robert waldinger - how to recover active directory if disaster should occur

Robert WaldingerHow to recover Active Directory if disaster should occur

Bio – Robert Waldinger• System Consultant• Work for Dell Software• Live in Munich• Blog: http://de.community.dell.com/techcenter/b/windows_management/

Disaster• „it can never happen to me“• „oh really?“

Disasters – What do you think of?

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=4Pre9FcVMZVZjM&tbnid=X66pcW2ialfwKM:&ved=0CAUQjRw&url=http://hornetshype.com/wp/2008/08/27/all-that-you-cant-leave-behind/&ei=oet8UqyvGdLK4AO074CICw&bvm=bv.56146854,d.dmg&psig=AFQjCNHrptdka9f379GxWcAKKNQQLU1fPw&ust=1384004605777907

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=n_7JkINwFATAGM&tbnid=tsiqFbsNq3MNoM:&ved=0CAUQjRw&url=http://www.labeez.org/2010/09/katrina-victims-speak-out-on-reality-of-hurricanes-aftermath.php&ei=fet8Uo59juTgA5mlgKAM&bvm=bv.56146854,d.dmg&psig=AFQjCNHrptdka9f379GxWcAKKNQQLU1fPw&ust=1384004605777907

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=2bD1-kCX0la_iM&tbnid=Tm1uJM-3Z3eJiM:&ved=0CAUQjRw&url=http://www.openedge.ru/read/586/&ei=fPh8Ur7JCse24APbgIGoAw&bvm=bv.56146854,d.dmg&psig=AFQjCNEwZkKydYK4ES8NywbfEtvDeND1fQ&ust=1384007947986078

Companies think about this…

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=eSm4Fibp6N8OCM&tbnid=nv6Q7MABlUJaUM:&ved=0CAUQjRw&url=http://www.praguepost.com/opinion/5996-virtual-hostage.html&ei=wux8UrbcGqHA4AO3loGgBg&bvm=bv.56146854,d.dmg&psig=AFQjCNG9zHOZG_oJLHeEZUvbpHF8YduZjA&ust=1384005124157608

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=fActL2k4r8OW0M&tbnid=S4aqqcYQ-EHefM:&ved=0CAUQjRw&url=http://defensetech.org/2011/09/12/cyber-terrorism-now-at-the-top-of-the-list-of-security-concerns/&ei=Be18UsYmuKfgA8vqgagI&bvm=bv.56146854,d.dmg&psig=AFQjCNG9zHOZG_oJLHeEZUvbpHF8YduZjA&ust=1384005124157608

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=yVifUVGITrlIOM&tbnid=uey_WQ8cE1Ib-M:&ved=0CAUQjRw&url=http://massivedynamic.hubpages.com/hub/What-Is-Cyber-Terrorism&ei=dO18UtaFGs7D4AP2roCIBQ&bvm=bv.56146854,d.dmg&psig=AFQjCNG9zHOZG_oJLHeEZUvbpHF8YduZjA&ust=1384005124157608

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=eSm4Fibp6N8OCM&tbnid=nv6Q7MABlUJaUM:&ved=0CAUQjRw&url=http://blog.executivebiz.com/2010/06/cyber-expert-india-a-partner-in-fighting-cyber-terrorism/&ei=sOx8UqqUJrOi4APU-oGIBQ&bvm=bv.56146854,d.dmg&psig=AFQjCNG9zHOZG_oJLHeEZUvbpHF8YduZjA&ust=1384005124157608

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=goeY2TOWhUStjM&tbnid=-LWLENWxHQm6HM:&ved=0CAUQjRw&url=http://themoderatevoice.com/26654/cyberterrorism-the-largely-ignored-looming-terrorist-threat/&ei=0u58UoGCLJTB4AO5noHYDw&bvm=bv.56146854,d.dmg&psig=AFQjCNG9zHOZG_oJLHeEZUvbpHF8YduZjA&ust=1384005124157608

