By Alan Klietz Algin Technology LLC
Algin Technology
Copyright © 2007 Algin Technology LLC. All Rights Reserved. Microsoft® Windows® and Active Directory® are registered trademarks of Microsoft Corporation. All other trademarks are the property of their respective owners. Algin Technology LLC 3055 Old Highway 8, Suite 35 Minneapolis, MN 55418 E-mail: sales@algintech.com Telephone: +1 866 488 6657 +1 612 235 2100 Fax: +1 612 235 2108
Table of Contents
Introduction Small Organizations Scenario: Grace Community Church Large Organizations Scenario: General Products Corporation OU-level and object-level recovery Branch Office Recovery Disaster Recovery Forest-wide recovery Testing Major or Irreversible Changes Staff Training Domain Consolidation and Restructuring Recovery Best Practices Backup Schedule Restore Order SYSVOL Best Practices for Restoring SYSVOL Recovery Technical Issues AD Database Size ESE page corruption SYSVOL Recovery SYSVOL Restore Types Group Policy Containers and Version Synchronization EFS Key Recovery Guidelines for EFS Key Recovery USN Rollback What is USN Rollback? How to Avoid USN Rollback How to Fix USN Rollback 10 10 11 11 11 12 12 1 1 1 3 3 3 5 5 5 6 6 6 7 7 7 7 7 8 8 8 9 9 Backup Expiration Lingering Objects What are Lingering Objects? How to Remove Lingering Objects Administrator Password Recovery 12 13 13 13 13
Active Directory Recovery Planning for Small and Large Organizations
Introduction
Active Directory® (AD) is a distributed directory system developed by Microsoft® Corporation to serve a wide variety of organizations from small offices to large multinational corporations. In addition to traditional directory information such as phone numbers and job titles, Active Directory contains the Identification and Authentication (I&A) credentials for the users of a Microsoft Windows® network. AD determines the security boundaries (“domains”), access