Active Directory Disaster Recovery Workshop. Lab Manual Revision 1.7

Size: px
Start display at page:

Download "Active Directory Disaster Recovery Workshop. Lab Manual Revision 1.7"

Transcription

1 Active Directory Disaster Recovery Workshop Lab Manual Revision 1.7

2 Table of Contents LAB 1: Introduction to the Lab Environment... 1 Goals... 1 Introduction... 1 Exercise 1: Inspect the Lab Environment... 3 LAB 2: Object Recovery Using Authoritative Restore... 4 Goals... 4 Introduction... 4 Exercise 1: Recover User Object and its Group Memberships Using Authoritative Restore... 5 Exercise 2: Recover OU and its Contents Using Authoritative Restore LAB 3: Object Recovery Using Reanimation Goals Introduction Exercise 1: Recover User Object Using Object Reanimation LAB 4: Group Policy Recovery Goals Introduction Exercise 1: Backup All Group Policies in the Forest Exercise 2: Change existing GPO and Analyze Changes via GPO Reports Exercise 3: Restore a GPO using GPMC LAB 5: Forest Recovery Goals Introduction Exercise 1: Melt Down the Forest Exercise 2: Recover First DC of the Root Domain Exercise 3: Recover First DC of CHILD Domain Exercise 4: Recover CHILDDC

3 LAB 1: Introduction to the Lab Environment Goals To familiarize you with the lab environment To make sure you can use the lab environment Introduction The Disaster Recovery lab consists of three virtual machines. The machines are all connected to a single subnet so that the DCs can communicate with your workstation and with each other. Each virtual machine is running Windows Server 2003 Enterprise Edition, with SP1. The three virtual machines are configured as three DCs in a single Active Directory forest, as described below. Active Directory Forest Your forest consists of two domains, drroot.local and child.drroot.local. The entire forest is running at Windows 2003 forest functional level. DNS The drroot.local forest uses Microsoft DNS running on one DC, and is Active Directory integrated. There is one DNS server in the drroot.local domain (ROOTDC1) and one in the child.drroot.local domain (CHILDDC1). They point to themselves for their primary DNS resolver. Root Domain Domain administrator: adm.root Domain administrator password: netpro ROOTDC1 configuration IP Address /16 Site Roles Is GC? Hosts DNS? DRSM credentials HubSite Domain naming, RID master, PDC emulator, schema master Yes Yes Username: Administrator Password: netpro All rights reserved. Page 1

4 CHILD Domain Domain administrator: adm.child Domain administrator password: netpro CHILDDC1 configuration IP Address /16 Site Roles Is GC? Hosts DNS? DRSM credentials HubSite RID master, PDC emulator Yes No Username: Administrator Password: netpro CHILDDC2 configuration IP Address /16 Site Roles Is GC? Hosts DNS? DRSM credentials HubSite Infrastructure master No No Username: Administrator Password: netpro All rights reserved. Page 2

5 Exercise 1: Inspect the Lab Environment Install virtual machine images from DVD 1. Copy the virtual machine images from the DVDs you were provided to your laptop hard drive(s), and configure the virtual machines appropriately. Be sure that the VMs are all connected to the same virtual (guest-only) network. If you are going to run your VMs on two separate machines, BEFORE connecting them to the physical network, boot the images with no network connection and set the IP addresses on all three VMs so that there will be no conflicts on the physical lab network. See you instructor for an appropriate set of IP addresses. Inspect the DRROOT domain Inspect the CHILD domain 1. Start the image for ROOTDC1. 2. Login to the DRROOT domain using the domain administrator credentials listed 3. On ROOTDC1, run Active Directory Users and Computers (ADUC) to inspect the contents of the ROOT domain. In particular note that the users and computers have all been moved under the OU=Delegated-OUs organizational unit. 4. Note that the C:\Workshop\Scripts directory contains files you will use during subsequent exercises. 1. Start the images for CHILDDC1 and CHILDD2. 2. On CHILDDC1, login to the CHILD domain using the domain administrator credentials listed 3. On CHILDDC1, run ADUC to inspect the contents of the CHILD domain. Note that the structure is very similar to that of the ROOT domain. 4. Note that the C:\Workshop\Scripts directory contains files you will use during subsequent exercises. All rights reserved. Page 3

6 LAB 2: Object Recovery Using Authoritative Restore Goals Understand the peculiarities of Active Directory data structures and how they affect data recovery. Learn how to recover a single object from backup, including properly restoring its linked attributes, e.g. the group memberships of a user object. Learn how to recover a deleted OU and its contents using an authoritative restore. Introduction The lab focuses on recovering deleted Active Directory objects. You should have a good understanding of the following concepts from the presentation: Tombstoned objects and how they are created. Linked attributes and how they are maintained, including forward links and backward links. Link-value replication in Windows Server How authoritative restore works. This lab includes two exercises. In the first exercise you will delete and restore a user object with multiple group memberships. You will see for yourself all of the strange and wonderful aspects of restoring an Active Directory user object in a multi-domain environment. In the second exercise, you will delete and authoritatively restore an entire OU, including users and groups. Note: These exercises are based on a Windows Server 2003 SP1 environment running in Windows Server 2003 forest functional level. If you are running a different Active Directory environment, some of the steps for these tasks would be different. The instructors will discuss some of these differences during the presentation. On to the exercises! All rights reserved. Page 4

