime

- msDS-deletedObjectLifetime
Tombstone lifetime (recycled object lifetime)

- tombstoneLifetime
Both in

CN=Directory Service,CN=Windows NT,
CN=Services,CN=Configuration,DC=test,DC=lab

Demo
Recover Objects with
Windows Server 2012 Admin Center
and configure AD Recycle Bin

Reasons for attribute recovery
• Data import failed
• Error in IDM systems

Problems
• Object was not deleted
 recycle bin would not help
• Other changed attributes should not be
overwritten
• Also schema extensions should be covered

Demo
Recover single attributes
with Recovery Manager for AD

Problems
• 3rd party solution needed
• Sysvol, AD and registry needs to be covered

Solutions
AD Backup/Recovery
tool

GPO-Management
tool
• Additional benefits:
– Versioning
– Change history
– workflows

• Authoritive restore
• Restore files/scripts
• Restore system State offline

Microsoft Guideline
Identify the
problem

Perform initial
recovery
Decide how to
recover the forest

Cleanup
Redeploy
remaining DC‘s

• http://technet.microsoft.com/en-us/library/planning-activedirectory-forest-recovery(v=ws.10).aspx

Tools to be familiar with
•
•
•
•
•

Adsiedit.msc
Ntdsutil.exe
Repadmin.exe
Netdom.exe
Nltest.exe

Proof your concept
• Make sure your concept reflects the Microsoft
guide
• Make sure you have a working backup and all
needed information ready
• Do a forest recovery test at least once a year
(Fire drill)

Demo
Forest-Recovery with
Recovery-Manager-for-AD Forest
Edition

AD Forest Disaster Recovery –
What you don‘t know will hurt you
• Whitepaper:

https://software.dell.com/white
paper/active-directory-forestdisaster-recovery-what-youdont-know-will-hurt-you822479

Please evaluate the session before you
leave

.. and don’t forget to visit my
blog:
http://de.community.dell.com
/techcenter/b/
windows_management

Viewers also liked

Andrea renaud designmgt_portfolio2

Andrea Renaud

MCA Anevrizması

gopacil

15.12.2014, Discussions on permit law, Government of Mongolia

The Business Council of Mongolia

Insomnia foods to avoid

Vin

Rpp bab kebersihan

Managerial economics

Viewers also liked (7)

Andrea renaud designmgt_portfolio2

MCA Anevrizması

15.12.2014, Discussions on permit law, Government of Mongolia

Insomnia foods to avoid

Vin

Rpp bab kebersihan

Managerial economics

Similar to Robert Waldinger - How to recover active directory if disaster should occur

Presentation done sapphire May 2017 around easier, faster, cheaper and safer migration to SAP Business Objects BI4.2 using 360suite solutions Vanderbilt University Medical Center's Larry Morrow, BI Manager, shares where the VUMC BI Team are finding ROI in a live interview regarding the 360Suite of Business Objects tools (https://360suite.io) at the 2017 ASUG conference in Nashville, TN. According to Larry, the top reasons for investing in the 360Suite are: 1. Reducing Consulting Costs / Improved Control - The 360Suite of Business Objects Tools allow his small BI Team to manage & scale across projects like migrations, regression testing, etc. where they previously had to use outside Consultants. 2. Improved Visibility – The BI Team now has access to 360Eyes (https://360suite.io/360eyes) - “BI on BI”, or Metadata & Impact Analysis across their SAP BusinessObjects Platform, which allows clean up, and improving the usability of their landscape for both IT & Business Users. 3. Risk Mitigation – Thanks to 360Plus (https://360suite.io/360plus), the VUMC BI Team now has a bulletproof Back-Up & Disaster Recovery strategy to address the risk of users or the system behaving badly. 4. Excellent Support – Larry talks at length about his BI team’s experience working with the 360Suite Customer Success Team, and the difference that makes to him. Find out more here: https://360suite.io/

Business Objects Upgrade Leveraging 360Suite: How Vanderbilt University Medic...

