Robert Waldinger - How to recover active directory if disaster should occur

Tags:

Post on 11-Nov-2014

2826 Views

Category:

Technology

1 Downloads

Preview:

Click to see full reader

DESCRIPTION

 

Transcript

Robert WaldingerHow to recover Active Directory if disaster should occur

Bio – Robert Waldinger• System Consultant• Work for Dell Software• Live in Munich• Blog: http://de.community.dell.com/techcenter/b/windows_management/

Disaster• „it can never happen to me“• „oh really?“

Disasters – What do you think of?

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=4Pre9FcVMZVZjM&tbnid=X66pcW2ialfwKM:&ved=0CAUQjRw&url=http://hornetshype.com/wp/2008/08/27/all-that-you-cant-leave-behind/&ei=oet8UqyvGdLK4AO074CICw&bvm=bv.56146854,d.dmg&psig=AFQjCNHrptdka9f379GxWcAKKNQQLU1fPw&ust=1384004605777907
http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=n_7JkINwFATAGM&tbnid=tsiqFbsNq3MNoM:&ved=0CAUQjRw&url=http://www.labeez.org/2010/09/katrina-victims-speak-out-on-reality-of-hurricanes-aftermath.php&ei=fet8Uo59juTgA5mlgKAM&bvm=bv.56146854,d.dmg&psig=AFQjCNHrptdka9f379GxWcAKKNQQLU1fPw&ust=1384004605777907
http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=2bD1-kCX0la_iM&tbnid=Tm1uJM-3Z3eJiM:&ved=0CAUQjRw&url=http://www.openedge.ru/read/586/&ei=fPh8Ur7JCse24APbgIGoAw&bvm=bv.56146854,d.dmg&psig=AFQjCNEwZkKydYK4ES8NywbfEtvDeND1fQ&ust=1384007947986078

Companies think about this…

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=eSm4Fibp6N8OCM&tbnid=nv6Q7MABlUJaUM:&ved=0CAUQjRw&url=http://www.praguepost.com/opinion/5996-virtual-hostage.html&ei=wux8UrbcGqHA4AO3loGgBg&bvm=bv.56146854,d.dmg&psig=AFQjCNG9zHOZG_oJLHeEZUvbpHF8YduZjA&ust=1384005124157608
http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=fActL2k4r8OW0M&tbnid=S4aqqcYQ-EHefM:&ved=0CAUQjRw&url=http://defensetech.org/2011/09/12/cyber-terrorism-now-at-the-top-of-the-list-of-security-concerns/&ei=Be18UsYmuKfgA8vqgagI&bvm=bv.56146854,d.dmg&psig=AFQjCNG9zHOZG_oJLHeEZUvbpHF8YduZjA&ust=1384005124157608
http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=yVifUVGITrlIOM&tbnid=uey_WQ8cE1Ib-M:&ved=0CAUQjRw&url=http://massivedynamic.hubpages.com/hub/What-Is-Cyber-Terrorism&ei=dO18UtaFGs7D4AP2roCIBQ&bvm=bv.56146854,d.dmg&psig=AFQjCNG9zHOZG_oJLHeEZUvbpHF8YduZjA&ust=1384005124157608
http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=eSm4Fibp6N8OCM&tbnid=nv6Q7MABlUJaUM:&ved=0CAUQjRw&url=http://blog.executivebiz.com/2010/06/cyber-expert-india-a-partner-in-fighting-cyber-terrorism/&ei=sOx8UqqUJrOi4APU-oGIBQ&bvm=bv.56146854,d.dmg&psig=AFQjCNG9zHOZG_oJLHeEZUvbpHF8YduZjA&ust=1384005124157608
http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=goeY2TOWhUStjM&tbnid=-LWLENWxHQm6HM:&ved=0CAUQjRw&url=http://themoderatevoice.com/26654/cyberterrorism-the-largely-ignored-looming-terrorist-threat/&ei=0u58UoGCLJTB4AO5noHYDw&bvm=bv.56146854,d.dmg&psig=AFQjCNG9zHOZG_oJLHeEZUvbpHF8YduZjA&ust=1384005124157608

