When I was a little kid, I knew what I wanted to be when I grew up. No, not an astronaut. Definitely not a doctor or a lawyer. When I grew up, I wanted to be the Product Manager of an Active Directory backup and recovery tool.
Just kidding. I’m pretty sure I wanted to be a Transformer.
Now that I’m grown up older and not a Transformer, I’ve been tasked with writing a series of blog posts which explain both the backup and recovery of Active Directory and why you should care about it.
So why should you care?
Well, for starters, Microsoft Active Directory is the primary authentication service used by a majority of organizations worldwide. That is to say, it’s critical infrastructure.
I’ve thankfully never been directly involved in a catastrophic event involving a critical piece of infrastructure like Active Directory. However, I have access to the internet and, according to a number of smart people, the business costs incurred as a direct result of this type of outage are generally estimated at between $25,000 and $300,000 per hour.
While those numbers are scary, they likely represent the impact of only the most severe Active Directory recovery scenarios.
That’s right, there are different types of Active Directory recovery scenarios! I like to separate them into five categories: Object Recovery, Attribute Recovery, Server Recovery, Domain Recovery, and Forest Recovery.
Object Recovery, or the recovery of an Active Directory object, is a relatively straightforward process which I will cover in excruciating detail in the next two posts in this blog series.
Attribute Recovery, or the recovery of discrete Active Directory object attributes, is both a considerably more complicated process and the topic of my fourth blog post in this series.
Server Recovery, or the recovery of an Active Directory domain controller, should be a relatively simple task for an organization possessing a reasonable level of I.T. sophistication. Even ignoring the fact that these organizations are likely to already have a server backup solution in place, the process of recovering from the physical or logical loss of a Domain Controller – assuming the existence of multiple DCs within the domain – is incredibly simple: repair the server and restore it from an existing backup or replace the server entirely and promote the replacement.
Domain Recovery and Forest Recovery are especially analogous to the point of being two different flavors of a single problem. In either event, the recovery is a necessary response to an incident that has resulted in the loss of a critical number of functional Domain Controllers within a logical Active Directory structure. While the scope of a Domain Recovery is, by definition, smaller than that of a Forest Recovery, the same fundamental set of processes are used to address both situations. In the end, the differences between are principal of scope and scale. I’m not going to go deep into the weeds about the Forest Recovery process itself, but if you’re feeling bored and masochistic you can read up on it here.
As I finish this post, I hope you have begun to appreciate the fact that Active Directory backup and recovery, while not necessarily as exciting as being a robot capable of disguising itself as a car, is important. In fact, it’s important enough that you should check out our Active Directory backup and recovery solution, StealthRECOVER.
If you happen to already appreciate that fact and stumbled upon this blog post after searching the internet for a simple way to recover from undesirable changes to Active Directory, whether the result of accidental activity or malicious intent, you should also check out StealthRECOVER.
If you’re still on the fence, make sure to read the rest of this series.
Don’t miss a post! Subscribe to ‘The Insider Threat Security’ Blog here:
Michael Olig is a Technical Product Manager at STEALTHbits Technologies. He is currently responsible for the company’s StealthRECOVER platform and StealthAUDIT cloud and Exchange solutions.
Michael’s eclectic work history prior to joining the STEALTHbits team includes the titles “Product Manager, eDiscovery Solutions”, “Senior Manager of DevOps”, “Litigation Paralegal”, and “chef”.