Recovering from damage to Active Directory
This is purely hypothetical, thankfully I'm not actually in this situation right now but I'm wondering how you would deal with it if it ever did come up.
Lets say I've got a small network of (~20-30 users) and they have four physical servers:
2x Domain controllers
1x File Server
1x Exchange Server
All four of these servers are running Server 2012 R2, and each one has a 2TB external hard disk attached that is using the built-in Windows Server Backup to make nightly backups which are running successfully.
Now, the worst happens - a sysadmin deletes something critical out of Active Directory Users and Computers, seriously screwing up the network. Lets say they "accidentally" deleted an entire OU.
How do you recover from this situation, given that you have two domain controllers and something fairly sophisticated like Exchange Server that heavily relies on Active Directory?
Can you just restore one of the domain controller's to yesterday's backup? Or will the second DC immediately replicate it's changes over and clobber it if you do? Must you restore BOTH DCs simultaneously? Would restoring cause major problems with Exchange?
What are the steps you would go through to get the lost OU back?
Lets say I've got a small network of (~20-30 users) and they have four physical servers:
2x Domain controllers
1x File Server
1x Exchange Server
All four of these servers are running Server 2012 R2, and each one has a 2TB external hard disk attached that is using the built-in Windows Server Backup to make nightly backups which are running successfully.
Now, the worst happens - a sysadmin deletes something critical out of Active Directory Users and Computers, seriously screwing up the network. Lets say they "accidentally" deleted an entire OU.
How do you recover from this situation, given that you have two domain controllers and something fairly sophisticated like Exchange Server that heavily relies on Active Directory?
Can you just restore one of the domain controller's to yesterday's backup? Or will the second DC immediately replicate it's changes over and clobber it if you do? Must you restore BOTH DCs simultaneously? Would restoring cause major problems with Exchange?
What are the steps you would go through to get the lost OU back?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The recent feature of recycle bin is a good one and i have seen it in action .
Very helpful to recover from minor accidental deletions or in case user changing their mind.
When **** hits the fan i believe hands on experience is what helps.
I personally practice similar scenarios by creating a home Lab using VMWare workstation and mess it up and try fixing it.
PS: Very good document , i will keep it safe in my archives and hope i don't have to ever use it.
Very helpful to recover from minor accidental deletions or in case user changing their mind.
When **** hits the fan i believe hands on experience is what helps.
I personally practice similar scenarios by creating a home Lab using VMWare workstation and mess it up and try fixing it.
PS: Very good document , i will keep it safe in my archives and hope i don't have to ever use it.
The first PDF listed at the link below contains what I believe is a relatively concise, yet thorough explanation of the care and feeding of 2012 Active Directory. A procedure for restoring starts on page 19.
http://www.edeconsulting.be/activedirectorypublications.asp