Sebastien Goiffon

ADManager Plus is a simple, easy-to-use Windows Active Directory Management and Reporting Solution that helps AD Administrators and Help Desk Technicians with their day-to-day activities. With a centralized and Intuitive web-based UI, the software handles a variety of complex tasks like Bulk Management of User accounts and other AD objects, Delegate Role based access to Help Desk Technicians, and generates an exhaustive list of AD Reports, some of which are an essential requirement to satisfy Compliance Audits. What problems does it solve? Eliminates repetitive, mundane and complex tasks associated with AD Management. Automates routine AD Management and Reporting activities for AD Administrators. Facilitates Creation, Management and deletion of AD objects in Bulk. Acts as an essential resource during Compliance Audits like SOX, HIPAA, etc What features does it offer? Single and Bulk User Management Computer Management Group Management OU-based Administration Contact Management Help Desk Delegation AD reports (Schedulable/Compliance Oriented) What platforms/vendors/technologies does it support? Platforms: Windows (32-bit/64-bit support). Technology: Windows Active Directory. Vendor: Microsoft.

ADManager Plus Active Directory Management & Reporting

PhuongTam6

Windows Server 2012 Managing Active Directory Domain

Napoleon NV

DevOps, Databases and The Phoenix Project UGF4042 from OOW14

Kyle Hailey

MCSA 70-412 Chapter 12

Computer Networking

A Backup Today Saves Tomorrow

Andrew Moore

BGOUG "Agile Data: revolutionizing database cloning'

Kyle Hailey

Automating AD Domain Services Administration

Napoleon NV

Accelerate your SAP BusinessObjects to the Cloud

Wiiisdom

DockerCon Europe 2018 Monitoring & Logging Workshop

Brian Christner

Are the Native SQL Server Backup Utilities Holding You Back?

SQLDBApros

Kscope 14 Presentation : Virtual Data Platform

Kyle Hailey

Active Directory touches everything in a Windows environment. It’s responsible for authentication, but it’s also a permissions system, a configuration management system, and an activity monitoring system. Being mission critical it also requires guaranteed backups. Yet oddly these four activities are perhaps the most problematic for all but the most enterprise of businesses. They require deep-level knowledge, scripting experience, and hacker-level technical chops if you’re to accomplish them successfully. In this webinar, we’ll review some of Active Directory Management’s biggest problems and provide simple solutions for fixing them: Delegation Backup & Restore Group Policy Management Auditing Greg Shields of Concentrated Technology has been working with Active Directory since before most directories were active. He’s seen what works, and what fails miserably. And he’s ready to see how his native solutions stack up to the automated alternatives one gets with solutions like ScriptLogic’s Active Administrator. Join Greg and Todd Tobias of ScriptLogic to see where spending “time” versus “money” makes the best sense in solving 4 of Active Directory’s biggest problems.

Solving 4 of Active Directory Management’s Biggest Problems with Simple Solut...

ScriptLogic

Accelerate Develoment with VIrtual Data

Kyle Hailey

Many Microsoft partners have found success driving revenue and delivering solutions with Office 365. Partners have built profitable service portfolios by selling, implementing, and creating value-added services for Office 365. But there are many additional opportunities from Microsoft which enable Office 365 partners to elevate productivity for their customers. Microsoft Dynamics CRM Online is such an opportunity. Dynamics CRM Online is a customer relationship management solution which allows your customers to track relationships and interactions, automate business processes and gain valuable insights into their own customers. Capabilities include Sales Force Automation, Marketing Automation, Customer Service and Social Media Insight. O365 and CRM Online give customers an incredible solution and partners a fantastic new offering. Adding CRM Online to O365 lets customers cut through the clutter—to zero in and easily identify what they need to do next. It lets them find a relevant way to connect with their customer so they can win faster. And lets them collaborate with people, find, and access the information they need to ultimately sell more and grow their business. By adding CRM Online, you elevate the discussion to business solutions. Plus, in addition to sales, Dynamics CRM has great solutions across marketing, customer service, and social listening & engagement. xRM extends this to industry-specific solutions. In this technical training we introduce Dicker Data reseller partners to Managing and deploying customizations; Configuring role-based security; Customizing entities, adding fields and relationships; Building forms for users to input and retrieve data; Presenting clear information in views and charts; Combining data sources on a dashboard; Going beyond role-based record-level security and assisting users through their business processes.

Microsoft Dynamics CRM Certification Training

David Blumentals

SQL Server Extended Events

Stuart Moore

Case study: Life Cycle Management for SAP BusinessObjects platform as well as...