Disaster from IT’s Point of View

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=fzv1NdM-9tGu4M&tbnid=nM-kJ3eObIAi5M:&ved=0CAUQjRw&url=http://www.protecit.co.uk/17/disaster-recovery.html&ei=J_l8UvTSH7D_4APNv4CgBQ&bvm=bv.56146854,d.dmg&psig=AFQjCNEwZkKydYK4ES8NywbfEtvDeND1fQ&ust=1384007947986078
http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=CItRrmLxXd1nCM&tbnid=KjpHJf6lG7eJDM:&ved=0CAUQjRw&url=http://www.techsolutions.cc/oklahoma/tulsa/it-services/disaster-planning-recovery/&ei=rfl8UrfmHcev4AOqj4H4Bg&bvm=bv.56146854,d.dmg&psig=AFQjCNEwZkKydYK4ES8NywbfEtvDeND1fQ&ust=1384007947986078
http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=zt9nxcvOVSA29M&tbnid=rXlAg_oelaSDQM:&ved=0CAUQjRw&url=http://blog.capital.org/top-5-ways-to-recognize-a-disgruntled-employee/&ei=9AJ9UtzCIri54APVgYGQAg&v6u=https://s-v6exp1-ds.metric.gstatic.com/gen_204?ip=74.202.85.162&ts=1383924421866705&auth=alaz3zliljmg3bj2nkvaayupr75g7tqj&rndm=0.611772368326996&v6s=2&v6t=51245&bvm=bv.56146854,d.dmg&psig=AFQjCNF1fE5fyuRy8SIqQuI9RHBSWzZLDA&ust=1384010857195502
http://www.google.com/url?sa=i&source=images&cd=&cad=rja&docid=QowZimNbV8VumM&tbnid=4tDSdm-WOTZnBM:&ved=0CAgQjRwwAA&url=http://www.coveybasics.com/blog/2011/09/are-you-your-employees-morale-problem/&ei=agN9Uq-ODfS44APF54DYAw&psig=AFQjCNFfHcf99JnYUJyKUKh3975sag5OVQ&ust=1384010986240862

Disaster from Admin Point of View

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=bI2IV6e_9vW0kM&tbnid=xwsop82ugiChIM:&ved=0CAUQjRw&url=http://aradialecrawe.wordpress.com/page/3/&ei=GQR9UuOlEuH94APD2YHgAw&psig=AFQjCNEpMSh9tqMdwmHdOK1VeTUyZz6AVA&ust=1384011022328005
http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=M6iXSxfJvGkOQM&tbnid=fGCt6zVJRbqgeM:&ved=0CAUQjRw&url=http://careerrocketeer.com/2011/05/what-to-do-when-your-boss-hovers-over-you.html&ei=oQN9Uub-C6-p4APj0ICABQ&v6u=https://s-v6exp1-ds.metric.gstatic.com/gen_204?ip=74.202.85.162&ts=1383924421866705&auth=alaz3zliljmg3bj2nkvaayupr75g7tqj&rndm=0.9223105768730624&v6s=2&v6t=33157&psig=AFQjCNEpMSh9tqMdwmHdOK1VeTUyZz6AVA&ust=1384011022328005
http://www.google.com/url?sa=i&source=images&cd=&cad=rja&docid=941PvKyXXu1LSM&tbnid=Dt9H3_cu3jlhFM:&ved=0CAgQjRwwAA&url=http://www.dreamstime.com/royalty-free-stock-photography-cartoon-frustrated-office-worker-image8398547&ei=LwN9UubjH5XH4AP2q4HgDw&psig=AFQjCNEvtWDi-UPmlIINFev03c5rIlEVUQ&ust=1384010927557238
http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=9KT8F7O5PnaEfM&tbnid=XK-ysX9HHDqMYM:&ved=0CAUQjRw&url=http://dangerouslee.biz/2012/10/11/how-to-job-hunt-without-your-boss-knowing/&ei=6QN9UvT0ArH64APlqIHADA&psig=AFQjCNEpMSh9tqMdwmHdOK1VeTUyZz6AVA&ust=1384011022328005

How do companies prepare for a Disaster?• Disasters are unpredictable – recovery shouldn’t be

• Recovery should be:– Planned, predictable and controlled– Documented for the people that will use it

• Adjustable for unavailable team members– Tested, practiced and updated periodically

• Automate where possible• Without practice, chance of success < 10%• Without planning, chance of success = 0%

AD-Recovery Use Cases• Recover object• Recover attribute• Recover GPO• Recover Sysvol• Forest Recovery