7 Exercise 1: Recover User Object and its Group Memberships Using Authoritative Restore Select a user and inspect its group memberships on CHILDDC1 Inspect the user s group memberships on CHILDDC2 Inspect the user s group memberships on ROOTDC1 1. Log in to CHILDDC1 using the domain administrator credentials provided 2. On CHILDDC1, run Active Directory Users and Computers and find a user object, for instance CN=Simpson, Bart,OU=Accounts,OU=ChildOU1,OU=Delegated- OUs,DC=child,DC=drroot,DC=local. Note the content of its memberof attribute (the backlink). These are the groups in the CHILD domain that Bart is a member of. 3. On CHILDDC1, run ADSIEDIT.MSC, locate the user object, and note the memberof attribute. The memberof attribute will contain backlinks to the Universal groups in the DRROOT domain that Bart is a member of. ADUC explicitly filters these to provide a consistent view of the memberof attribute. These are visible on CHILDDC1 because CHILDDC1 is also a GC and has entries for the group objects from the DRROOT domain. 1. Log in to CHILDDC2 using the domain administrator credentials provided 2. On CHILDDC2, the non-gc, do the same thing. Note that the memberof attribute does NOT contain the backlinks to the universal groups in the DRROOT domain. 1. Log in to ROOTDC1 using the domain administrator credentials provided in the introduction 2. From the Start menu, select Run, type LDP, and press Ok. 3. In LDP connect to the default server and bind using default credentials. 4. Search the DRROOT NC (set scope = subtree) to find all the groups of which Bart is a member. Use the following search filter: (&(objectclass=group)(member=cn=simpson\, Bart,OU=Accounts,OU=ChildOU1,OU=Delegated- OUs,DC=child,DC=drroot,DC=local)) Note: Bart s common name (CN) attribute contains an embedded space, so type carefully. Or even better, cut and paste the DN from C:\Workshop\Scripts\Lab 1.Object Recovery\LDPFilter.txt file. Delete the selected user object Verify replication of the delete operation 5. Note that Bart is a member of two universal groups and one local group in the DRROOT domain. You should still be logged in as the domain administrator on CHILDDC1. 1. On CHILDDC1, run Active Directory Users and Computers and locate the user you selected in the first step. 2. Delete the user object. You should still be logged in as the domain administrator on CHILDDC2. 1. On CHILDDC2, run Active Directory Users and Computers and verify the user you deleted in the previous step has been deleted from CHILDDC2. All rights reserved. Page 5

8 Boot the GC into Directory Services Restore Mode Perform a System State restore of the GC You should still be logged in as the domain administrator on CHILDDC1. 1. On CHILDDC1, edit the startup parameters by right-clicking My Computer, selecting Properties/Advanced/Startup and Recovery, and selecting Directory Service Restore Mode from the Default operating system drop-down list. 2. Restart the GC. When the GC restarts, it will come up in Directory Services Restore Mode. 1. Log in to CHILDDC1 using the DSRM credentials provided in the introduction. 2. From the Start menu, select Run, enter NTBACKUP, and press the Ok button. 3. On the initial NTBACKUP dialog, click Next. 4. On the Backup or Restore Wizard dialog, select restore files and settings and click Next. 5. On the What to Restore dialog, double-click the File entry on the left, double-click on the appropriate backup file, check the System State entry, and click Next. Note that we have included a system state backup of CHILDDC1 for you to use in the C:\Workshop\Backups directory. Figure 1 Selecting System State restore 6. On the Complete the Backup or Restore Wizard dialog, click the Advanced button, ensure that the entry for Restore files to: is set to Original location, and press Next. 7. On the How to Restore dialog, select Leave existing files, and press Next. 8. On the Advanced Restore options dialog, check When restoring replicated datasets, mark the restored data as the primary data for all replicas, and press Next. This will mark the restored SYSVOL as authoritative for the entire domain and start the restore. 9. Do NOT restart the GC at this time. All rights reserved. Page 6

9 Authoritatively restore the deleted object on the GC 1. On CHILDDC1 (still in Directory Service Restore Mode), run NTDSUTIL. 2. At the ntdsutil: prompt, type authoritative restore. 3. At the authoritative restore: prompt, type restore subtree <distinguished name>, where <distinguished name> is the DN of the object you deleted, e.g. CN=Simpson\, Bart,OU=Accounts,OU=ChildOU1,OU=Delegated- OUs,DC=child,DC=drroot,DC=local. Note: Bart s common name (CN) attribute contains a comma and an embedded space, so type carefully. Commas embedded in an RDN must be escaped with a backslash ( \ ), and the entire DN should be enclosed in quotes. Even better, cut and paste the DN from another application. Reboot CHILDDC1 into normal mode Restore group memberships in the users domain 4. Type quit twice to exit ntdsutil. 5. Note the creation of two LDIF files, one for each domain. These LDIF files contain group and manager update operations to help recover the group memberships of the restored user. Also note the creation of a.txt file containing the objectguid and DN of the restored object. Use NOTEPAD to look at the files to make sure the contents make sense. You will find them in the directory from which NTDSUTIL has been executed. 1. On CHILDDC1, edit the DC startup parameters by right-clicking My Computer and selecting Properties/Advanced/Startup and Recovery. 2. Select Windows Server 2003, Enterprise from the Default operating system drop-down list. 3. Save your changes by pressing Ok twice. 4. Restart CHILDDC1. Note: This step is NOT necessary in our Disaster Recovery Lab today because we are running in Windows Server 2003 Forest Functional Level enabling Link Value Replication (LVR), and all of the links were created in that mode. NTDSUTIL automatically recovers the local domain links (e.g. group memberships) for you. We ve included these steps here as a reference for object recovery in non-lvr forest, or in an LVR-forest where the links were created before the upgrade to Windows 2003 FFL. 1. Run LDIFDE to import the LDIF file created by NTDSUTIL to restore the local domain group memberships. For instance: C:\> ldifde i k f ar_ _links_child.drroot.local.ldf Copy NTDSUTILgenerated files to ROOTDC1 2. Run Active Directory Users and Computers, locate the restored user, and verify that the user has been added to the appropriate groups in the CHILD domain. 1. Log in to ROOTDC1 using the domain administrator credentials provided 2. Copy the NTDSUTIL-generated files from CHILDDC1, e.g. C:\> COPY \\CHILDDC1\C$\ar_ _links_drroot.local.ldf C:\ C:\> COPY \\CHILDDC1\C$\ar_ _objects.txt All rights reserved. Page 7