Disaster from IT’s Point of View

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=fzv1NdM-9tGu4M&tbnid=nM-kJ3eObIAi5M:&ved=0CAUQjRw&url=http://www.protecit.co.uk/17/disaster-recovery.html&ei=J_l8UvTSH7D_4APNv4CgBQ&bvm=bv.56146854,d.dmg&psig=AFQjCNEwZkKydYK4ES8NywbfEtvDeND1fQ&ust=1384007947986078

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=CItRrmLxXd1nCM&tbnid=KjpHJf6lG7eJDM:&ved=0CAUQjRw&url=http://www.techsolutions.cc/oklahoma/tulsa/it-services/disaster-planning-recovery/&ei=rfl8UrfmHcev4AOqj4H4Bg&bvm=bv.56146854,d.dmg&psig=AFQjCNEwZkKydYK4ES8NywbfEtvDeND1fQ&ust=1384007947986078

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=zt9nxcvOVSA29M&tbnid=rXlAg_oelaSDQM:&ved=0CAUQjRw&url=http://blog.capital.org/top-5-ways-to-recognize-a-disgruntled-employee/&ei=9AJ9UtzCIri54APVgYGQAg&v6u=https://s-v6exp1-ds.metric.gstatic.com/gen_204?ip=74.202.85.162&ts=1383924421866705&auth=alaz3zliljmg3bj2nkvaayupr75g7tqj&rndm=0.611772368326996&v6s=2&v6t=51245&bvm=bv.56146854,d.dmg&psig=AFQjCNF1fE5fyuRy8SIqQuI9RHBSWzZLDA&ust=1384010857195502

http://www.google.com/url?sa=i&source=images&cd=&cad=rja&docid=QowZimNbV8VumM&tbnid=4tDSdm-WOTZnBM:&ved=0CAgQjRwwAA&url=http://www.coveybasics.com/blog/2011/09/are-you-your-employees-morale-problem/&ei=agN9Uq-ODfS44APF54DYAw&psig=AFQjCNFfHcf99JnYUJyKUKh3975sag5OVQ&ust=1384010986240862

Disaster from Admin Point of View

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=bI2IV6e_9vW0kM&tbnid=xwsop82ugiChIM:&ved=0CAUQjRw&url=http://aradialecrawe.wordpress.com/page/3/&ei=GQR9UuOlEuH94APD2YHgAw&psig=AFQjCNEpMSh9tqMdwmHdOK1VeTUyZz6AVA&ust=1384011022328005

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=M6iXSxfJvGkOQM&tbnid=fGCt6zVJRbqgeM:&ved=0CAUQjRw&url=http://careerrocketeer.com/2011/05/what-to-do-when-your-boss-hovers-over-you.html&ei=oQN9Uub-C6-p4APj0ICABQ&v6u=https://s-v6exp1-ds.metric.gstatic.com/gen_204?ip=74.202.85.162&ts=1383924421866705&auth=alaz3zliljmg3bj2nkvaayupr75g7tqj&rndm=0.9223105768730624&v6s=2&v6t=33157&psig=AFQjCNEpMSh9tqMdwmHdOK1VeTUyZz6AVA&ust=1384011022328005

http://www.google.com/url?sa=i&source=images&cd=&cad=rja&docid=941PvKyXXu1LSM&tbnid=Dt9H3_cu3jlhFM:&ved=0CAgQjRwwAA&url=http://www.dreamstime.com/royalty-free-stock-photography-cartoon-frustrated-office-worker-image8398547&ei=LwN9UubjH5XH4AP2q4HgDw&psig=AFQjCNEvtWDi-UPmlIINFev03c5rIlEVUQ&ust=1384010927557238

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=9KT8F7O5PnaEfM&tbnid=XK-ysX9HHDqMYM:&ved=0CAUQjRw&url=http://dangerouslee.biz/2012/10/11/how-to-job-hunt-without-your-boss-knowing/&ei=6QN9UvT0ArH64APlqIHADA&psig=AFQjCNEpMSh9tqMdwmHdOK1VeTUyZz6AVA&ust=1384011022328005

