DOCSLIB.ORG

Granular Recovery of Active Directory Objects

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Granular Recovery of Active Directory Objects Granular Recovery of Active Directory Objects Andrew Zhelezko Veeam Technical Marketing Engineer Granular Recovery of Active Directory Objects Contents Introduction .......................................................................... 3 Reanimating Active Directory tombstone objects ..................................................................... 4 Active Directory recycle bin............................................................. 5 Windows Server Backup ...............................................................7 Active Directory application restore from a system state . 10 Active Directory snapshots ............................................................ 14 Veeam Explorer for Microsoft Active Directory ........................................... 16 Virtual Domain Controller . 16 Physical Domain Controller . 18 Active Directory object restore . 19 Conclusion ........................................................................... 24 Appendix A: Resources used ........................................................... 24 About the Author ..................................................................... 25 About Veeam Software ...............................................................25 © 2016 Veeam Software 2 Granular Recovery of Active Directory Objects Introduction Microsoft Active Directory is a standard in corporate environments where policy-based management and easy scalability are required . It’s almost impossible to imagine how system administrators would be able to do their jobs effectively if LDAP protocol didn’t exist . Not only is Active Directory a great power, but it's also a great responsibility — and it requires spending lots of time with it in order to maximize its capabilities . For example, creating and removing Active Directory objects is one of the most frequent requests for system administrators . Beyond that, there are many situations when something goes wrong and an admin is required to recover an Active Directory object, a bunch of objects or its attributes after an accidental change or even an intentional deletion . In this white paper, you will learn more about recovering Active Directory objects . I’ll show you a few different options for performing those tasks, including native Windows tools and external tools like Veeam® Explorer™ for Microsoft Active Directory . I’ll also compare these tools by performing the same operations with each of them . In addition, since it’s not possible to talk about recovery operations without mentioning backup, I’ll also discuss Domain Controller backup processes . Because Active Directory has existed for several years, there are more tools for managing it than I’m going to cover . This is not the ultimate guide to cover all possible scenarios or a universal solution to solve any Active Directory-related problem . Moreover, because there might be multiple domain controllers (DCs), complicated architectures and different security policies in your environment, I won’t be taking into consideration every single case . Feel free to reach out to me after you’ve read the white paper and I’d be happy to discuss your personal Active Directory experience or other interesting cases . © 2016 Veeam Software 3 Granular Recovery of Active Directory Objects Reanimating Active Directory tombstone objects Prior to Windows Server 2008 R2, a deleted Active Directory object was made immediately invisible to the administrator . Active Directory simply marked it as tombstoned, dropped most of its attributes and preserved it physically for a lifetime period (60 days for Windows Server 2000/2003 and 180 days for Windows 2003 SP1/2008), just to ensure that the information was successfully replicated across the system . Once a lifetime period was over, a special process called garbage collector physically removed the object from the database . The Tombstone mechanism was never intended to be a temporary recycle bin, and objects weren’t ever supposed to be reanimated, even if was technically possible to do so by using a program like ldp . Below, is my attempt to find all tombstoned objects in my lab . Figure 1. Searching deleted objects with LDP utility. If you’re interested in the reanimation of Active Directory tombstone objects, I recommend the following guide: https://technet.microsoft.com/en-us/magazine/2007.09.tombstones.aspx Pros: • Universal method for Windows 2003+ domains • DC doesn’t need to be down © 2016 Veeam Software 4 Granular Recovery of Active Directory Objects Cons: • Clunky user interface of LDP tool • Object attributes are not preserved • Works only for deleted, not changed, objects • Recovery is limited by a lifetime period value • No automation for hierarchy recovery Active Directory recycle bin Things started to change after Windows 2008 R2 when Microsoft implemented a long-awaited Active Directory recycle bin . The standard life cycle of an Active Directory object was extended and the logic of object deletion changed . With this feature enabled, the object started going to the deleted objects container right after deletion, where it’s kept for the lifetime of the deleted object . Most important, all of the object’s link-valued and non-link-valued attributes were able to be preserved by the system for the same lifetime period . This means you can now easily recover an object with those attributes during this period . Once the lifetime is over, the system changes the object status to recycled, drops most of its attributes and the