10 Boot ROOTDC1 into Directory Services Restore Mode Perform a system state restore on ROOTDC1 1. On ROOTDC1, edit the startup parameters by right-clicking My Computer, selecting Properties/Advanced/Startup and Recovery, and selecting Directory Service Restore Mode from the Default operating system drop-down list. 2. Restart ROOTDC1. When ROOTDC1 restarts, it will come up in Directory Services Restore Mode. 1. Log in to ROOTDC1 using the DSRM credentials provided in the introduction. 2. From the Start menu, select Run, enter NTBACKUP, and press the Ok button. 3. On the initial NTBACKUP dialog, click Next. 4. On the Backup or Restore Wizard dialog, select restore files and settings and click Next. 5. On the What to Restore dialog, double-click the File entry on the left, double-click on the appropriate backup file, check the System State entry, and click Next. Use NTDSUTIL to create LDIF files for Figure 2 Selecting System State restore 6. On the Complete the Backup or Restore Wizard dialog, click the Advanced button, ensure that the entry for Restore files to: is set to Original location, and press Next. 7. On the How to Restore dialog, select Leave existing files, and press Next. 8. On the Advanced Restore options dialog, check When restoring replicated datasets, mark the restored data as the primary data for all replicas, and press Next. This will mark the restored SYSVOL as authoritative for the entire domain and start the restore. 9. Edit the startup parameters by right-clicking My Computer, selecting Properties/Advanced/Startup and Recovery, and selecting Windows Server 2003, Enterprise from the Default operating system drop-down list. 10. Do NOT reboot ROOTDC1 at this time. 1. On ROOTDC1, run NTDSUTIL All rights reserved. Page 8

11 group memberships 2. At the ntdsutil: prompt, type authoritative restore. 3. At the authoritative restore: prompt, type create ldif file(s) from <filename>, where <filename> is the name of the.txt file you copied from CHILDDC1, for example ar_ _objects.txt. This will create LDIF files to run to restore group memberships in the DRROOT domain. Note: The only reason we perform an authoritative restore on a DC in the DRROOT domain is so that NTDSUTIL can create an LDIF file containing the group memberships in the domain. Because we will not perform an authoritative restore, the normal replication process in the DRROOT domain will overwrite the data we have non-authoritatively restored. Reboot ROOTDC1 into normal mode Import LDIF files created by NTDSUTIL on ROOTDC1 1. On ROOTDC1, edit the DC startup parameters by right-clicking My Computer and selecting Properties/Advanced/Startup and Recovery. 2. Select Windows Server 2003, Enterprise from the Default operating system drop-down list. 3. Save your changes by pressing Ok twice. 4. Restart ROOTDC1. 1. Log in to ROOTDC1 using the domain administrator credentials provided 2. Run LDIF to import the LDIF file created for the DRROOT domain in the previous step, for instance: C:\> ldifde i k f ar_ _links_drroot.local.ldf Note that NTDSUTIL created two LDIF files, one for membership information for groups in the DRROOT domain, and one for memberships in groups in the CHILD domain. Because we recovered the user on a GC in the CHILD domain, the CHILD domain memberships have already been restored, and we do not have to import the LDIF file for the CHILD domain memberships. Summary 3. Run Active Directory Users and Computers and verify the appropriate DRROOT group memberships have been updated with the restored user. In this exercise we have deleted a user with group memberships both in its own and another domain. We then restored the user from backup using authoritative restore, and then recovered the user s group memberships in both its own and the other domain. All rights reserved. Page 9

12 Exercise 2: Recover OU and its Contents Using Authoritative Restore Create a new system state backup of CHILDDC1 1. Log in to CHILDDC1 using the domain administrator credentials provided 1. Open My Computer and navigate to the batch file you created to run perform a system state backup. 2. Double-click on the batch file to run the backup. 3. Make sure the backup file was created by checking that the C:\Workshop\Backup\samplebackup.bkf file has been created and contains some data. Note: You may wonder why you can t just use the backup you created originally. The explanation is a little involved. The original objects in the directory you are using started out with attribute version numbers of 1. When you deleted the computer and user objects in the earlier exercises, and then authoritatively restored them, NTDSUTIL increased the version numbers of the object s attributes to 10001, and this replicated out to the other DCs. If we don t create a new backup now, but instead use the original backup, when we authoritatively restore the deleted objects, the version numbers will again be incremented to But the other DC in the domain will already have this version number, and there the replication conflict resolution code will select the attribute value from the DC with higher DSA GUID value. The result will be that the authoritatively restore values will be overwritten by values from the other DC in the domain. This is a problem whenever you authoritatively restore the same object more than once in a day. Note that you could also use the verinc option in NTDSUTIL to increase the version number by some larger amount. Select and delete an OU 1. On CHILDDC1, run Active Directory Users and Computers and locate an OU to delete, for instance OU=ChildOU1,OU=Delegated- OUs,DC=child,DC=drroot,DC=local. 2. Delete the OU. Verify replication of the delete operation 1. Log in to CHILDDC2 using the domain administrator credentials provided 2. Run Active Directory Users and Computers and verify the OU you deleted in the previous step has been deleted from CHILDDC2. All rights reserved. Page 10

