售 价:¥
温馨提示:数字商品不支持退换货,不提供源文件,不支持导出打印
为你推荐
Active Directory Disaster Recovery
Table of Contents
Active Directory Disaster Recovery
Credits
About the Author
About the Reviewers
Preface
What This Book Covers
What you need for this book
Conventions
Reader Feedback
Customer Support
Errata
Questions
1. An Overview of Active Directory Disaster Recovery
What is Disaster Recovery?
Why is Disaster Recovery Needed?
Conventions Used in This Book
Disaster Recovery for Active Directory
Disaster Types and Scenarios Covered by This Book
Recovery of Deleted Objects
Single DC Hardware Failure
Single DC AD Corruption
Site AD Corruption
Corporate (Complete) AD Corruption
Complete Site Hardware Failure
Corporate (Complete) Hardware Failure
Summary
2. Active Directory Design Principles
Active Directory Elements
The Active Directory Forest
The Active Directory Tree
Organizational Units and Leaf Objects
Active Directory Sites
Group Policy Objects
Domain Design: Single Forest, Single Domain, and Star Shaped
Domain Design: Single Forest, Single Domain, Empty Root, Star Shaped
Domain Design: Multi-Domain Forest
Domain Design: Multi-Forest
LRS — Lag Replication Site
Design Your Active Directory
Checklist When Designing a New AD
Checklist When Finalizing the Design or When Migrating to an AD
Naming Standards
Username and Service Account Naming
Group Policy Naming
Design with Scalability in Mind
Flexible Single Master Operation Roles (FSMO)
Relative ID Master (RID Master)
Infrastructure Manager
PDC Emulator
Schema Master
Domain Naming Master
Migration from Other Authentication Services
Keeping Up-To-Date and Safe
Documentation
Backups
Summary
3. Design and Implement a Disaster Recovery Plan for Your Organization
Analyze the Risks, Threats, and the Ways to Mitigate
The Two-Part, 10 Step Implementation Guide
General Steps
Active Directory oriented Steps
Part One: The Steps for General Implementation
Calculate and Analyze
Create a Business Continuity Plan
Present it to the Management (Part 1 and 2)
Define Roles and Responsibilities
Train the Staff for DR
Steps that Need to be Completed During Testing:
Test Your DRP Frequently
Part Two: Implementing a Disaster Recovery Plan for AD
Writing is Not All
Ensure that Everyone is Aware of Locations of the DRP
Define the Order of Restoration for Different Systems (Root First in Hub Site, then Add One Server etc.)
Go back to "Presentation to Management"
Summary
4. Strengthening AD to Increase Resilience
Baseline Security
Domain Policy
Domain Controller Security Policy
Securing Your DNS Configuration
Secure Updates
Split Zone DNS
Active Directory Integrated Zones
Configuring DNS for Failover
DHCP within AD
Tight User Controls and Delegation
Proper User Delegation
Group Full control
Group with Less Control
Group to Allow Password Resets
Central Logging
Proper Change Management
Virtualization and Lag Sites
Resource Assignment
Backups and Snapshots
Deployment
Sites and Services Explained
Creating Sites, Subnets, and Site Links
Setting Replication Schedules and Costs
Cost
Scheduling
Site Scheduling
Link Scheduling
Lag Sites and Warm Sites
Configuring a Lag Site
Creating, Configuring and Using a Warm Site
Summary
5. Active Directory Failure On a Single Domain Controller
Problems and Symptoms
Symptoms
Causes
Solution Process
Solution Details
Verification of Corruption
Tools for Verification
ReplMon
DCDiag
NetDiag and DNSDiag
Sonar
Options to Recover and Stop the Spread of Corruption
Non-Authoritative and Authoritative Restore
Option One: Restoring AD from a Backup
No Physical Access to the Machine
Restoring from a Backup
Option Two: Replication
Option Three: Rebuild DC with Install from Media
Summary
6. Recovery of a Single Failed Domain Controller
Problems and Symptoms
Causes
Solution Process
Solution Details
Cleaning of Active Directory before Recovery Starts
Active Directory Deletion of Old Domain Controller Records
Introducing ntdsutil.exe
Removal Procedure
DNS and Graphical Actions Needed to Complete the Process
Recovery of the Failed DC
Summary
7. Recovery of Lost or Deleted Users and Objects
Problems and Symptoms
Causes
Solution Process
Phantom Objects
Tombstones
Increase the Tombstone Lifetime
Lingering Objects
Prerequisites
Scenario
Method One: Recovery of Deleted or Lost Objects with Enhanced NTDSutil
Method Two: Recovery of Deleted or Lost Objects with Double Restore
Method Three: Recovery of Deleted or Lost Objects Done Manually
GPO Recovery
Backing Up Using the GPMC
Restore Using the GPMC
If You do not have the GPMC...
Summary
8. Complete Active Directory Failure
Scenario
Causes
Recovery Process
Part One: Restore the First DC of Your Root or Primary Domain
Step One: Restoring the AD Data
Step Two: Recovering DNS Services
Step Three: Changing Global Catalog Flags
Step Four: Raise the RID Pool Value by 100,000
Step Five: Seize All FSMO Roles
Step Six: Clean Up the Metadata of All Old DCs
Step Seven: Reset the Computer Account and krbtgt Password
Step 8: Reset the Trust Passwords
Part Two: Restore the First DC in Each of the Remaining Domains
Part Three: Enable the DC in the Root Domain to be a Global Catalog
Part Four: Recover Additional DCs in the Forest by Installing Active Directory
Post Recovery Steps
Summary
9. Site AD Infrastructure Failure (Hardware)
Scenario
Causes
Recovery Process
Considerations: Different Hardware and Bare Metal
Considerations: Software
Restore Process
Step One: System and System State
Step Two: Restoring
Step Three: Additional DCs
Step Four: Trusts
Step Five: Replicate
Virtual Environments
Summary
10. Common Recovery Tools Explained
Software for Your DCs and Administration
Windows Support Tools
Windows Resource Kit Tools
Adminpack for Windows XP/Vista Clients
Diagnosing and Troubleshooting Tools
DcDiag
NetDiag
Monitoring with Sonar and Ultrasound
Introducing Sonar
Introducing Ultrasound
Details
Alert History
Summary and Advanced Tabs
Summary
A. Sample Business Continuity Plan
Nailcorp Business Continuity Plan
PURPOSE
Description of the Service
SCOPE
Responsibilities and Roles
OBJECTIVES
What we are trying to achieve with this document is:
COMMUNICATIONS
CALL TREE
Disaster declaration criteria for Active Directory service
Functional restoration
Recovery site(s)
Necessary alternative site materials
TECHNICAL RECOVERY STEPS TO RECOVER A FAILED DC
1. Functional Restoration of a Domain Controller
1.1. Single DC Failure - DC Recovery with same name
1.1.1. Seize FSMO roles
1.1.2. Clean Active Directory of old records
1.1.3. Install new DC Hardware and OS
1.1.4. Promote DC and verify replication
1.1.4.1 Recover DC if no network connection is available.
1.1.5. Delegate FSMO Roles
APPENDICES
Active Directory Service and support personnel
Support documentation for the application/service attached to this plan
Shared Contacts
Damage Assessment Forms
GLOSSARY
B. Bibliography
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Appendix
Index
买过这本书的人还买过
读了这本书的人还在读
同类图书排行榜