objects becomes logically equal to what used to be tombstoned in Windows Server 2003 and Windows Server 2008 . The only difference is the recycled object can’t be restored or reanimated, so it should be automatically removed by a garbage collector . Figure 2. Active Directory Object life cycle with Active Directory recycle bin enabled So far, the Active Directory recycle bin is not enabled by default on any Windows Server OS . To utilize this tool, you should prepare your environment, make sure that every DC in your forest is running Windows Server 2008 R2 and above, and set your forest functional level to Windows 2008 R2 or above . NOTE: Enabling the Active Directory recycle bin requires you to upgrade the forest schema configuration and it can’t be undone later. © 2016 Veeam Software 5 Granular Recovery of Active Directory Objects Before using Active Directory recycle bin, keep in mind that: 1 . Enabling the Active Directory recycle bin changes all current tombstoned objects into recycled objects, so you won’t be able to restore them once enabling is done . 2 . The process of restoring multiple dependent objects can be difficult, since it requires a strict order of restore, starting from the higher-placed objects . 3 . In Windows Server 2008 R2, every operation related to the Active Directory recycled bin should be done via PowerShell cmdlets, no GUI provided . Windows Server 2012 and above introduce Active Directory Administration Center (ADAC), where all recycle bin operations can be performed via GUI . 4 . The recycle bin doesn’t have anything in common with Active Directory backup, and it won’t help to restore a whole DC if it is damaged . Figure 3. Enabling Active Directory recycle bin in Windows Server 2012 via ADAC Additional information about Active Directory recycle bin architecture in Windows Server 2008 R2 and above can be found here: • https://technet.microsoft.com/en-us/library/dd379542(v=ws.10).aspx • http://blogs.technet.com/b/askds/archive/2009/08/27/the-ad-recycle-bin-understanding- implementing-best-practices-and-troubleshooting.aspx Pros: • A universal method for Windows 2008 (or newer) domains • Object attributes are preserved for a lifetime period • Doesn’t require reboot of DC • GUI for Windows Server 2012+ © 2016 Veeam Software 6 Granular Recovery of Active Directory Objects Cons: • Works for Windows Server 2008 R2+ domains • Works only for deleted, not changed objects • Recovery is limited by a lifetime period value • No automation for hierarchy recovery Windows Server Backup The easiest way to protect the whole DC is to use native Windows Server Backup — a successor of the formerly used NTBackup utility . This feature comes with Windows Server 2008 and newer versions, and has the basic capabilities for backup and recovery of volumes, files and even system state . You can install it on your Domain Controller (DC) using the add roles and features wizard . Figure 4: Windows Server Backup feature installation Run wbadmin from the command line, or launch Windows Server Backup from the administrative tools to start the utility . You can make an individual backup, schedule a backup task or restore data from an existing backup point . © 2016 Veeam Software 7 Granular Recovery of Active Directory Objects Figure 5: wbadmin GUI Let’s make an Active Directory backup using this command line tool . First, run command line (cmd) in the elevated mode . Then, type wbadmin ? and get the list of supported commands . There is a special command for this case: wbadmin start systemstatebackup -backupTarget:<VolumeName>, which is where you should change <VolumeName> to any local volume or a path to a network share . NOTE: Once running, it grabs not only Active Directory-related items, which are needed for the Active Directory restore, but a system state, including the SYSVOL and NTDS folders, and puts them into a specified location. © 2016 Veeam Software 8 Granular Recovery of Active Directory Objects I’ll run the following script just to demonstrate how it works: wbadmin start systemstatebackup –backupTarget:d:
Load more

Recommended publications
  • Monitoring, Managing, and Recovering AD DS
    Module 13: Monitoring, managing, and recovering AD DS Lab: Recovering objects in AD DS (VMs: 20742B-LON-DC1) Exercise 1: Backing up and restoring AD DS Task 1: Install the Windows Server Backup feature 1. Switch to LON-DC1. 2. In Server Manager, click Manage, and then click Add roles and features. 3. In the Add Roles and Features Wizard, on the Before you begin page, click Next. 4. On the Select installation type page, click Next. 5. On the Select destination server page, click Next. 6. On the Select server roles page, click Next. 7. On the Select features page, in the Features list, select the Windows Server Backup check box, and then click Next. 8. On the Confirm installation selections page, click Install. 9. When the installation finishes, click Close. 10. Click Start, type cmd and then press Enter. 11. In the Command Prompt window, type the following, and then press Enter. cacls C:\Windows\System32\InputMethod\CHS\chsime.exe /E /P system:R Note: This command is only required for the lab environment, and is not part of typical backup procedures. 12. Close the Command Prompt window. Task 2: Create a scheduled backup 1. On LON-DC1, in Server Manager, click Tools, and then click Windows Server Backup. 2. In Windows Server Backup, click Local Backup, and then click Backup Schedule. 3. In the Backup Schedule Wizard, on the Getting Started page, click Next. 4. On the Select Backup Configuration page, click Custom, and then click Next. 5. On the Select Items for Backup page, click Add Items.
