Active Directory Disaster Recovery Table of Contents

Table of Contents

• Preface

• Chapter 1: An Overview of Active Directory Disaster Recovery
• What is Disaster Recovery?
• Why is Disaster Recovery Needed?
• Conventions Used in This Book
• Disaster Recovery for Active Directory
• Disaster Types and Scenarios Covered by This Book
• Recovery of Deleted Objects
• Single DC Hardware Failure
• Single DC AD Corruption
• Site AD Corruption
• Corporate (Complete) AD Corruption
• Complete Site Hardware Failure
• Corporate (Complete) Hardware Failure
• Summary

• Chapter 2: Active Directory Design Principles
• Active Directory Elements
• The Active Directory Forest
• The Active Directory Tree
• Organizational Units and Leaf Objects
• Active Directory Sites
• Group Policy Objects
• Domain Design: Single Forest, Single Domain, and Star Shaped
• Domain Design: Single Forest, Single Domain, Empty Root, Star Shaped
• Domain Design: Multi-Domain Forest
• Domain Design: Multi-Forest
• LRS—Lag Replication Site
• Design Your Active Directory
• Naming Standards
• Username and Service Account Naming
• Group Policy Naming
• Design with Scalability in Mind
• Flexible Single Master Operation Roles (FSMO)
• Migration from Other Authentication Services
• Keeping Up-To-Date and Safe
• Documentation
• Backups
• Summary

• Chapter 3: Design and Implement a Disaster Recovery Plan for Your Organization
• Analyze the Risks, Threats, and the Ways to Mitigate
• The Two-Part, 10 Step Implementation Guide
• Part One: The Steps for General Implementation
• Calculate and Analyze
• Create a Business Continuity Plan
• Present it to the Management (Part 1 and 2)
• Define Roles and Responsibilities
• Train the Staff for DR
• Test Your DRP Frequently
• Part Two: Implementing a Disaster Recovery Plan for AD
• Writing is Not All
• Ensure that Everyone is Aware of Locations of the DRP
• Define the Order of Restoration for Different Systems (Root First in Hub Site, then Add One Server etc.)
• Go back to "Presentation to Management"
• Summary

• Chapter 4: Strengthening AD to Increase Resilience
• Baseline Security
• Domain Policy
• Domain Controller Security Policy
• Securing Your DNS Configuration
• Secure Updates
• Split Zone DNS
• Active Directory Integrated Zones
• Configuring DNS for Failover
• DHCP within AD
• Tight User Controls and Delegation
• Proper User Delegation
• Group Full control
• Group with Less Control
• Group to Allow Password Resets
• Central Logging
• Proper Change Management
• Virtualization and Lag Sites
• Resource Assignment
• Backups and Snapshots
• Deployment
• Sites and Services Explained
• Creating Sites, Subnets, and Site Links
• Setting Replication Schedules and Costs
• Cost
• Scheduling
• Site Scheduling
• Link Scheduling
• Lag Sites and Warm Sites
• Configuring a Lag Site
• Creating, Configuring and Using a Warm Site
• Summary

• Chapter 5: Active Directory Failure On a Single Domain Controller
• Problems and Symptoms
• Symptoms
• Causes
• Solution Process
• Solution Details
• Verification of Corruption
• Tools for Verification
• Sonar
• Options to Recover and Stop the Spread of Corruption
• Option One: Restoring AD from a Backup
• Option Two: Replication
• Option Three: Rebuild DC with Install from Media
• Summary

• Chapter 6: Recovery of a Single Failed Domain Controller
• Problems and Symptoms
• Causes
• Solution Process
• Solution Details
• Cleaning of Active Directory before Recovery Starts
• Active Directory Deletion of Old Domain Controller Records
• DNS and Graphical Actions Needed to Complete the Process
• Recovery of the Failed DC
• Summary

• Chapter 7: Recovery of Lost or Deleted Users and Objects
• Problems and Symptoms
• Causes
• Solution Process
• Phantom Objects
• Tombstones
• Increase the Tombstone Lifetime
• Lingering Objects
• Prerequisites
• Method One: Recovery of Deleted or Lost Objects with Enhanced NTDSutil
• Method Two: Recovery of Deleted or Lost Objects with Double Restore
• Method Three: Recovery of Deleted or Lost Objects Done Manually
• GPO Recovery
• Backing Up Using the GPMC
• Restore Using the GPMC
• If You do not have the GPMC...
• Summary

• Chapter 8: Complete Active Directory Failure
• Scenario
• Causes
• Recovery Process
• Part One: Restore the First DC of Your Root or Primary Domain
• Part Two: Restore the First DC in Each of the Remaining Domains
• Part Three: Enable the DC in the Root Domain to be a Global Catalog
• Part Four: Recover Additional DCs in the Forest by Installing Active Directory
• Post Recovery Steps
• Summary

• Chapter 9: Site AD Infrastructure Failure (Hardware)
• Scenario
• Causes
• Recovery Process
• Considerations: Different Hardware and Bare Metal
• Considerations: Software
• Restore Process
• Virtual Environments
• Summary

• Chapter 10: Common Recovery Tools Explained
• Software for Your DCs and Administration
• Windows Support Tools
• Windows Resource Kit Tools
• Adminpack for Windows XP/Vista Clients
• Diagnosing and Troubleshooting Tools
• DcDiag
• NetDiag

• Monitoring with Sonar and Ultrasound
• Introducing Sonar
• Introducing Ultrasound
• Details
• Alert History
• Summary and Advanced Tabs
• Summary

• Appendix A: Sample Business Continuity Plan
• Nailcorp Business Continuity Plan
• PURPOSE
• Description of the Service
• SCOPE
• Responsibilities and Roles
• OBJECTIVES
• What we are trying to achieve with this document is:
• COMMUNICATIONS
• CALL TREE
• Disaster declaration criteria for Active Directory service
• Functional restoration
• Recovery site(s)
• Necessary alternative site materials
• TECHNICAL RECOVERY STEPS TO RECOVER A FAILED DC
• APPENDICES
• Active Directory Service and support personnel
• Support documentation for the application/service attached to this plan
• Shared Contacts
• Damage Assessment Forms
• GLOSSARY

• Bibliography
• Chapter 1
• Chapter 2
• Chapter 3
• Chapter 4
• Chapter 5
• Chapter 6
• Chapter 7
• Chapter 8
• Chapter 9
• Chapter 10
• Appendix

• Index