Active Directory – Backup, Restore, and Monitor

Good Essays
Active Directory – Backup, Restore, and Monitor
The first thing I would do in implementing an Active Directory backup strategy is to install Windows Server Backup via the Server Manager console. Alternatively, this can be done via the command line assuming you have already installed the Windows PowerShell, or are running Windows Server 2008 in which it is included. This backup will be created to a CD or DVD and cannot be done to magnetic tapes or dynamic volumes. I would set up a scheduled backup, as opposed to a manual backup, using the Windows Server Backup utility. Again, this can be done via the command line using Wbadmin, but optimally, I’d stick to the Windows interface. It is important to note that these backups format this scheduled backup will format the drive to which it is writing the backup so one should use a local drive that does not host any critical files.
The information this automatic backup would backup is:
The system volume, including bootmgr.exe and the Boot Configuration Data
The boot volume, which hosts the Windows OS and the Registry The SYSVOL volume
The Ntds.dit that hosts the Active Directory Database.
The volume containing Active Directory Log Files
The volume that one writes this backup to must be at least 1MB larger than the critical volumes one is backing up.
I would ensure that replication exists between each domain controller in the forest. This replication would ensure fault tolerance, as well as availability and accessibility. I would use WBadmin to restore the database to its last known good configuration via a non-authoritative restore. Following this restoration method, replication will update information on all other domain controllers. If the Administrator fears that a mistake has already been written to other Domain Controllers via replication, an authoritative restore can be done through the NTDSutil command line utility that would mark that restored database as authoritative and thus overwrite the erroneous

You May Also Find These Documents Helpful

  • Good Essays

    Unit 8 Assignment 1

    • 509 Words
    • 3 Pages

    For safety backups should be stored off site because you could lose everything this will allow you to have the information off-site to be retrieved at a later date.…

    • 509 Words
    • 3 Pages
    Good Essays
  • Satisfactory Essays

    When creating a multi-layered security plan, I would look at all seven domains of the IT infrastructure and then increase the security on each of those domains because that will increase the security for the whole plan. In the user domain, this is the quickest way for the system to be compromised the users. So I would implement complex passwords including eight or more characters, both upper and lower case, and use of at least one special character. Passwords will also need to be changed every 90 days and the same password cannot be used again for three calendar years. In the workstation domain, I would make sure that each workstations, whether desktop or laptop has some security on it like antivirus and malware protection installed. Laptops can be very vulnerable for loss or theft, which would make me install an encrypted hard drive so if it is stolen the data can only be retrieved by the owner. For the LAN domain, just train all users about email scams. I would guess that most users know not to access suspicious emails when on our system but I would still implement to the users a quick training course. Then I we should add spam filters this will help get rid of most of the junk email. In the LAN-to-WAN domain, we need to shut down the File Transfer Protocol (FTP) server we have running and switch it over to use secure FTP so that only users allowed on our system can access our FTP server. In the WAN domain, we need to make sure that we have firewalls set up on our network that will filter all incoming traffic. This firewall will stop all traffic coming on to our system that is not meant or not wanted our network. In the Remote Access Domain, we need to establish strict user password policies, as well as lockout policies to defend against brute force attacks, require the use of authorization tokens have a real-time lockout procedure if token is lost, or stolen. The last domain is System/Application domain we need to…

    • 449 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    Unit 10 Assignment 1

    • 256 Words
    • 1 Page

    Your recovery procedure in case of a single DC failure in a domain with multiple domain controllers should involve cleaning the metadata, installing a replacement server, and promoting it to a domain controller (and seizing FSMO roles if required). As long as there is a working domain controller in the infrastructure, you should recover from an Active Directory domain controller failure by building a new domain controller, joining it to the existing domain, and allowing Active Directory replication to update it to the current state.…

    • 256 Words
    • 1 Page
    Satisfactory Essays
  • Satisfactory Essays

    There are many was to secure a business either small or large. If synchronizing the servers between each other, this process will create a backup of all the data between the servers, as well for arranging an off-site backup location to protect any further loss or corruption.…

    • 268 Words
    • 1 Page
    Satisfactory Essays
  • Good Essays

    you want to save your backup page?You cannot backup on the same partition where the system is, Windows backup tool does not allow this. If a virus infection or software failure occurs you would have to reformat your drive, it would be illogical for this tool to allow you to back up on the system partition. As we already know partitions are separate drives you cannot back up on the same drive it defeats the purpose of backing up. If that drive is erased so is the back up.…