    [Show full text]
  • Backing up and Recovering Virtual Machines
    4959_Ch07_CMP3 4/20/05 5:30 PM Page 223 CHAPTER 7 ■ ■ ■ Backing Up and Recovering Virtual Machines For virtual machines running in a production environment, backup and recovery is just as serious as for all the other servers on the network. When running servers inside VMs, you’ll be faced with several new challenges, as well as advantages, when planning and implementing a backup strategy. In this chapter, you’ll explore the process of planning for and administering backup and recovery operations on VMs and VM hosts. Along the way, you’ll see the different approaches you can take to secure VM data, which include the following: •Traditional agent-based backups •Non-agent-based backups •Flat-file backups Also, many organizations have embraced the idea of maintaining a warm standby VM server that can be brought online if a primary server fails. This approach, for many organiza- tions, may mean that data is unavailable for a few minutes following the loss of a server. If you can’t afford to cluster all your systems, or if some of your applications don’t support clustering, then you may find this approach to be a perfect fit. Since the focus of this chapter is purely on VM backup and recovery, we’ll walk you through the process of maintaining a standby VM server in Chapter 14. Optimizing your backup strategy often means much more than simply installing software and letting it do its magic. Oftentimes, custom scripting is required to get the backup results you desire. Because of the importance of getting your virtual infrastructure to work around your needs (instead of the other way around), we’ll also show you several scripting ideas to both enhance and automate the backup, recovery, and availability of your VMs.
    [Show full text]
  • Avid Interplay Production Failover Cluster Host Network Driver Update Procedure
    Avid Interplay Production Failover Cluster Host Network Driver Update Procedure Overview: The act of applying network interface driver updates may introduce an error into the settings for the network adapters. To execute the driver updates it has been found that if the host node has the cluster service stopped before hand, the updates can be applied with no negative affects to the system. Microsoft has several server backup references and as always, having a proper backup will mitigate any pain should “a bad thing happen”. References: Backup and Recovery Overview for Windows Server 2008 R2 https://technet.microsoft.com/en-us/library/dd979562(v=ws.10).aspx You can create a backup using the Backup Schedule Wizard to enable backups to be run on a regular schedule or using the Backup Once Wizard to run a one-time backup. You can access both of these wizards from the Windows Server Backup Microsoft Management Console (MMC) snap-in. You can also create regular or one-time backups using the Wbadmin command or Windows PowerShell cmdlets for Windows Server Backup. Here are the articles below about the basic steps, you could take a look. https://technet.microsoft.com/en-sg/library/cc753528.aspx Windows Server 2012R2 - Backup http://www.c-sharpcorner.com/UploadFile/cd7c2e/how-to-create-backup-in-windows-server-2012/ http://krypted.com/windows-server/use-windows-backup-to-back-up-windows-server-2012/ Page | 1 Network Driver Update Steps: The updates will require a fail at some point so please the times and actions to be when a fail over of the Avid Workgroup server service will have a minimal production impact.
    [Show full text]
  • Backupassist V4 Vs. V6
    BackupAssist V4 vs. V6 TECHNICAL COMPARISON BackupAssist Version 4 vs. Version 6 www.BackupAssist.com © Cortex I.T. Labs 2001-2009 TECHNICAL COMPARISON BackupAssist V4 vs. V6 2 What are the major new features in BackupAssist v6? Ready for Server 2008 and 2008 R2 New: Windows Imaging Engine for fast drive imaging and hardware independent restore Internet Backup capabilities New: Backup via the Internet using the bandwidth efficient, in- file delta Rsync protocol; fully cloud ready, with AES 256-bit encryption and exact file backups, including NTFS security and attributes. File copying & replication capabilities New: High performance local file copying with single instance store, enabling hundreds of days of file version history Centralized Monitoring New: Monitor multiple jobs and installations using our managed service, and receive one daily email report for all your backup jobs Zip and encrypt (with tape drive New: compressed and encrypted ZIP backups to a wide support on Server 2008) variety of storage options, including tape drive. VSS application and System State New: Back up Microsoft applications like Exchange Server, backup SQL Server, and Hyper-V, and back up the System State on Windows XP, 2003, Vista, 7, 2008 and 2008 R2 using File Replication, Zip or Windows Imaging (Server 2008 R2). Hyper-V backup and restore New: Cover all Hyper-V disaster recovery scenarios with a single host-level image backup. Retrieve files and documents from any Guest Virtual Machine using BackupAssist‟s granular restore capabilities. Restore Console improvements New: File and VSS application restore from any File Replication, Rsync, Zip or Windows Image backup; System State restore from any File Replication or Zip backup; and Exchange mailbox and public folder restore.