Sebastien Goiffon

cv(1)

Vivek Dubey

How does Quest Software fit into a Microsoft hybrid environment?

Xylos

AWS re:Invent 2013 - MBL303 Gaming Ops - Running High-performance Ops for Mob...

Eduardo Saito

Similar to Robert Waldinger - How to recover active directory if disaster should occur (20)

Business Objects Upgrade Leveraging 360Suite: How Vanderbilt University Medic...

ADManager Plus Active Directory Management & Reporting

Windows Server 2012 Managing Active Directory Domain

DevOps, Databases and The Phoenix Project UGF4042 from OOW14

MCSA 70-412 Chapter 12

A Backup Today Saves Tomorrow

BGOUG "Agile Data: revolutionizing database cloning'

Automating AD Domain Services Administration

Accelerate your SAP BusinessObjects to the Cloud

DockerCon Europe 2018 Monitoring & Logging Workshop

Are the Native SQL Server Backup Utilities Holding You Back?

Kscope 14 Presentation : Virtual Data Platform

Solving 4 of Active Directory Management’s Biggest Problems with Simple Solut...

Accelerate Develoment with VIrtual Data

Microsoft Dynamics CRM Certification Training

SQL Server Extended Events

Case study: Life Cycle Management for SAP BusinessObjects platform as well as...

cv(1)

How does Quest Software fit into a Microsoft hybrid environment?

AWS re:Invent 2013 - MBL303 Gaming Ops - Running High-performance Ops for Mob...

Recently uploaded

Manulife - Insurer Innovation Award 2024

The Digital Insurer

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

This presentation explores the impact of HTML injection attacks on web applications, detailing how attackers exploit vulnerabilities to inject malicious code into web pages. Learn about the potential consequences of such attacks and discover effective mitigation strategies to protect your web applications from HTML injection vulnerabilities. for more information visit https://bostoninstituteofanalytics.org/category/cyber-security-ethical-hacking/

HTML Injection Attacks: Impact and Mitigation Strategies

Boston Institute of Analytics

The presentation explores the development and application of artificial intelligence (AI) from its inception to its current status in the modern world. The term "artificial intelligence" was first coined by John McCarthy in 1956 to describe efforts to develop computer programs capable of performing tasks that typically require human intelligence. This concept was first introduced at a conference held at Dartmouth College, where programs demonstrated capabilities such as playing chess, proving theorems, and interpreting texts. In the early stages, Alan Turing contributed to the field by defining intelligence as the ability of a being to respond to certain questions intelligently, proposing what is now known as the Turing Test to evaluate the presence of intelligent behavior in machines. As the decades progressed, AI evolved significantly. The 1980s focused on machine learning, teaching computers to learn from data, leading to the development of models that could improve their performance based on their experiences. The 1990s and 2000s saw further advances in algorithms and computational power, which allowed for more sophisticated data analysis techniques, including data mining. By the 2010s, the proliferation of big data and the refinement of deep learning techniques enabled AI to become mainstream. Notable milestones included the success of Google's AlphaGo and advancements in autonomous vehicles by companies like Tesla and Waymo. A major theme of the presentation is the application of generative AI, which has been used for tasks such as natural language text generation, translation, and question answering. Generative AI uses large datasets to train models that can then produce new, coherent pieces of text or other media. The presentation also discusses the ethical implications and the need for regulation in AI, highlighting issues such as privacy, bias, and the potential for misuse. These concerns have prompted calls for comprehensive regulations to ensure the safe and equitable use of AI technologies. Artificial intelligence has also played a significant role in healthcare, particularly highlighted during the COVID-19 pandemic, where it was used in drug discovery, vaccine development, and analyzing the spread of the virus. The capabilities of AI in healthcare are vast, ranging from medical diagnostics to personalized medicine, demonstrating the technology's potential to revolutionize fields beyond just technical or consumer applications. In conclusion, AI continues to be a rapidly evolving field with significant implications for various aspects of society. The development from theoretical concepts to real-world applications illustrates both the potential benefits and the challenges that come with integrating advanced technologies into everyday life. The ongoing discussion about AI ethics and regulation underscores the importance of managing these technologies responsibly to maximize their their benefits while minimizing potential harms.