    • 776 Words
    • 3 Pages
    Good Essays
  • Satisfactory Essays

    NT1330 Week 5 Essay Assignment Active Directory Developing a backup strategy for Active Directory requires planning and preparation. There are two options to choose from within Windows Server 2008. The first option is the Graphical User Interface (GUI) requires you to install the Windows Server Backup feature from the Server Manager console. The second option is the Command Line Interface (CLI) which requires you to install Windows PowerShell. I prefer using the GUI Server Manager console. This allows one to backup critical volumes such as the system volume, boot volume; volumes that host the SYSVOL share, Active Directory (AD) database Ntds.dit and log files. The backup schedule would run each night starting at midnight. By scheduling a backup plan to run after business hours, you reduce the risk of interfering with day to day business. I would schedule a full backup to run on Sundays with incremental backups Monday thru Saturday. I would also backup System State data after major configuration changes. This would allow restoring changes if needed. Windows Server Backup does not allow for a single file to be backed up. The volume hosting the file must be backed up. Restoring Active Directory (AD) using normal replication provides fault tolerance. If one domain controller fails and requires a fresh OS installation, AD can be reinstalled using the dcpromo tool. Next you would allow replication from other domain controllers to repopulate the AD database. When a single domain controller needs to be restored, I would use the wbadmin utility to perform a nonauthoritive restore of AD. This would restore the domain controller to a state before the backup. In the event of an administrative error such as deleting multiple users from a OU, an authoritative restore would be performed using the Ntdsutil utility. This would correct administrative errors that have been replicated to all domain controllers in the domain.…

    • 482 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    A reasonable approach for an AD password policy, this will be determined by how, & what your ideas are and what your trying to accomplish. I know that you’d mention that a competitor has recently been hack into and security is the number one thing that should be addressed. This does not have to mean that you have to lose productivity over trying to secure your networks information. Simple measure like user names and passwords can be used to protect less sensitive information however how strong you make those usernames and passwords can have a great effect on how well your information is protected.…

    • 428 Words
    • 2 Pages
    Good Essays
  • Powerful Essays

    storage reports, configuration of disk quotas, and use of filters for files users can store on the server…

    • 103696 Words
    • 415 Pages
    Powerful Essays
  • Satisfactory Essays

    This paperwork of IT 244 Week 3 Checkpoint Toolwire Smart Scenario Business Continuity Disaster Recovery consists of:…

    • 367 Words
    • 3 Pages
    Satisfactory Essays
  • Powerful Essays

    ADP CASE STUDY

    • 1218 Words
    • 5 Pages

    It is essential in any business to have trust in and between leaders. Building trust takes time, but is necessary. When there is no trust between leaders and workers of an organization, disaster will ensue. Workers tend to become disengaged, and leaders will branch off to lead their own departments in different directions, losing the vital communications needed to run a functional organization.…

    • 1218 Words
    • 5 Pages
    Powerful Essays
  • Better Essays

    Flexible single master operation (FSMO) Roles should be assigned to ensure the best recoverability and operation of your Domain Controllers.…

    • 1426 Words
    • 4 Pages
    Better Essays
  • Satisfactory Essays

    It 260

    • 662 Words
    • 3 Pages

    The two forest-wide FSMO roles that must be present on a single DC in the forest are the Domain Naming Master and the _____ Schema Master _____.…

    • 662 Words
    • 3 Pages
    Satisfactory Essays
  • Good Essays

    unit 7 lab 10

    • 595 Words
    • 3 Pages

    1. Full backup is a complete backup of everything you want to backup. Differential backup software looks at which files have changed since you last did a full backup. Then creates copies of all the files that are different from…

    • 595 Words
    • 3 Pages
    Good Essays
  • Satisfactory Essays

    AD FSMO Role Research

    • 414 Words
    • 2 Pages

    Active Directory is a multimaster database which means that updates can be made by any writeable DC. Some sensitive operations need to be controlled more stringently than others, such as schema management and adding or removing additional domains from an AD forest. These specified roles are called Flexible Single Master Operations (FSMO). This means only one DC in the replica ring can provide a particular operation.…

    • 414 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    NT1330Lab10Worksheet

    • 407 Words
    • 3 Pages

    You are about to make some configuration changes to your Active Directory database. You want to have a current System State data backup before you proceed.…

    • 407 Words
    • 3 Pages
    Satisfactory Essays