13 Boot the GC into Directory Services Restore Mode Perform a System State restore of the GC Authoritatively restore the deleted object on the GC Reboot CHILDDC1 into normal mode Verify restoration of OU and its contents 1. On CHILDDC1, edit the startup parameters by right-clicking My Computer, selecting Properties/Advanced/Startup and Recovery, and selecting Directory Service Restore Mode from the Default operating system drop-down list. 2. Restart the GC. When the GC restarts, it will come up in Directory Services Restore Mode. 1. Log in to CHILDDC1 using the DSRM credentials provided in the introduction. 2. From the Start menu, select Run, enter NTBACKUP, and press the Ok button. 3. On the initial NTBACKUP dialog, click Next. 4. On the Backup or Restore Wizard dialog, select restore files and settings and click Next. 5. On the What to Restore dialog, double-click the File entry on the left, double-click on the appropriate backup file, check the System State entry, and click Next. 6. On the Complete the Backup or Restore Wizard dialog, click the Advanced button, ensure that the entry for Restore files to: is set to Original location, and press Next. 7. On the How to Restore dialog, select Leave existing files, and press Next. 8. On the Advanced Restore options dialog, check When restoring replicated datasets, mark the restored data as the primary data for all replicas, and press Next. This will mark the restored SYSVOL as authoritative for the entire domain and start the restore. 9. Do NOT restart the GC at this time. 1. On CHILDDC1 (still in Directory Service Restore Mode), run NTDSUTIL. 2. At the ntdsutil prompt, type authoritative restore. 3. At the authoritative restore prompt, type restore subtree <distinguished name>, where <distinguished name> is the DN of the OU you deleted earlier, for instance OU=ChildOU1,OU=Delegated- OUs,DC=child,DC=drroot,DC=local. 4. Type quit twice to exit ntdsutil. 5. Note the creation of two LDIF files, one for each domain. These LDIF files contain group and manager update operations to help recover the group memberships of the restored users. Also note the creation of a.txt file containing the objectguid and DN of the restored objects. Use NOTEPAD to look at the files to make sure the contents make sense. You will find them in the directory from which NTDSUTIL has been executed. 1. On CHILDDC1, edit the DC startup parameters by right-clicking My Computer and selecting Properties/Advanced/Startup and Recovery. 2. Select Windows Server 2003, Enterprise from the Default operating system drop-down list. 3. Save your changes by pressing Ok twice. 4. Restart CHILDDC1. 1. Log in to CHILDDC1 using the domain administrator credentials provided Note: Be sure to allow enough time for replication to occur before continuing. You can use REPLMON to check that replication is complete. 2. Run ADSIEDIT to verify that the OU has been restored. 3. Log in to CHILDDC2 using the domain administrator credentials provided All rights reserved. Page 11

14 Restore group memberships in the users domain 4. Run ADSIEDIT and verify the OU you restored has been restored on CHILDDC2. 5. Note the following: The contents of the OU (user objects) have been restored as well. The group memberships of the user objects have been restored as well, including universal group memberships in the DRROOT domain. The objects have replicated to CHILDDC2 and all of the CHILD domain group memberships are properly replicated. 6. Log in to ROOTDC1 using the domain administrator credentials provided 7. Run ADSIEDIT to verify that the restored OU has replicated to ROOTDC1 (the GC in the DRROOT domain). You will have to connect to the GC port by clicking the Advanced button on the ADSIEDIT Connection Settings dialog. 8. Note the following: The objects contained in the OU have replicated to the GC as well. Only the universal group memberships of the users have been restored. The domain local group memberships in the DRROOT domain have not been restored, because there was no record of these memberships in the CHILD domain. Note: This step is NOT necessary in our Disaster Recovery Lab today because we are running in Windows Server 2003 Forest Functional Level enabling Link Value Replication (LVR), and all of the links were created in that mode. NTDSUTIL automatically recovers the local domain links (e.g. group memberships) for you. We ve included these steps here as a reference for object recovery in non-lvr forest, or in an LVR-forest where the links were created before the upgrade to Windows 2003 FFL. 1. On CHILDDC1 (you should still be logged in as the domain administrator), run LDIFDE to import the LDIF file created by NTDSUTIL to restore the local domain group memberships. For instance: C:\> ldifde i k f ar_ _links_child.drroot.local.ldf Copy NTDSUTILgenerated files to ROOTDC1 2. Run Active Directory Users and Computers, locate the restored user, and verify that the user has been added to the appropriate groups in the CHILD domain. 1. Log in to ROOTDC1 using the domain administrator credentials provided 2. Copy the NTDSUTIL-generated files from CHILDDC1, e.g. C:\> COPY \\CHILDDC1\C$\ar_ _links_drroot.local.ldf C:\ C:\> COPY \\CHILDDC1\C$\ar_ _objects.txt All rights reserved. Page 12