Artificial Intelligence: Facts and Myths

Joaquim Jorge

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

With more memory available, system performance of three Dell devices increased, which can translate to a better user experience Conclusion When your system has plenty of RAM to meet your needs, you can efficiently access the applications and data you need to finish projects and to-do lists without sacrificing time and focus. Our test results show that with more memory available, three Dell PCs delivered better performance and took less time to complete the Procyon Office Productivity benchmark. These advantages translate to users being able to complete workflows more quickly and multitask more easily. Whether you need the mobility of the Latitude 5440, the creative capabilities of the Precision 3470, or the high performance of the OptiPlex Tower Plus 7010, configuring your system with more RAM can help keep processes running smoothly, enabling you to do more without compromising performance.

Boost PC performance: How more available memory can improve productivity

Principled Technologies

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

Scaling API-first – The story of a global engineering organization

Radu Cotescu

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

Recently uploaded (20)

Manulife - Insurer Innovation Award 2024

Exploring the Future Potential of AI-Enabled Smartphone Processors

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

HTML Injection Attacks: Impact and Mitigation Strategies

Artificial Intelligence: Facts and Myths

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

Powerful Google developer tools for immediate impact! (2023-24 C)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Boost PC performance: How more available memory can improve productivity

How to Troubleshoot Apps for the Modern Connected Worker

Strategies for Landing an Oracle DBA Job as a Fresher

Scaling API-first – The story of a global engineering organization

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

AWS Community Day CPH - Three problems of Terraform

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Artificial Intelligence Chap.5 : Uncertainty

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Apidays New York 2024 - The value of a flexible API Management solution for O...

Robert Waldinger - How to recover active directory if disaster should occur

1. Robert Waldinger How to recover Active Directory if disaster should occur

2. Bio – Robert Waldinger • • • • System Consultant Work for Dell Software Live in Munich Blog: http://de.community.dell.com/techcenter/b/ windows_management/

3. Disaster • „it can never happen to me“ • „oh really?“

4. Disasters – What do you think of?

5. Companies think about this…

6. Disaster from IT’s Point of View

7. Disaster from Admin Point of View

8. How do companies prepare for a Disaster? • Disasters are unpredictable – recovery shouldn’t be • Recovery should be: – Planned, predictable and controlled – Documented for the people that will use it • Adjustable for unavailable team members – Tested, practiced and updated periodically • Automate where possible • Without practice, chance of success < 10% • Without planning, chance of success = 0%

9. AD-Recovery Use Cases • • • • • Recover object Recover attribute Recover GPO Recover Sysvol Forest Recovery

10. Recover Object

11. Tombstone Reanimation • isDeleted attribute • „CN=Deleted Objects“ (naming context) • 180 days – Default since Win 2003 SP1 delete Live Tombstoned Reanimate tombstone/ authoritative restore Garbagecollection Physically deleted

12. Recycle Bin • Prerequesites – All DC‘s must run Windows Server 2008 R2 or higher – Forest Level Windows Server 2008 R2 • Enable Recycle Bin – Enable-ADOptionalFeature –Identity ‘CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=test,DC=lab’ –Scope ForestOrConfigurationSet –Target ‘test.lab’ delete Live Deleted Undelete/ authoritative restore Recycle Recycled Garbagecollection Physically deleted

13. Deleted object lifetime - msDS-deletedObjectLifetime Tombstone lifetime (recycled object lifetime) - tombstoneLifetime Both in CN=Directory Service,CN=Windows NT, CN=Services,CN=Configuration,DC=test,DC=lab

14. Demo Recover Objects with Windows Server 2012 Admin Center and configure AD Recycle Bin

15. Recover attribute

16. Reasons for attribute recovery • Data import failed • Error in IDM systems

17. Problems • Object was not deleted  recycle bin would not help • Other changed attributes should not be overwritten • Also schema extensions should be covered

18. Demo Recover single attributes with Recovery Manager for AD

19. Recover GPO

20. Problems • 3rd party solution needed • Sysvol, AD and registry needs to be covered

21. Solutions AD Backup/Recovery tool GPO-Management tool • Additional benefits: – Versioning – Change history – workflows

