netwrix active directory object restore wizard...netwrix active directory object restore wizard...
TRANSCRIPT
NetWrix Active Directory Object Restore Wizard
Version 7
Quick Start Guide
NetWrix Active Directory Object Restore Wizard Quick Start Guide
Contents
1. INTRODUCTION ............................................................................................................................................................ 3
1.1. LICENSING ......................................................................................................................................................................... 4
2. GETTING STARTED........................................................................................................................................................ 5
2.1. SYSTEM REQUIREMENTS ...................................................................................................................................................... 5 2.2. UPGRADING FROM PREVIOUS VERSIONS ................................................................................................................................. 6 2.3. INSTALLATION AND CONFIGURATION ...................................................................................................................................... 6
3. REVERTING UNWANTED CHANGES .............................................................................................................................. 7
4. ADDITIONAL FUNCTIONALITY .................................................................................................................................... 12
5. CONTACTING NETWRIX .............................................................................................................................................. 12
6. ABOUT NETWRIX PRODUCTS ..................................................................................................................................... 13
7. DISCLAIMER ............................................................................................................................................................... 14
NetWrix Active Directory Object Restore Wizard Quick Start Guide
3
1. Introduction Restoring deleted objects, incorrect modifications, unauthorized changes to group memberships, and other information in Active Directory can be a difficult and error-prone task-sometimes it is impossible. Should somebody accidentally drop a user or an entire Organizational Unit, you've got a lot of work to do on your weekend or Friday night. You will, of course, have to learn the Active Directory architecture, including object types, tombstone, and attributes, and you still may not obtain 100% recovery of certain attributes (for example, group membership, home directory, enabled/disabled status). Native and third-party backup and recovery tools in most cases require non-authoritative restore and DC downtime, and they don't always have object-level restore capabilities.
NetWrix Active Directory Object Restore Wizard is a tool that allows you to quickly restore deleted and modified objects in Windows 2003 or 2008 Active Directory without rebooting a domain controller. This tool goes beyond the standard tombstone capabilities in Active Directory and stores more information than what is normally preserved in the Active Directory tombstone.
This tool is a part of NetWrix Active Directory Change Reporter, so you will have a convenient change management solution, and you won't have to do manual tracking of unauthorized changes or perform routine manual recovery. You just receive a daily report of all changes and launch the wizard if recovery is required. Summary reports show what objects and attributes have been changed, deleted, or added in Active Directory to ease recovery tasks and to help you perform object- or even attribute-level recoveries.
NetWrix Active Directory Change Reporter installation package contains the following products (all the products are installed by default):
Active Directory Change Reporter;
Group Policy Change Reporter;
Exchange Change Reporter;
Active Directory Object Restore Wizard.
You will be able to configure which products to run later.
NetWrix Active Directory Object Restore Wizard Quick Start Guide
4
1.1. Licensing The Active Directory Object Restore Wizard comes in two Editions: Freeware and Enterprise. The table below outlines the differences between them.
Feature Freeware Edition Enterprise Edition
Enterprise-class scalability Limited Full
A single installation handles multiple managed domains
No Yes
Integrated management console for unified administration of all NetWrix products
No Yes
Rollback timeframe Limited, only changes made within last 4 days Any rollback point since installation
Technical Support Support Forum Full range of options
Licensing Free of charge Per enabled AD account or volume license,
please see our pricing information or request a quote
The Freeware Edition can be used by businesses and individuals for an unlimited time, at no charge. The Enterprise Edition can be evaluated free of charge for 20 days.
The Enterprise Edition of this product is available with extended functionality and technical support. The Freeware Edition is limited in recovery backlog – it only allows restoring objects that were changed, deleted, or added over the last 4 days.
NetWrix Active Directory Object Restore Wizard Quick Start Guide
5
2. Getting Started Follow the instructions below to install and configure the Active Directory Object Restore Wizard.
2.1. System Requirements
Please verify that your system matches the following requirements before installing the product:
Hardware
Processor: Minimum: Intel or AMD 32 bit, 2GHz; Recommended: Intel or AMD 64 bit, 3GHz.
Memory: Minimum: 512MB RAM; Recommended: 2GB RAM.
Disk: Minimum: 50MB physical disk space for product installation. More space is required for the Audit Archiving,
depending on the number of objects in Active Directory; Recommended: two physical drives with 50GB of free space total.
Software
The product can be installed on any computer running Windows XP SP2 or higher. The computer must belong to a managed or trusted domain.
NOTE: On the Active Directory Object Restore Wizard installation, the Group Policy Change Reporter part of this package is also installed automatically. In order for the Group Policy Change Reporter to monitor GP Preferences, the Active Directory Change Reporter has to be installed on Windows Vista or above.
Supported Active Directory environments (both 32 and 64-bit): Windows 2000; Windows Server 2003, any forest mode (mixed, native, 2K3); Windows Server 2008 (including R2).