15 Boot ROOTDC1 into Directory Services Restore Mode Perform a system state restore on ROOTDC1 Use NTDSUTIL to create LDIF files 1. Log in to ROOTDC1 using the domain administrator credentials provided 2. On ROOTDC1, edit the startup parameters by right-clicking My Computer, selecting Properties/Advanced/Startup and Recovery, and selecting Directory Service Restore Mode from the Default operating system drop-down list. 3. Restart ROOTDC1. When ROOTDC1 restarts, it will come up in Directory Services Restore Mode. 4. Log in to ROOTDC1 using the DSRM credentials provided in the introduction. 1. Log in to ROOTDC1 using the DSRM credentials provided in the introduction. 2. From the Start menu, select Run, enter NTBACKUP, and press the Ok button. 3. On the initial NTBACKUP dialog, click Next. 4. On the Backup or Restore Wizard dialog, select restore files and settings and click Next. 5. On the What to Restore dialog, double-click the File entry on the left, double-click on the appropriate backup file, check the System State entry, and click Next. 6. On the Complete the Backup or Restore Wizard dialog, click the Advanced button, ensure that the entry for Restore files to: is set to Original location, and press Next. 7. On the How to Restore dialog, select Leave existing files, and press Next. 8. On the Advanced Restore options dialog, check When restoring replicated datasets, mark the restored data as the primary data for all replicas, and press Next. This will mark the restored SYSVOL as authoritative for the entire domain and start the restore. 9. Do NOT restart ROOTDC1 at this time. 1. On ROOTDC1, run NTDSUTIL 2. At the ntdsutil prompt, type authoritative restore. 3. At the authoritative restore prompt, type create ldif file(s) from <filename>, where <filename> is the name of the.txt file you copied from CHILDDC1, for example ar_ _objects.txt. This will create LDIF files to run to restore group memberships in the DRROOT domain. Note: The only reason we perform an authoritative restore on a DC in the DRROOT domain is so that NTDSUTIL can create an LDIF file containing the group memberships in the domain. Because we will not perform an authoritative restore, the normal replication process in the DRROOT domain will overwrite the data we have non-authoritatively restored. Reboot ROOTDC1 into normal mode Import LDIF files created by NTDSUTIL on ROOTDC1 1. On ROOTDC1, edit the DC startup parameters by right-clicking My Computer and selecting Properties/Advanced/Startup and Recovery. 2. Select Windows Server 2003, Enterprise from the Default operating system drop-down list. 3. Save your changes by pressing Ok twice. 4. Restart ROOTDC1. 1. Log in to ROOTDC1 using the domain administrator credentials provided 2. Run LDIF to import the LDIF files created in the previous step, for All rights reserved. Page 13

16 instance: C:\> ldifde I k f ar_ _links_drroot.local.ldf Summary 3. Run Active Directory Users and Computers and verify the appropriate DRROOT group memberships have been updated with the restored users. In this exercise we deleted an entire OU containing many users, and recovered the users, along with their group memberships using authoritative restore. All rights reserved. Page 14

17 LAB 3: Object Recovery Using Reanimation Goals Learn how to reanimate a deleted object. Understand what happens when you reanimate an object. Understand the benefits and limitations of object reanimation as a data recovery mechanism. See how third-party tools can simplify data recovery using object reanimation. Introduction The lab focuses on recovering deleted Active Directory objects by reanimating them. You should have a good understanding of the following concepts from the presentation: Tombstoned objects and how they are created. Linked attributes and how they are maintained, including forward links and backward links. What happens when you reanimate an object. All rights reserved. Page 15

18 All rights reserved. Page 16

19 Exercise 1: Recover User Object Using Object Reanimation Select a user and inspect its memberships Delete a user object Find the tombstone of the deleted object Reanimate the deleted object using ADRECOVER 1. On CHILDDC1 (the GC), find a user object, for instance CN=Simpson\, Bart,OU=Accounts,OU=ChildOU1,OU=Delegated- OUs,DC=child,DC=drroot,DC=local, and note the content of its memberof attribute (the backlink). These are the groups in the CHILD domain that Bart is a member of. Write these down for later. 2. On CHILDDC1, run ADSIEdit, locate the user object, and note the memberof attribute. The memberof attribute will contain backlinks to the Universal groups in the DRROOT domain that Bart is a member of. ADUC explicitly filters these to provide a consistent view of the memberof attribute. 3. On CHILDDC2, the non-gc, do the same thing. The memberof attribute will not contain the backlinks to the universal groups in the ROOT domain. 4. On ROOTDC1, run LDP. 5. Connect to ROOTDC1 and bind using adm.root credentials. 6. Search the DRROOT NC to find all the groups of which Bart is a member. Use the following search filter: (&(objectclass=group)(member=cn=simpson\, Bart,OU=Accounts,OU=ChildOU1,OU=Delegated- OUs,DC=child,DC=drroot,DC=local)) 7. Note that the CN component of the DN has an embedded comma and space, so type carefully! Or even better, cut and paste the DN from another app. 8. Note that Bart is a member of two universal groups and one local group in the DRROOT domain. 1. On CHILDDC1, start Active Directory Users and Computers (ADUC). 2. Find a user object, for instance CN=Simpson\, Bart,OU=Accounts,OU=ChildOU1,OU=Delegated- OUs,DC=child,DC=root,DC=net. 3. Delete the user object. 4. Use ADUC to verify that the user object has been deleted on CHILDDC2 1. On CHILDDC1, run LDP 2. Connect and bind to the local domain controller 3. On the menu bar, select Options/Controls and add the Return deleted objects control to the active control list. 4. On the menu bar, select View/View Tree. Use the domain NC DC=child,DC=drroot,DC=local as the BaseDN of the search. 5. Expand the tree on the left-hand side. 6. Double-click the CN=Deleted Objects entry to view the deleted objects. 7. Find the object you deleted, and double-click it to see its contents. Note that most of its attributes have been removed, and that its CN has been changed. Also note the value of the lastknownparent attribute. 1. On CHILDDC1, open a command prompt. 2. Use ADRestore from Sysinternals to reanimate the tombstone of the deleted user object. You can find ADRecover.exe in C:\Workshop\Scripts\Lab 4 Reanimation. Use the r switch to enable recovery. For instance, to recover an object with a cn containing the text bart, you would use: C:\Workshop\Scripts\Lab 3 Reanimation> adrestore r bart 3. Use ADUC to verify that the user object has been properly restored to its original location in AD. Note that most of the attributes are still missing. Object reanimation does not restore group memberships. To restore group memberships and other linked attributes, you will have to resort to another mechanism, for instance restoring memberships from an LDIF file that you create periodically as a All rights reserved. Page 17