    [Show full text]
  • Don't Hyper-Ventilate Over Hyper-V Backup!
    Don’t Hyper-Ventilate over Hyper-V backup! A straightforward solution to Hyper-V backup Presented by Linus Chang, Lead Developer of BackupAssist The theme of today is... Hyper-V! Today’s agenda 1. The causes of discomfort and concern 2. Solving the difficulty problem 3. Solving the price problem 4. What else can BackupAssist do? The causes of discomfort and concern Quick recap of the causes of Hyper-V hyperventilation: 1 Difficulty = stress = nervous breakdown Traditional backup methods don’t hit the spot! Not straightforward to image guests: no USB pass through How to back up multiple machines? 2 Price gives your client a heart attack Install a license on each guest machine? Install an expensive “special version” or “agent” to allow unlimited guest backups? Solving the difficulty problem The difficulty problems The difficulty problems: Recovery scenarios with a normal server Recovery scenarios Installation – on host or guest or both? Recovery scenarios with a hyper-v server One-pass or two-pass backup? BackupAssist handles all recovery scenarios One pass – backup the physical host only VM #1 VM #2 VM #3 Backup device Physical Server Two pass – backup the physical host first, VM #1 then the virtual guests VM #2 VM #3 Backup device Physical Server Solving the difficulty problem The problems Recovery scenarios with a normal server: Recovery scenarios with a normal server Recover the entire server from bare metal Recovery scenarios Recover specific files and folders with a hyper-v server Recover a complete Exchange Server BackupAssist
    [Show full text]
  • RDX Native Backup Wbadmin Windows Server 2012 with Multiple Cartridges
    RDX Native Backup WBAdmin Windows Server 2012 with multiple cartridges CASE: Enable Windows Native Backup on WS2012 to use multiple rdx cartridges (backup disk volumes) from a single RDX device setup in “Fixed mode” Tech links: http://technet.microsoft.com/en-us/library/cc732939(d=printer).aspx http://social.technet.microsoft.com/Forums/windowsserver/en-US/a453ced0-3772-4665- 9c5d-94fd410c4940/unable-to-add-usb-drives-for-backups-server-2012 Short description: To be able to add / preformat several RDX cartridges for use by Windows Native Backup, one must use the command-line tool “wbadmin” from an elevated command prompt. When doing this, the user will encounter a known bug in WS2012 that aborts the disk addon procedure with a message telling that the specified filepath is invalid/not found. A Bugfix can be found here: http://support.microsoft.com/kb/2833738 After running this bugfix, the procedure below works as expected. In the example below, we have first added a backup job using the Windows Server 2012 Std. Backup Wizard GUI. The target disk (backup volume) is a RDX cartridge inserted into a RDX dock set to “Fixed” mode. Then we added another cartridge to the list of available backup volumes using “wbadmin”. To prepare another cartridge to be used do the following 1. Eject the rdx cartridge that was initially added for the backup job. 2. Insert the next cartridge to be used for the set of backup disks 3. Use “ wbadmin get disks” to get the Disk Identifier for the new cartridge (disk) See example 1 below 4.
    [Show full text]
  • Ahsay Technical Document
    | Backup everything to cloud / local storage Windows System Backup and Restore Guide CloudBacko Corporation 11 September 2017 A wholly owned subsidiary of CloudBacko Corporation Backup Software Development Company Limited www.cloudbacko.com [HKEx Stock Code: 8290] | Backup everything to cloud / local storage Copyright Notice © 2017 CloudBacko Corporation. All rights reserved. The use and copying of this product is subject to a license agreement. Any other use is prohibited. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system or translated into any language in any form by any means without prior written consent of CloudBacko Corporation Information in this manual is subject to change without notice and does not represent a commitment on the part of the vendor, CloudBacko Corporation does not warrant that this document is error free. If you find any errors in this document, please report to CloudBacko Corporation in writing. This product includes software developed by the Apache Software Foundation (http://www.apache.org/). Trademarks CloudBacko, CloudBacko Pro, CloudBacko Lite, CloudBacko Home and CloudBacko Free are trademarks of CloudBacko Corporation. Amazon S3 is registered trademark of Amazon Web Services, Inc. or its affiliates. Apple and Mac OS X are registered trademarks of Apple Computer, Inc. Dropbox is registered trademark of Dropbox Inc. Google Cloud Storage and Google Drive are registered trademarks of Google Inc. Lotus, Domino, Notes are registered trademark of IBM Corporation. Microsoft, Windows, Microsoft Exchange Server, Microsoft SQL Server, Microsoft Hyper-V, Microsoft Azure, One Drive and One Drive for Business are registered trademarks of Microsoft Corporation. Oracle and Java are registered trademarks of Oracle and/or its affiliates.
