Configure and manage Active Directory - Administering Windows Server 2012 R2

Information Technology Reference

In-Depth Information

Thought experiment

Developing a comprehensive Active Directory backup

and recovery plan

In this thought experiment, apply what you've learned about this objective. You can

find answers to these questions in the “Answers” section at the end of this chapter.

You are the network administrator for TreyResearch.net. You have been asked to

develop a comprehensive Active Directory backup and recovery plan for the com-

pany. You need to include recommendations on backup types and details on how to

restore backups in a variety of use cases.

After a series of meetings, you've identified several recovery use cases, including

major disaster recovery to a new location; total failure of a domain controller, in-

cluding one holding one or more operations master roles; inadvertent or deliberate

deletion of a major portion of Active Directory; and inadvertent or deliberate

deletion of individual objects in Active Directory.

1. What solutions would you propose for the total failure of a domain controller

that doesn't hold operations master roles?

2. What solutions would you propose for the recovery of an entire Active Directory

container?

3. What solutions would you propose for the recovery of individual objects in Ac-

tive Directory?

Objective summary

■ Windows Server Backup can be used to create system state backups as well as critical

files and full server backups. All three types can be used to restore Active Directory.

■ The legacy command line for Windows Server Backup is wbadmin.exe, and there is a

full set of Windows PowerShell cmdlets as well.

■ Use Install From Media to do an offline domain controller promotion. Create the media

in Ntdsutil.exe and use Install-ADDSDomainController with the -InstallationMediaPath

parameter.

■ Use offline defragmentation to optimize the Active Directory database.

■ Use Active Directory snapshots to take a point-in-time view of Active Directory.

■ Use Ldp.exe or the ADObject cmdlets to perform an object-level or container-level

recovery.

■ Use an authoritative Active Directory restore to recover to a specific point in time.

■ Use a non-authoritative Active Directory restore to recover from hardware or software

failure.

■ Enable and use the Active Directory Recycle Bin to restore deleted objects or containers.

Search WWH ::

Custom Search

Home