万本电子书0元读

万本电子书0元读

顶部广告

Active Directory Disaster Recovery电子书

售       价:¥

3人正在读 | 0人评论 9.8

作       者:Florian Rommel

出  版  社:Packt Publishing

出版时间:2008-06-24

字       数:258.3万

所属分类: 进口书 > 外文原版书 > 电脑/网络

温馨提示:数字商品不支持退换货,不提供源文件,不支持导出打印

为你推荐

  • 读书简介
  • 目录
  • 累计评论(0条)
  • 读书简介
  • 目录
  • 累计评论(0条)
The book is a combined planning/response-focused book and can be read end to end but also is designed so that the second half can be read standalone, should disaster have struck already. This book is targeted at network security professionals who find themselves charged with creating an Active Directory Disaster Recovery plan or who want to quickly recover once disaster has struck. This book expects you to be familiar with the basics of Active Directory and Windows Servers.
目录展开

Active Directory Disaster Recovery

Table of Contents

Active Directory Disaster Recovery

Credits

About the Author

About the Reviewers

Preface

What This Book Covers

What you need for this book

Conventions

Reader Feedback

Customer Support

Errata

Questions

1. An Overview of Active Directory Disaster Recovery

What is Disaster Recovery?

Why is Disaster Recovery Needed?

Conventions Used in This Book

Disaster Recovery for Active Directory

Disaster Types and Scenarios Covered by This Book

Recovery of Deleted Objects

Single DC Hardware Failure

Single DC AD Corruption

Site AD Corruption

Corporate (Complete) AD Corruption

Complete Site Hardware Failure

Corporate (Complete) Hardware Failure

Summary

2. Active Directory Design Principles

Active Directory Elements

The Active Directory Forest

The Active Directory Tree

Organizational Units and Leaf Objects

Active Directory Sites

Group Policy Objects

Domain Design: Single Forest, Single Domain, and Star Shaped

Domain Design: Single Forest, Single Domain, Empty Root, Star Shaped

Domain Design: Multi-Domain Forest

Domain Design: Multi-Forest

LRS — Lag Replication Site

Design Your Active Directory

Checklist When Designing a New AD

Checklist When Finalizing the Design or When Migrating to an AD

Naming Standards

Username and Service Account Naming

Group Policy Naming

Design with Scalability in Mind

Flexible Single Master Operation Roles (FSMO)

Relative ID Master (RID Master)

Infrastructure Manager

PDC Emulator

Schema Master

Domain Naming Master

Migration from Other Authentication Services

Keeping Up-To-Date and Safe

Documentation

Backups

Summary

3. Design and Implement a Disaster Recovery Plan for Your Organization

Analyze the Risks, Threats, and the Ways to Mitigate

The Two-Part, 10 Step Implementation Guide

General Steps

Active Directory oriented Steps

Part One: The Steps for General Implementation

Calculate and Analyze

Create a Business Continuity Plan

Present it to the Management (Part 1 and 2)

Define Roles and Responsibilities

Train the Staff for DR

Steps that Need to be Completed During Testing:

Test Your DRP Frequently

Part Two: Implementing a Disaster Recovery Plan for AD

Writing is Not All

Ensure that Everyone is Aware of Locations of the DRP

Define the Order of Restoration for Different Systems (Root First in Hub Site, then Add One Server etc.)

Go back to "Presentation to Management"