20 backup. 4. Use ADUC to restore the group memberships in the CHILD domain. 5. Login to ROOTDC1 and use ADUC to restore the group memberships in the DRROOT domain. All rights reserved. Page 18

Active Directory Restoration

Active Directory Restoration Active Directory Restoration This document outlines the steps required to recover an Active Directory Infrastructure, running on Windows 2003 R2 Server Standard. The scope of this document covers the scenario

More information

Microsoft Virtual Labs. Active Directory New User Interface

Microsoft Virtual Labs. Active Directory New User Interface Microsoft Virtual Labs Active Directory New User Interface 2 Active Directory New User Interface Table of Contents Active Directory New User Interface... 3 Exercise 1 User Management and Saved Queries...4

More information

UNIT 5 ADDITIONAL PROJECTS BEFORE YOU BEGIN. Installing a Replica Domain Controller. You want to improve fault tolerance and performance on

UNIT 5 ADDITIONAL PROJECTS BEFORE YOU BEGIN. Installing a Replica Domain Controller. You want to improve fault tolerance and performance on UNIT 5 ADDITIONAL PROJECTS BEFORE YOU BEGIN The RODC must be configured to use the RWDC as its Preferred DNS Server. Active Directory is installed on the RWDC. The RODC must be a member server within the

More information

How to install Small Business Server 2003 in an existing Active

How to install Small Business Server 2003 in an existing Active Page 1 of 6 How to install Small Business Server 2003 in an existing Active Directory domain INTRODUCTION This article describes how to install a Microsoft Windows Small Business Server (SBS) 2003-based

More information

Active Directory backup and restore with Acronis Backup & Recovery 11. Technical white paper. o o. Applies to the following editions: Advanced Server

Active Directory backup and restore with Acronis Backup & Recovery 11. Technical white paper. o o. Applies to the following editions: Advanced Server Active Directory backup and restore with Acronis Backup & Recovery 11 Technical white paper Applies to the following editions: Advanced Server Virtual Edition o o o Advanced Server SBS Edition Advanced

More information

Core Active Directory Administration

Core Active Directory Administration Chapter 7 Core Active Directory Administration In this chapter: Tools for Managing Active Directory............................157 Using the Active Directory Users And Computers Tool............162 Managing

More information

This article was previously published under Q216498 SUMMARY

This article was previously published under Q216498 SUMMARY Article ID: 216498 - Last Review: September 11, 2011 - Revision: 12.0 How to remove data in Active Directory after an unsuccessful domain controller demotion System Tip This article applies to a different

More information

Investigating the Use of Virtual Servers to Improve the Restoration Process of an Active Directory Forest

Investigating the Use of Virtual Servers to Improve the Restoration Process of an Active Directory Forest Copyright Tom Kline, Ryan Whyms 2007 This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this

More information

Installing Active Directory

Installing Active Directory Installing Active Directory 119 Installing Active Directory Installing Active Directory is an easy and straightforward process as long as you planned adequately and made the necessary decisions beforehand.

More information

Active Directory Forest Recovery

Active Directory Forest Recovery Active Directory Forest Recovery Contents 1. Introduction 2. Active Directory Components 3. Possible Active Directory Disasters 4. Recovery of User, Group and Organization Unit a. Authoritative Restore

More information

Creating a Domain Tree

Creating a Domain Tree 156 Chapter 4 Installing and Managing Trees and Forests Using the Active Directory Installation Wizard, you can quickly and easily create new domains by promoting a Windows Server 2008 stand-alone server

More information

Protecting Active Directory

Protecting Active Directory Network Frontiers..... Protecting Active Directory..... Whitepaper Active Directory has become a very critical piece of every Windows organization. So critical in fact, that tolerance to downtime for an

More information

Setting up Active Directory Domain Services

Setting up Active Directory Domain Services Setting up Active Directory Domain Services Tom Brett CREATING A SINGLE DOMAIN FOREST Once you have Windows Server 2008 R2 installed, it s pretty easy to create a domain you simply run the domain controller