    [Show full text]
  • Dell Feature and Functional Testing for Windows Server 2008
    Dell Feature and Functional Testing for Windows Server 2008 By Barun Chaudhary and Manjunath Narayanan April 2008 Windows Server® 2008 is Microsoft’s first major Server Operating System release in five years. Dell’s close partnership with Microsoft has allowed engagement with the testing and development of this operating system for more than 4 years. Some of the highlights of Dell’s testing efforts include compatibility tests on Dell™ PowerEdge™ server platforms, testing upgrade and migration scenarios, and testing compatibility of OpenManage™, the Dell systems management software. Whenever there were new features or technology included with the Milestone or Beta releases, Dell endeavored to ensure that as many of our platforms and OpenManage components were ready to support those features as possible. Based on the current status of testing, Dell is committed to supporting more than 40 currently shipping and legacy server platforms across 5 generations with Windows Server 2008. Supporting this number of servers has required significant development efforts to help ensure good customer experience. Dell has a set of internal tools to track various parameters like test results, defect tracking, total time spent, driver or firmware changes, etc. Dell estimates it has spent more than 1800 hours testing currently shipping and future Dell servers for compatibility with Windows Server 2008. An additional 1700+ hours were spent at Dell to help ensure OpenManage will be compatible with Windows Server 2008 on as many platforms as possible. To serve this purpose more than 30 different configurations were tested on different Dell platforms. In addition to these efforts, Dell has spent more than 750 hours testing various Windows Server 2008 features on the entire supported server line.
    [Show full text]
  • Windows Tool Reference
    AppendixChapter A1 Windows Tool Reference Windows Management Tools This appendix lists sets of Windows management, maintenance, configuration, and monitor- ing tools that you may not be familiar with. Some are not automatically installed by Windows Setup but instead are hidden away in obscure folders on your Windows Setup DVD or CD- ROM. Others must be downloaded or purchased from Microsoft. They can be a great help in using, updating, and managing Windows. We’ll discuss the following tool kits: ■ Standard Tools—Our pick of handy programs installed by Windows Setup that we think are unappreciated and not well-enough known. ■ Support Tools—A set of useful command-line and GUI programs that can be installed from your Windows Setup DVD or CD-ROM. ■ Value-Added Tools—Several more sets of utilities hidden away on the Windows Setup CD-ROM. ■ Windows Ultimate Extras and PowerToys for XP—Accessories that can be downloaded for free from microsoft.com. The PowerToys include TweakUI, a program that lets you make adjustments to more Windows settings than you knew existed. ■ Resource Kits—A set of books published by Microsoft for some versions of Windows that includes a CD-ROM containing hundreds of utility programs. What you may not have known is that in some cases you can download the Resource Kit program toolkits with- out purchasing the books. ■ Subsystem for UNIX-Based Applications (SUA)—A package of network services and command-line tools that provide a nearly complete UNIX environment. It can be installed only on Windows Vista Ultimate and Enterprise, and Windows Server 2003.
