Active Directory Disaster Recovery

Book Image

Active Directory Disaster Recovery

By : Florian Rommel

Book Image

Active Directory Disaster Recovery

By: Florian Rommel

Overview of this book

Active Directory Disaster Recovery

Active Directory Disaster Recovery

Credits

About the Author

About the Author

About the Reviewers

About the Reviewers

Preface

Free Chapter

An Overview of Active Directory Disaster Recovery

An Overview of Active Directory Disaster Recovery

What is Disaster Recovery?

Why is Disaster Recovery Needed?

Conventions Used in This Book

Disaster Recovery for Active Directory

Disaster Types and Scenarios Covered by This Book

Active Directory Design Principles

Active Directory Design Principles

Active Directory Elements

Domain Design: Single Forest, Single Domain, and Star Shaped

Domain Design: Single Forest, Single Domain, Empty Root, Star Shaped

Domain Design: Multi-Domain Forest

Domain Design: Multi-Forest

LRS—Lag Replication Site

Design Your Active Directory

Keeping Up-To-Date and Safe

Design and Implement a Disaster Recovery Plan for Your Organization

Design and Implement a Disaster Recovery Plan for Your Organization

Analyze the Risks, Threats, and the Ways to Mitigate

The Two-Part, 10 Step Implementation Guide

Strengthening AD to Increase Resilience

Strengthening AD to Increase Resilience

Baseline Security

Securing Your DNS Configuration

Tight User Controls and Delegation

Central Logging

Proper Change Management

Virtualization and Lag Sites

Active Directory Failure On a Single Domain Controller

Active Directory Failure On a Single Domain Controller

Problems and Symptoms

Solution Process

Solution Details

Recovery of a Single Failed Domain Controller

Recovery of a Single Failed Domain Controller

Problems and Symptoms

Solution Process

Solution Details

Recovery of Lost or Deleted Users and Objects

Recovery of Lost or Deleted Users and Objects

Problems and Symptoms

Solution Process

Complete Active Directory Failure

Complete Active Directory Failure

Recovery Process

Site AD Infrastructure Failure (Hardware)

Site AD Infrastructure Failure (Hardware)

Recovery Process

Common Recovery Tools Explained

Common Recovery Tools Explained

Software for Your DCs and Administration

Diagnosing and Troubleshooting Tools

Monitoring with Sonar and Ultrasound

Sample Business Continuity Plan

Sample Business Continuity Plan

Nailcorp Business Continuity Plan

Description of the Service

Responsibilities and Roles

Disaster declaration criteria for Active Directory service

Functional restoration

Recovery site(s)

Necessary alternative site materials

TECHNICAL RECOVERY STEPS TO RECOVER A FAILED DC

Damage Assessment Forms

Bibliography

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Securing Your DNS Configuration

DNS represents AD's foundation, and all clients connected to an AD require a working and correct DNS in order to access resources. DNS has had several security flaws with significant impact. From an attacker's point of view, an unsecured or relaxed DNS environment is probably the best attack vector against an AD. Microsoft's TechNet white paper on securing an AD environment discusses best practices for securing DNS, in Chapter 6 (http://technet2.microsoft.com/windowsserver/en/library/cc1eff0a-3a9e-46d2-8a7d-6b2e16461c711033.mspx).

One DNS attack vector is a Denial of Service (DoS), which, by causing too much traffic for example, causes the DNS service to fail to respond to legitimate client queries. Another attack vector is DNS poisoning , which means that an attacker successfully modifies entries in the DNS database, which then causes client requests to resolve incorrectly. All traffic is then sent to the attacker's machine, which can cause a lot of problems...