Active Directory is the foundation of our networks. If AD isn’t up, nothing else is. Not even cloud apps if you are using federation. Thankfully AD is pretty resilient – unless someone purposefully or accidentally destroys AD. It happens. Here’s a list of examples I know of personally:
- Public accounting firm’s IT audit team corrupts Active Directory at a client’s site while collecting information
- Disgruntled admin, in a fit of rage, deletes an OU containing several thousand users
- Invalid bitmask in an IPv6 subnet definition in Microsoft Sites and Services
- Corrupted DIT file due to memory or disk errors
- Malicious outsider gains access to IT infrastructure of a company and deletes so much data company goes out of business
- Accidental DNS zone deletion brings down all customer access to a cloud SaaS provider
US-CERT specifically calls out targeted destructive malware and protections to take with Active Directory.
In a recent conversation on this, I was surprised how many people think they can rely on Windows Server 2012 R2’s AD Recycle Bin. In this webinar my long-time colleague, Brian Hymer, and I will explore destructive risks to Active Directory. We will classify them into 4 types of AD destructive disasters:
- Domain node object deletion
- Special object deletion
- Attribute changes
- Forest level emergencies
For each of these areas we’ll discuss your options for recovery including:
- System state recovery
- Forest level recovery
- Recycle bin
We aren’t talking about recovering individual domain controllers that go down. In this webinar we are focusing on when objects in AD are deleted or otherwise modified or when AD itself is corrupted beyond a single domain availability issue.
It basically comes down to this: unless it’s simply a matter of domain node objects (users, groups, computers…) being deleted - there's a good chance the Recycle Bin just isn’t going to cut it for you. AD is not as compartmentalized in terms of domains and domain controllers as many people think.
Brian and I will delve into all of these issues and make sure you understand how to prepare for and execute a successful forest recovery. Not something you want to do but you certainly want to know you can do it when it becomes necessary.
After that, Brian will briefly show you how Dell's Recovery Manager for AD can automatically protect your AD and help you recover a completely destroyed AD forest within a very short period of time. Please register now and join us for this real training for free ™.