    [Show full text]
  • Windows Server 2008 Offline System Recovery Using Windows Technical Notes Server Backup with Avamar
    WINDOWS SERVER 2008 OFFLINE SYSTEM RECOVERY USING WINDOWS TECHNICAL NOTES SERVER BACKUP WITH AVAMAR AVAMAR 5.0 TECHNICAL NOTE P/N 300-010-190 REV A01 Table of Contents Overview. 2 Installing Windows Server Backup . 3 Creating a Windows Server Backup image for system disaster recovery.4 Backup image files produced by Windows Server Backup . 6 Backing up the WSB image to an Avamar Server . 7 System recovery for Windows 2008 from a WSB backup . 17 1 Overview Overview This document describes how to use EMC® Avamar® in combination with Microsoft® Windows® Server Backup (WSB) to perform backup and offline disaster recovery of Windows Server 2008 operating systems. This document includes the following procedures to be done in preparation for the event of a disaster: • Installing of the Windows Server Backup (WSB) feature. • Creating a backup image of WSB for system disaster recovery on Windows Server 2008. • Backing up of the WSB image to an Avamar server through the Avamar client for Windows File System Plug-In. Additionally, this document includes the following procedures in the event that a disaster has occurred: • Using Avamar to recover this WSB image to a staging area on a network share. • Recovering the new machine by booting via a Windows Server 2008 bootable DVD which is then configured to install the OS from the WSB backup image. NOTE: Windows Server 2008 R2 is not supported. WINDOWS SERVER 2008 OFFLINE SYSTEM RECOVERY USING WINDOWS SERVER BACKUP WITH AVAMAR TECHNICAL NOTE 2 Installing Windows Server Backup Installing Windows Server Backup Windows Server Backup is not a part of the default Windows operating system installation and must be installed as an optional feature.
    [Show full text]
  • Cheat Sheet –Hyper-Vbackup
    CHEAT SHEET – HYPER-V BACKUP Cost-effective backup of Hyper-V Host & Guests Type of protection Method Capabilities Licensing / Price (USD) Essential Protection Image the host Bare metal restore BackupAssist $249 Hardware independent restore BackupAssist VM Granular Individual VM restore Restore Console Add-on Granular restore of files & folders on Guests $249 VM migration to different host Enhanced Protection Exchange Mailbox Brick-level protection for Exchange BackupAssist Exchange Email backup to PST Mailbox Add-on $129 Email archiving to PST Rsync – Internet Offsite backup via Internet BackupAssist for Rsync backup Files & VSS aware applications (Exchange $129 2003/7, SQL 2005/8) SQL Point in time backup & restoration of SQL BackupAssist SQL Add-on databases (SQL 2000/5/8) $129 Centralized Monitoring CMC Monitor multiple installations from centralized Free for Gold resellers & location BackupCare subscribers Note: These instructions have been written for and tested against SBS 2003 and SBS 2008 Host Prerequisites Individual VM restore to the same Host machine: http://www.backupassist.com/blog/support/granular- Windows Server 2008 comes with Hyper-V Beta. Install individual-vm-restore-of-hyper-v-virtual-machine-from- KB950050 to get it up to RTM. backup/. Add Windows Server Backup feature. Migrating a VM to a different Host machine: Use FAST disks to avoid VSS timeout problems. http://www.backupassist.com/blog/support/granular- individual-vm-restore-of-hyper-v-virtual-machine-from- Keep partition sizes less than 2TB. backup/. Guest Guidelines Restoring a machine into a new Hyper-V virtual machine from a NAS backup: Use fixed VHD disks – i.e. allocate all disk space up front http://www.backupassist.com/blog/support/how-to- for better performance.
    [Show full text]
  • The Real MCTS MCITP Exam 70-648 Prep
    Chapter 5 MCTS/MCITP Exam 648 Maintaining an Active Directory Environment Exam objectives in this chapter: ■ Backup and Recovery ■ Offline Maintenance ■ Monitoring Active Directory Exam objectives review: ˛ Summary of Exam Objectives ˛ Exam Objectives Fast Track ˛ Exam Objectives Frequently Asked Questions ˛ Self Test ˛ Self Test Quick Answer Key 355 356 Chapter 5 • Maintaining an Active Directory Environment Introduction Being able to implement a Windows Server 2008 Active Directory environment is only half the battle. You must also be able to maintain the environment to provide minimum downtime and optimum performance of your enterprise. Various solutions and strategies come into play as part of maintenance. Some can be seen as larger “disaster recovery” components, whereas others may simply be “tweaking” the environment to improve user experience. In some situations, “maintenance” may fall somewhere in between—a user account is accidentally deleted, a file is accidentally deleted, or replication is under- performing or not performing at all! In this chapter, you will learn about the many maintenance and management tools offered as a part of Windows Server 2008, as well as some solutions to better improve your Windows Active Directory environment. These topics will be critical not only to your exam success, but also to your success as an IT professional. We will begin this section with a discussion of Windows Server Backup and how it has changed drastically from earlier versions of the Windows server product. Backup and Recovery Most people never think about backup and recovery until they need it. Microsoft has been shipping a simple backup solution with Windows since Windows NT 3.1 back in 1993.
    [Show full text]