More information

70-640 R4: Configuring Windows Server 2008 Active Directory

70-640 R4: Configuring Windows Server 2008 Active Directory 70-640 R4: Configuring Windows Server 2008 Active Directory Course Introduction Course Introduction Chapter 01 - Installing the Active Directory Role Lesson: What is IDA? What is Active Directory Identity

More information

Directory Backup and Restore

Directory Backup and Restore Directory Backup and Restore Overview Active Directory is backed up as part of system state, a collection of system components that depend on each other. You must backup and restore system state components

More information

Windows Server 2003 Service Pack 1 (SP1) or later service packs Enhanced version of Ntdsutil.exe

Windows Server 2003 Service Pack 1 (SP1) or later service packs Enhanced version of Ntdsutil.exe Article ID: 216498 - Last Review: February 3, 2010 - Revision: 11.0 How to remove data in Active Directory after an unsuccessful domain controller demotion System Tip This article applies to a different

More information

Active Directory 2008 Operations

Active Directory 2008 Operations The Essentials Series Active Directory 2008 Operations sponsored by by Greg Shields Understanding Active Directory Recovery in Windows Server 2008...1 Backing Up AD...1 Full Server Recovery of a Domain

More information

ILTA 2013 - HAND 6B. Upgrading and Deploying. Windows Server 2012. In the Legal Environment

ILTA 2013 - HAND 6B. Upgrading and Deploying. Windows Server 2012. In the Legal Environment ILTA 2013 - HAND 6B Upgrading and Deploying Windows Server 2012 In the Legal Environment Table of Contents Purpose of This Lab... 3 Lab Environment... 3 Presenter... 3 Exercise 1 Add Roles and Features...

More information

MICROSOFT BITLOCKER ADMINISTRATION AND MONITORING (MBAM)

MICROSOFT BITLOCKER ADMINISTRATION AND MONITORING (MBAM) MICROSOFT BITLOCKER ADMINISTRATION AND MONITORING (MBAM) MICROSOFT BITLOCKER ADMINISTRATION AND MONITORING (MBAM) Microsoft BitLocker Administration and Monitoring (MBAM) provides a simplified administrative

More information

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Length: 5 Days Published: June 02, 2011 Language(s): English Audience(s): IT Professionals Level: 200

More information

Acronis Backup & Recovery 11.5 Quick Start Guide

Acronis Backup & Recovery 11.5 Quick Start Guide Acronis Backup & Recovery 11.5 Quick Start Guide Applies to the following editions: Advanced Server for Windows Virtual Edition Advanced Server SBS Edition Advanced Workstation Server for Linux Server

More information

Lesson Plans LabSim for Microsoft s Implementing a Server 2003 Active Directory Infrastructure

Lesson Plans LabSim for Microsoft s Implementing a Server 2003 Active Directory Infrastructure Lesson Plans LabSim for Microsoft s Implementing a Server 2003 Active Directory Infrastructure (Exam 70-294) Table of Contents Course Overview... 2 Section 1.1: Introduction to Active Directory... 3 Section

More information

Using Logon Agent for Transparent User Identification

Using Logon Agent for Transparent User Identification Using Logon Agent for Transparent User Identification Websense Logon Agent (also called Authentication Server) identifies users in real time, as they log on to domains. Logon Agent works with the Websense

More information

Microsoft. Jump Start. M11: Implementing Active Directory Domain Services

Microsoft. Jump Start. M11: Implementing Active Directory Domain Services Microsoft Jump Start M11: Implementing Active Directory Domain Services Rick Claus Technical Evangelist Microsoft Ed Liberman Technical Trainer Train Signal Jump Start Target Agenda Day One Day 1 Day 2

More information

Course: WIN310. Student Lab Setup Guide. Microsoft Windows Server 2003 Network Infrastructure (70-291) ISBN: 0-470-06887-6 STUDENT COMPUTER SETUP

Course: WIN310. Student Lab Setup Guide. Microsoft Windows Server 2003 Network Infrastructure (70-291) ISBN: 0-470-06887-6 STUDENT COMPUTER SETUP Course: WIN310 Student Lab Setup Guide Microsoft Windows Server 2003 Network Infrastructure (70-291) ISBN: 0-470-06887-6 STUDENT COMPUTER SETUP Hardware Requirements All hardware must be on the Microsoft

More information

MCTS/MCITP Exam 648. Maintaining an Active Directory Environment. Exam objectives in this chapter:

MCTS/MCITP Exam 648. Maintaining an Active Directory Environment. Exam objectives in this chapter: Chapter 5 MCTS/MCITP Exam 648 Maintaining an Active Directory Environment Exam objectives in this chapter: Backup and Recovery Offline Maintenance Monitoring Active Directory Exam objectives review: Summary

More information

NovaBACKUP. User Manual. NovaStor / November 2011

NovaBACKUP. User Manual. NovaStor / November 2011 NovaBACKUP User Manual NovaStor / November 2011 2011 NovaStor, all rights reserved. All trademarks are the property of their respective owners. Features and specifications are subject to change without

More information

Windows Server 2008 Active Directory Configuration (Exam 70-640)

Windows Server 2008 Active Directory Configuration (Exam 70-640) Windows Server 2008 Active Directory Configuration (Exam 70-640) Install, implement and configure Windows Server 2008 Active Directory domain. Complete day-to-day administration of Active Directory in