Summary

4. Strengthening AD to Increase Resilience

Baseline Security

Domain Policy

Domain Controller Security Policy

Securing Your DNS Configuration

Secure Updates

Split Zone DNS

Active Directory Integrated Zones

Configuring DNS for Failover

DHCP within AD

Tight User Controls and Delegation

Proper User Delegation

Group Full control

Group with Less Control

Group to Allow Password Resets

Central Logging

Proper Change Management

Virtualization and Lag Sites

Resource Assignment

Backups and Snapshots

Deployment

Sites and Services Explained

Creating Sites, Subnets, and Site Links

Setting Replication Schedules and Costs

Cost

Scheduling

Site Scheduling

Link Scheduling

Lag Sites and Warm Sites

Configuring a Lag Site

Creating, Configuring and Using a Warm Site

Summary

5. Active Directory Failure On a Single Domain Controller

Problems and Symptoms

Symptoms

Causes

Solution Process

Solution Details

Verification of Corruption

Tools for Verification

ReplMon

DCDiag

NetDiag and DNSDiag

Sonar

Options to Recover and Stop the Spread of Corruption

Non-Authoritative and Authoritative Restore

Option One: Restoring AD from a Backup

No Physical Access to the Machine

Restoring from a Backup

Option Two: Replication

Option Three: Rebuild DC with Install from Media

Summary

6. Recovery of a Single Failed Domain Controller

Problems and Symptoms

Causes

Solution Process

Solution Details

Cleaning of Active Directory before Recovery Starts

Active Directory Deletion of Old Domain Controller Records

Introducing ntdsutil.exe

Removal Procedure

DNS and Graphical Actions Needed to Complete the Process

Recovery of the Failed DC

Summary

7. Recovery of Lost or Deleted Users and Objects

Problems and Symptoms

Causes

Solution Process

Phantom Objects

Tombstones

Increase the Tombstone Lifetime

Lingering Objects

Prerequisites

Scenario

Method One: Recovery of Deleted or Lost Objects with Enhanced NTDSutil

Method Two: Recovery of Deleted or Lost Objects with Double Restore

Method Three: Recovery of Deleted or Lost Objects Done Manually

GPO Recovery

Backing Up Using the GPMC

Restore Using the GPMC

If You do not have the GPMC...

Summary

8. Complete Active Directory Failure

Scenario

Causes

Recovery Process

Part One: Restore the First DC of Your Root or Primary Domain

Step One: Restoring the AD Data

Step Two: Recovering DNS Services

Step Three: Changing Global Catalog Flags

Step Four: Raise the RID Pool Value by 100,000

Step Five: Seize All FSMO Roles

Step Six: Clean Up the Metadata of All Old DCs

Step Seven: Reset the Computer Account and krbtgt Password

Step 8: Reset the Trust Passwords

Part Two: Restore the First DC in Each of the Remaining Domains

Part Three: Enable the DC in the Root Domain to be a Global Catalog

Part Four: Recover Additional DCs in the Forest by Installing Active Directory

Post Recovery Steps

Summary

9. Site AD Infrastructure Failure (Hardware)

Scenario

Causes

Recovery Process

Considerations: Different Hardware and Bare Metal

Considerations: Software

Restore Process

Step One: System and System State

Step Two: Restoring

Step Three: Additional DCs

Step Four: Trusts

Step Five: Replicate

Virtual Environments

Summary

10. Common Recovery Tools Explained

Software for Your DCs and Administration

Windows Support Tools

Windows Resource Kit Tools

Adminpack for Windows XP/Vista Clients

Diagnosing and Troubleshooting Tools

DcDiag

NetDiag

Monitoring with Sonar and Ultrasound

Introducing Sonar

Introducing Ultrasound

Details

Alert History

Summary and Advanced Tabs

Summary

A. Sample Business Continuity Plan

Nailcorp Business Continuity Plan

PURPOSE

Description of the Service

SCOPE

Responsibilities and Roles

OBJECTIVES

What we are trying to achieve with this document is:

COMMUNICATIONS

CALL TREE

Disaster declaration criteria for Active Directory service

Functional restoration

Recovery site(s)

Necessary alternative site materials

TECHNICAL RECOVERY STEPS TO RECOVER A FAILED DC

1. Functional Restoration of a Domain Controller

1.1. Single DC Failure - DC Recovery with same name

1.1.1. Seize FSMO roles

1.1.2. Clean Active Directory of old records

1.1.3. Install new DC Hardware and OS

1.1.4. Promote DC and verify replication

1.1.4.1 Recover DC if no network connection is available.

1.1.5. Delegate FSMO Roles

APPENDICES

Active Directory Service and support personnel

Support documentation for the application/service attached to this plan

Shared Contacts

Damage Assessment Forms

GLOSSARY

B. Bibliography

Chapter 1

Chapter 2

Chapter 3

Chapter 4

Chapter 5

Chapter 6

Chapter 7

Chapter 8

Chapter 9

Chapter 10

Appendix

Index

累计评论(0条) 0个书友正在讨论这本书 发表评论

发表评论

发表评论,分享你的想法吧!

买过这本书的人还买过

读了这本书的人还在读

回顶部