22. Demo Recover GPO changes

23. Recover Sysvol

24. • Authoritive restore • Restore files/scripts • Restore system State offline

25. Forest Recovery

26. Microsoft Guideline Identify the problem Perform initial recovery Decide how to recover the forest Cleanup Redeploy remaining DC‘s • http://technet.microsoft.com/en-us/library/planning-activedirectory-forest-recovery(v=ws.10).aspx

27. Tools to be familiar with • • • • • Adsiedit.msc Ntdsutil.exe Repadmin.exe Netdom.exe Nltest.exe

28. Proof your concept • Make sure your concept reflects the Microsoft guide • Make sure you have a working backup and all needed information ready • Do a forest recovery test at least once a year (Fire drill)

29. Demo Forest-Recovery with Recovery-Manager-for-AD Forest Edition

30. AD Forest Disaster Recovery – What you don‘t know will hurt you • Whitepaper: https://software.dell.com/white paper/active-directory-forestdisaster-recovery-what-youdont-know-will-hurt-you822479

31. Please evaluate the session before you leave  .. and don’t forget to visit my blog: http://de.community.dell.com /techcenter/b/ windows_management

Editor's Notes

System Administrator since early days of Windows NT 4Went through all versions of Active Directory from 2000 on
So whatis a Disaster?
VirusComputer crymeWormmaliciousemployeesPhishingHacker
Hours to days of downtimeNo productivityCompanies like automotive industry cannot produce cars
What does this mean for YOU as an Administrator?
This are the Use Cases I want to go through with youIncluding live demos
Native AD featuresTombstone ReanimationRecycle Bin
Invented windows server 2003Increased the livetime from 60 to 180 days with 2003 SP1Recover ObjectGUID, objectSidGarbage Collection every 12 hours on every DC (garbageCollPeriod – Attribute)Using 3rd party tools it’s possible (also in windows 2000) to “recover” objects online
Deleted ObjectAfter you enable Active Directory Recycle Bin, when an Active Directory object is deleted the system preserves all the object’s link-valued and non-link-valued attributes and the object becomes “logically deleted,” which is a new state in Windows Server 2008 R2. A deleted object is moved to the Deleted Objects container, with its distinguished name mangled. A deleted object remains in the Deleted Objects container in a logically deleted state throughout the duration of the deleted object lifetime.Within the deleted object lifetime, you can recover a deleted object and make it a live Active Directory object again. Within the deleted object lifetime, you can also recover a deleted object through an authoritative restore from a backup of AD DS.Recycled ObjectAfter the deleted object lifetime expires, the logically deleted object is turned into a recycled object and most of its attributes are stripped away. A “recycled object,” which is a new state in Windows Server 2008 R2, remains in the Deleted Objects container until its recycled object lifetime expires. After the recycled object lifetime expires, the garbage-collection process physically deletes the recycled Active Directory object from the database.By default, a recycled object in Windows Server 2008 R2 preserves the same set of attributes as a tombstone object in Windows Server 2003 and Windows Server 2008. To change the set of attributes that are preserved on a Windows Server 2008 R2 recycled object (that is, to make sure that a particular attribute of an object is preserved when this object becomes recycled), set the value of the searchFlags attribute in the schema. This process is similar to the process for preserving attributes on Windows Server 2003 and Windows Server 2008 tombstone objects.DeletedobjectlifetimemsDS-deletedObjectLifetimeTombstone lifetime (recycledobjectlifetime)tombstoneLifetimeBoth in CN=Directory Service,CN=Windows NT, CN=Services,CN=Configuration,DC=test,DC=lab
CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=your,DC=domain
Objects are NOT deleted!
Not possible with native tools
Marked provides different solutions/approaches
Web interface
HopefullyneverhappensLot ofmanualsteps
Be sure to HAVE A PLAN!Even with only 1 or 2 DC’s

Robert Waldinger - How to recover active directory if disaster should occur

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (7)

Similar to Robert Waldinger - How to recover active directory if disaster should occur

Similar to Robert Waldinger - How to recover active directory if disaster should occur (20)

More from Nordic Infrastructure Conference

More from Nordic Infrastructure Conference (20)

Recently uploaded

Recently uploaded (20)

Robert Waldinger - How to recover active directory if disaster should occur

Editor's Notes