Other required components: .NET Framework 2.0, 3.0 or 3.5; Microsoft Management Console (MMC) 3.0 or above;
NetWrix Active Directory Object Restore Wizard Quick Start Guide
6
2.2. Upgrading from Previous Versions
If you are upgrading from one of the previous version of the product, to the version 7, consider the following:
Upgrading from the Freeware Edition of older versions to the Enterprise Edition of version 7 is not supported. Please remove the existing version of the Active Directory Change Reporter before installing the new one.
Upgrading from the Standard or Enterprise Edition of older versions to the Enterprise Edition of version 7 is supported.
2.3. Installation and Configuration To install the product, run the setup program on the computer you have chosen.
Figure 1: Installation wizard final step
Uncheck Start NetWrix Active Directory Change Reporter Enterprise Edition and click Finish.
To launch the Active Directory Object Restore Wizard when the Active Directory Change Reporter is installed, go to Start | Programs | NetWrix | Active Directory Change Reporter | Active Directory Object Restore Wizard.
NetWrix Active Directory Object Restore Wizard Quick Start Guide
7
3. Reverting Unwanted Changes The Active Directory Object Restore Wizard lets you choose a time period during which the unwanted changes occurred and finds the most recent and stabile restoration point (a snapshot of the Active Directory state) from all those that were saved by the Active Directory Change Reporter , and thoroughly examine the differences between rollback point and the current Active Directory state.
With the Object Restore Wizard you can:
Spot unauthorized changes to objects and their properties;
Detect incidental Active Directory modifications and any other unwanted modifications that must be reverted;
Selectively revert all unwanted changes without touching the rest of Active Directory structure.
Prior to starting the wizard, do the following:
1. Configure Active Directory Change Reporter – create a new managed object for the domain being monitored (for details please refer to the Active Directory Change Reporter Administrator’s Guide).
2. Collect and store Active Directory data (an Active Directory snapshot will be created; then you will be able to use it as a rollback point). For that, open the Enterprise Management Console, open the Active Directory Change Reporter managed object node and click Run.
3. Then modify your Active Directory (for example, create a sample group) to see how you can roll back the modification.
NetWrix Active Directory Object Restore Wizard Quick Start Guide
8
To revert unwanted changes to your Active Directory objects:
4. Select the Active Directory Object Restore Wizard from the Start menu.
On the Welcome step, click Next. Then choose the period of time when the unwanted changes occurred. There are two methods of restoring: either for the time period from the selected Rollback date and By the specified date, or for the period of the selected Rollback date and By present date and time.
Figure 2: Rollback date interval selection
Use the first method when it is necessary to restore the important data existed up to the current time.
Use the second method when it is necessary to rollback changes occurred in a certain time period.
Warning: If it is necessary to restore the changes occurred up to the existing moment, choose the By present date and time option.
After choosing the time period, click Next.
NetWrix Active Directory Object Restore Wizard Quick Start Guide
9
5. On the Select Restore Source page it is necessary to select the restoration type.
Figure 3: Restoration source selection
There are two possible types: from a snapshot generated by the Active Directory Change Reporter or a tombstone. Rolling back to a snapshot is more preferable way since it lets restoring the objects themselves as well as all of their attributes, saved in the snapshot. Restoring from a tombstone is a last resort measure that can be taken if there are no suitable snapshots available. This way allows restoring objects and attributes stored in the Active Directory tombstone. The tombstone holds only the basic objects attributes. After choosing the restoration method, you have to choose the domain to apply the restoration to and click Next.
While restoring from a snapshot, you can choose one of the two ways of restoration point selection:
Automatic search (used by default);
Manual search – can be enabled by choosing Select rollback point manually.
The program automatically searches for the most recent snapshot that will cover the selected time interval entirely when the first method is selected. Based on this criterion, the snapshots search is conducted among snapshots created before the specified date. If no suitable snapshot can be found, one created after the selected date will be used. In this case, as this snapshot does not cover the specified interval entirely, the message will pop up:
Figure 4: Snapshot absence warning
NetWrix Active Directory Object Restore Wizard Quick Start Guide
10
6. The next step is Analyzing Changes (see the picture below).
Figure 5: Change analysis progress
While reverting to a snapshot the Object Restore Wizard will selectively consider all the changes that occurred starting from the date of the snapshot found.
While restoring from a tombstone, the Object Restore Wizard will selectively consider all the elements put in the tombstone during the specified period of time.
Wait for the change analysis to complete.
7. The analysis results are displayed in a convenient view so that you can easily analyze them and decide which changes you want to keep and which you don’t.
