How Critical is Active Directory?
AD affects just every service and user connected to it. If objects are accidentally or maliciously deleted, associated servers, services, and users will not be able to log on.
If AD becomes corrupted or an accidental or malicious configuration change is made, most or all dependency services (Exchange, SQL, SharePoint, etc.) will come to a screeching halt.
If AD becomes corrupted or an accidental or malicious configuration change is made, most or all dependency services (Exchange, SQL, SharePoint, etc.) will come to a screeching halt.
How much does an AD outage cost?
At least $25,000 per hour in just labor alone! This figure is based off 1,000 affected users, each making an average of $25 per hour. You do the math for your organization!
Are daily backups and snapshots enough?
Contrary to popular belief, having backups of Domain Controllers are not enough to ensure a successful AD recovery. IF restoring from backup is successful, the dreaded Authoritative Restore procedure and possibly a metadata cleanup has to be done next.
This would take a minimum of 2 to 8 hours to complete. If any issues arise along the way, you could easily be looking at 12 to 36 hours or more of downtime.
This would take a minimum of 2 to 8 hours to complete. If any issues arise along the way, you could easily be looking at 12 to 36 hours or more of downtime.
How can an AD disaster be prevented?
You must have the following:
- A super sound AD infrastructure design (Replication, FSMO, DNS, GC, Group Policy, etc.)
- A fully documented AD architecture
- Tools that can recover from accidental or malicious deletions and configuration changes on the fly, without rebooting
- Tools that can audit and prevent accidental and malicious changes to AD
- Tools that perform in-depth monitoring of AD (more than just MOM or SCOM)
Active Directory Automation Tools
Streamlined group policy management and administration
- Verify setting consistency and improve GPO auditing
- Apply approval-based workflow process
- Configure workflow to match organizational requirements
Complete control over password management
- Enable users to reset their own passwords
- Synchronize passwords across the enterprise
- Reduce helpdesk workload
Visibility, enforcement & management of entitlement access
- Identify and control user and group access to resources across the enterprise
- Clean up and standardize existing resource access
- Replicate user permissions from one user to another