How do companies prepare for a Disaster?• Disasters are unpredictable – recovery shouldn’t be

• Recovery should be:– Planned, predictable and controlled– Documented for the people that will use it

• Adjustable for unavailable team members– Tested, practiced and updated periodically

• Automate where possible• Without practice, chance of success < 10%• Without planning, chance of success = 0%

AD-Recovery Use Cases• Recover object• Recover attribute• Recover GPO• Recover Sysvol• Forest Recovery

Recover Object

Tombstone Reanimation• isDeleted attribute• „CN=Deleted Objects“ (naming context)• 180 days – Default since Win 2003 SP1

Live Tombstoned Physically deleted

delete

Reanimate tombstone/authoritative restore

Garbage-collection

Recycle Bin• Prerequesites

– All DC‘s must run Windows Server 2008 R2 or higher– Forest Level Windows Server 2008 R2

• Enable Recycle Bin– Enable-ADOptionalFeature –Identity ‘CN=Recycle Bin

Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=test,DC=lab’ –Scope ForestOrConfigurationSet –Target ‘test.lab’

Live Deleted Physically deleted

delete

Undelete/ authoritative restore

Garbage-collection

RecycledRecycle

Deleted object lifetime

- msDS-deletedObjectLifetime

Tombstone lifetime (recycled object lifetime)

- tombstoneLifetime

Both in CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=test,DC=lab

Demo Recover Objects with Windows Server 2012 Admin Centerand configure AD Recycle Bin

Recover attribute

Reasons for attribute recovery• Data import failed• Error in IDM systems

Problems• Object was not deleted

recycle bin would not help• Other changed attributes should not be

overwritten• Also schema extensions should be covered

DemoRecover single attributeswith Recovery Manager for AD

Recover GPO

Problems• 3rd party solution needed• Sysvol, AD and registry needs to be covered

SolutionsAD Backup/Recovery tool

GPO-Management tool• Additional benefits: – Versioning– Change history– workflows

DemoRecover GPO changes

Recover Sysvol

• Authoritive restore• Restore files/scripts• Restore system State offline

Forest Recovery

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=M6iXSxfJvGkOQM&tbnid=fGCt6zVJRbqgeM:&ved=0CAUQjRw&url=http://careerrocketeer.com/2011/05/what-to-do-when-your-boss-hovers-over-you.html&ei=oQN9Uub-C6-p4APj0ICABQ&v6u=https://s-v6exp1-ds.metric.gstatic.com/gen_204?ip=74.202.85.162&ts=1383924421866705&auth=alaz3zliljmg3bj2nkvaayupr75g7tqj&rndm=0.9223105768730624&v6s=2&v6t=33157&psig=AFQjCNEpMSh9tqMdwmHdOK1VeTUyZz6AVA&ust=1384011022328005

Microsoft Guideline

• http://technet.microsoft.com/en-us/library/planning-active-directory-forest-recovery(v=ws.10).aspx

Identify the problem

Decide how to recover the forest

Perform initial recovery

Redeploy remaining DC‘s

Cleanup

http://technet.microsoft.com/en-us/library/planning-active-directory-forest-recovery(v=ws.10).aspx




Tools to be familiar with

• Adsiedit.msc• Ntdsutil.exe• Repadmin.exe• Netdom.exe• Nltest.exe

Proof your concept• Make sure your concept reflects the Microsoft guide• Make sure you have a working backup and all

needed information ready• Do a forest recovery test at least once a year

(Fire drill)

Demo

Forest-Recovery with Recovery-Manager-for-AD Forest Edition

AD Forest Disaster Recovery – What you don‘t know will hurt you

• Whitepaper: https://software.dell.com/whitepaper/active-directory-forest-disaster-recovery-what-you-dont-know-will-hurt-you822479

Please evaluate the session before you leave

.. and don’t forget to visit my

blog: http://de.community.dell.com/

techcenter/b/windows_management

robert waldinger - how to recover active directory if disaster should occur

Technology

cn windows nt

cn services

cn configuration

dc test

dell

recovery

http

disaster