Figure 6: A list of changes available for rollback
NetWrix Active Directory Object Restore Wizard Quick Start Guide
11
8. Here you can select an item you need to explore in detail. The changes (if any) made to selection will be shown; to roll them back, select a checkbox next to the item, to leave the changes untouched, the checkbox must be cleared. For the change you highlight, the rollback details are reported. Information depends on the change type (addition, removal, etc.) and affected objects or attributes.
Review the selections you made:
A clear box indicates that none of the node's descendants has been marked for roll-back;
A box colored green indicates that at least one of the node's descendants has been marked for roll-back;
A box with a check indicates that change was marked for roll-back and will be reverted.
It is necessary to realize the peculiarity of rolling back the changes. By default, the Object Restore Wizard does not restore passwords, and this is why it sets a random password for a restored user. The Active Directory administrator then has to manually change the password to a correct one.
Warning: If you want the computers and users to be restored with their passwords preserved, please refer to the Active Directory Change Reporter Administrator’s Guide.
Important: The wizard does not change anything when you select or clear items in the changes view. All modifications to Active Directory are performed only after you click Next.
9. Click Next to let the Object Restore Wizard revert the changes you have selected.
10. Finally, review the results and click Finish.
NetWrix Active Directory Object Restore Wizard Quick Start Guide
12
4. Additional Functionality With NetWrix Active Directory Change Reporter deployed in your network environment you can also receive reports and alerts on changes made to Active Directory. For details, refer to the Active Directory Change Reporter Quick Start Guide.
5. Contacting NetWrix If you encounter any issues during your testing or use of product, please first check the knowledge base:
http://netwrix.com/knowledge_base.html
If you can’t find a solution for your issue in the Knowledge Base, then contact NetWrix technical support:
www.netwrix.com/support
201-490-8840 x1 for technical support
NetWrix Active Directory Object Restore Wizard Quick Start Guide
13
6. About NetWrix Products
Solutions developed by NetWrix Corporation help organizations to meet compliance standards, simplify identity management, and reduce IT infrastructure costs. The product line includes solutions for change management, identity management, virtualization, and Active Directory troubleshooting.
Enterprise Management Suite: NetWrix Enterprise Management Suite is a rich collection of all NetWrix products combined together into one integrated solution. The suite is well-maintained and regularly updated with new versions and completely new products that all customers are entitled to as long as their maintenance is up to date.
Change Reporter Suite: The Change Reporter Suite is an integrated solution for automated tracking and reporting of all critical changes in the entire IT infrastructure, including Active Directory, file servers, Microsoft Exchange, filer appliances such as NetApp or EMC, virtual and physical infrastructure, SQL Server databases. Everything is centrally audited, consolidated, and presented in easy to understand reports with before and after values of all “who, what, when and where” modifications.
Identity Management Suite: The NetWrix Identity Management Suite brings convenience, enhanced security, and brings sensible benefits to everyone within an organization. The solution resolves account lockouts, forgotten passwords and password expiration problems, while also providing user account de-provisioning and privileged password management.
Active Directory Change Reporter: Full-featured Active Directory auditing and compliance solution with full coverage of AD, Group Policy, Exchange, and object-level rollback capabilities. Tracks who changed what, when, and where in Active Directory and related systems.
USB Blocker: USB Blocker enforces centralized access control to prevent unauthorized use of removable media that connects to computer USB ports—memory sticks, removable hard disks, iPods, and more.
File Server Change Reporter: File server and filer appliance auditing solution. Supports Windows servers, NetApp Filers, EMC appliances.
SQL Server Change Reporter: Auditing and reporting solution to monitor changes to SQL servers, instances, database schema, logins and roles, etc.
Privileged Account Manager: Shared access to privileged accounts with automatic password maintenance.
Non-owner Mailbox Access Reporter: Track users who access other user’s mailboxes and report unauthorized access to mailboxes of C and VP-level accounts.
Password Manager: product gives end users the ability to securely manage their passwords and resolve account lockout incidents in a self-service fashion without involvement of help desk personnel.
Lockout Examiner: detects, diagnoses, and resolves account lockouts in real time to reduce administrative costs associated with manual resolution of account lockouts.
Full list of products: http://www.netwrix.com/products.html For more information, please visit www.netwrix.com or call our toll-free number: +1-888-638-9749.
NetWrix Active Directory Object Restore Wizard Quick Start Guide
14
7. Disclaimer The information in this publication is furnished for information use only, does not constitute a commitment from NetWrix Corporation of any features or functions discussed and is subject to change without notice. NetWrix Corporation assumes no responsibility or liability for any errors or inaccuracies that may appear in this publication.
NetWrix is a registered trademark of NetWrix Corporation. The NetWrix logo and all other NetWrix product or service names and slogans are registered trademarks or trademarks of NetWrix Corporation. Active Directory is a trademark of Microsoft Corporation. All other trademarks and registered trademarks are property of their respective owners.
© 2011 NetWrix Corporation. All rights reserved. www.netwrix.com