Active Directory ® (AD) Restore
Understanding feature completeness for Active Directory restore
Feature completeness refers to the Active Directory restore service level of automation and ability to restore service with high accuracy at a detailed object level, in the event of Active Directory failure. A feature complete Active Directory restore solution, such as the activereach solution, delivers greater value to a business than a traditional backup and restore solution, because greater automation and more detailed accuracy reduces time to diagnose and fully restore to the desired operational state.
The solution is aware of the Active Directory® application layer and uses secure certificates to manage authentication which is required during backup and recovery. This means it obviates the need to constantly update the backup solution to take account of major changes to the Active Directory Forest – new administrative/recovery mode passwords, domain controllers, DNS zone changes and the like.
The solution’s awareness of the Active Directory topology and state at the time of the recovery and the time of the backup, allows the solution to automatically determine and orchestrate the optimal recovery scenario. It can also automatically respond during the recovery phase to unexpected outcomes such as Domain Controllers in specific datacentres not being available, physical failure of Domain Controllers, manual exclusions of servers from the recovery process etc. The activereach solution can adjust itself accordingly in order to achieve the recovery goals.
Awareness of the Active Directory topology also provides an additional benefit: the backup rules and the actual backups are validated to verify that they can be used to perform full forest recovery. This eliminates the need to manually cross-reference the Active Directory topology with the list of the Domain Controllers configured for backup. The activereach solution will constantly monitor the backups created and will alert you about failures during backup that might prevent you from being able to perform full forest recovery.
The solution also is aware of the state of the Domain Controller – particularly using a map of all DNS client (TCP/IP settings of the DC) and server (zones, name servers, forwarders, delegations, etc.) settings. Without this capability, which other solutions lack, DNS name resolution restoration is not automatic and can represent a substantial manual workload – requiring external scripting and separate operational management, which is unnecessary with the activereach solution.
Finally, the solution from activereach uses an innovative method to clean up metadata left over after restoration. This can save valuable tens of minutes of recovery time as it means the clean up does not have to wait. In larger Active Directory environments, this saving of time can be quite significant.
By choosing activereach for AD backup and recovery, the administrator’s work is reduced, errors are avoided and any restoration is simpler. Other third party solutions lack this level of awareness and thus fail to save as much time and effort, undermining the business case for using a third party backup and restore solution.
Businesses that have invested in third party solutions for Active Directory backup and recovery would be best advised to look for feature completeness to ensure that they can get maximum value from their investment in this critical risk management service.
Microsoft and Active Directory are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.