Recover Object

Tombstone Reanimation• isDeleted attribute• „CN=Deleted Objects“ (naming context)• 180 days – Default since Win 2003 SP1

Live Tombstoned Physically deleted

delete

Reanimate tombstone/authoritative restore

Garbage-collection

Recycle Bin• Prerequesites

– All DC‘s must run Windows Server 2008 R2 or higher– Forest Level Windows Server 2008 R2

• Enable Recycle Bin– Enable-ADOptionalFeature –Identity ‘CN=Recycle Bin

Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=test,DC=lab’ –Scope ForestOrConfigurationSet –Target ‘test.lab’

Live Deleted Physically deleted

delete

Undelete/ authoritative restore

Garbage-collection

RecycledRecycle

Deleted object lifetime

- msDS-deletedObjectLifetime

Tombstone lifetime (recycled object lifetime)

- tombstoneLifetime

Both in CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=test,DC=lab

Demo Recover Objects with Windows Server 2012 Admin Centerand configure AD Recycle Bin

Recover attribute

Reasons for attribute recovery• Data import failed• Error in IDM systems

Problems• Object was not deleted

recycle bin would not help• Other changed attributes should not be

overwritten• Also schema extensions should be covered

DemoRecover single attributeswith Recovery Manager for AD

Recover GPO

Problems• 3rd party solution needed• Sysvol, AD and registry needs to be covered

SolutionsAD Backup/Recovery tool

GPO-Management tool• Additional benefits: – Versioning– Change history– workflows

DemoRecover GPO changes

Recover Sysvol

• Authoritive restore• Restore files/scripts• Restore system State offline

Forest Recovery

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=M6iXSxfJvGkOQM&tbnid=fGCt6zVJRbqgeM:&ved=0CAUQjRw&url=http://careerrocketeer.com/2011/05/what-to-do-when-your-boss-hovers-over-you.html&ei=oQN9Uub-C6-p4APj0ICABQ&v6u=https://s-v6exp1-ds.metric.gstatic.com/gen_204?ip=74.202.85.162&ts=1383924421866705&auth=alaz3zliljmg3bj2nkvaayupr75g7tqj&rndm=0.9223105768730624&v6s=2&v6t=33157&psig=AFQjCNEpMSh9tqMdwmHdOK1VeTUyZz6AVA&ust=1384011022328005

Microsoft Guideline

• http://technet.microsoft.com/en-us/library/planning-active-directory-forest-recovery(v=ws.10).aspx

Identify the problem

Decide how to recover the forest

Perform initial recovery

Redeploy remaining DC‘s

Cleanup

http://technet.microsoft.com/en-us/library/planning-active-directory-forest-recovery(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/planning-active-directory-forest-recovery(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/planning-active-directory-forest-recovery(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/planning-active-directory-forest-recovery(v=ws.10).aspx

Tools to be familiar with

• Adsiedit.msc• Ntdsutil.exe• Repadmin.exe• Netdom.exe• Nltest.exe

Proof your concept• Make sure your concept reflects the Microsoft guide• Make sure you have a working backup and all

needed information ready• Do a forest recovery test at least once a year

(Fire drill)

Demo

Forest-Recovery with Recovery-Manager-for-AD Forest Edition

AD Forest Disaster Recovery – What you don‘t know will hurt you

• Whitepaper: https://software.dell.com/whitepaper/active-directory-forest-disaster-recovery-what-you-dont-know-will-hurt-you822479

Please evaluate the session before you leave

.. and don’t forget to visit my

blog: http://de.community.dell.com/

techcenter/b/windows_management

top related

How to Recover
Documents
Chelan County Community Climate Resilience Conversation ·....
Documents
XML Recover
Documents
Línea Tradicional Plus recover recover recover Model (1))
Documents
data recover know
Documents
design . build . recover
Documents
Código...7006 RECOVER SUERO FRASCO 500ML (TUTTI FRUTI) 7007...
Documents
Refuel. Rebuild. Recover.
Health & Medicine
Recover VBA Password
Documents
The Waldinger Corporation Office & Production Facility...
Documents
Second Generations: Past, Present, Future Roger Waldinger*.....
Documents
YOU WILL LEARN - Small Business Administration...need to...
Documents
Waldinger Marktfest 2010
Documents
We Do Recover
Documents
NESETTE - Kavod Senior Life...Frank & Evelinda Urman, In...
Documents
Recover from Upgrade Failures...Recover from Upgrade...
Documents