More information

DigitalPersona Pro Server for Active Directory v4.x Quick Start Installation Guide

DigitalPersona Pro Server for Active Directory v4.x Quick Start Installation Guide DigitalPersona Pro Server for Active Directory v4.x Quick Start Installation Guide 1 of 7 DigitalPersona Pro Server for Active Directory v4.x Quick Start Installation Guide Process Overview Step Description

More information

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Course Details Course Outline Module 1: Introducing Active Directory Domain Services This module provides

More information

SAM 8.0 Backup and Restore Guide. SafeNet Integration Guide

SAM 8.0 Backup and Restore Guide. SafeNet Integration Guide SAM 8.0 Backup and Restore Guide SafeNet Integration Guide Revision A November 2012 SAM 8.0 Backup and Restore Guide - SafeNet Integration Guide Introduction Copyright 2012 SafeNet, Inc. All rights reserved.

More information

Course: WIN310. Student Lab Setup Guide. Summer 2010. Microsoft Windows Server 2003 Network Infrastructure (70-291)

Course: WIN310. Student Lab Setup Guide. Summer 2010. Microsoft Windows Server 2003 Network Infrastructure (70-291) Course: WIN310 Student Lab Setup Guide Summer 2010 Microsoft Windows Server 2003 Network Infrastructure (70-291) ISBN: 0-470-06887-6 Published by Wiley & Sons 1 STUDENT COMPUTER SETUP Hardware Requirements

More information

Using Group Policies to Install AutoCAD. CMMU 5405 Nate Bartley 9/22/2005

Using Group Policies to Install AutoCAD. CMMU 5405 Nate Bartley 9/22/2005 Using Group Policies to Install AutoCAD CMMU 5405 Nate Bartley 9/22/2005 Before we get started This manual provides a step-by-step process for creating a Group Policy that will install AutoCAD to a Windows

More information

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Course 6425B: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Length: 5 Days Language(s): English Audience(s): IT Professionals Level: 200 Technology: Windows Server

More information

Course 6425B: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Course 6425B: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Course 6425B: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services About this Course This five-day instructor-led course provides to teach Active Directory Technology Specialists

More information

Configuring and Troubleshooting Windows 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows 2008 Active Directory Domain Services About this Course Configuring and Troubleshooting Windows This five-day instructor-led course provides in-depth training on implementing, configuring, managing and troubleshooting Active Directory Domain

More information

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Active Directory About this Course This five-day instructor-led course provides in-depth training on implementing, configuring, managing and troubleshooting (AD DS) in and R2 environments. It covers core

More information

Integration Guide. SafeNet Authentication Service. Integrating Active Directory Lightweight Services

Integration Guide. SafeNet Authentication Service. Integrating Active Directory Lightweight Services SafeNet Authentication Service Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information

More information

Administering Group Policy with Group Policy Management Console

Administering Group Policy with Group Policy Management Console Administering Group Policy with Group Policy Management Console By Jim Lundy Microsoft Corporation Published: April 2003 Abstract In conjunction with Windows Server 2003, Microsoft has released a new Group

More information

LearnKey's Windows Server 2003 Active Directory Infrastructure with Dale Brice-Nash

LearnKey's Windows Server 2003 Active Directory Infrastructure with Dale Brice-Nash LearnKey's Windows Server 2003 Active Directory Infrastructure with Dale Brice-Nash Syllabus Course Description 5 Sessions - 15 Hours of Interactive Training The Windows Server 2003 Active Directory Infrastructure

More information

In the Active Directory Domain Services Window, click Active Directory Domain Services.

In the Active Directory Domain Services Window, click Active Directory Domain Services. Installing the Active Directory Domain Services Role Press the Ctrl-Alt-Del on the xxrwdc computer. Log in as the default administrator of the local computer with the username Administrator and cisisthebest!

More information

ExecuTrain Course Outline Configuring & Troubleshooting Windows Server 2008 Active Directory Domain Services MOC 6425C 5 Days

ExecuTrain Course Outline Configuring & Troubleshooting Windows Server 2008 Active Directory Domain Services MOC 6425C 5 Days ExecuTrain Course Outline Configuring & Troubleshooting Windows Server 2008 Active Directory Domain Services MOC 6425C 5 Days Introduction This five-day instructor-led course provides in-depth training

More information

Create, Link, or Edit a GPO with Active Directory Users and Computers

Create, Link, or Edit a GPO with Active Directory Users and Computers How to Edit Local Computer Policy Settings To edit the local computer policy settings, you must be a local computer administrator or a member of the Domain Admins or Enterprise Admins groups. 1. Add the

More information

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services www.etidaho.com (208) 327-0768 Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services 5 Days About this Course This five-day instructor-led course provides in-depth

More information

Active Directory Diagnostic Tool

Active Directory Diagnostic Tool Active Directory Diagnostic Tool Active Directory Diagnostic Tool (Ntdsutil.exe)...2 Invoking Ntdsutil s and Parameters...2 How to Use Ntdsutil Menu s...2 How Ntdsutil Processes Input...2 How to Use Arguments

More information

Exchange Server Backup and Restore

Exchange Server Backup and Restore WHITEPAPER BackupAssist Version 6 www.backupassist.com Cortex I.T. 2001-2007 2 Contents 1. Introduction... 3 1.1 Overview... 3 1.2 Requirements... 3 1.3 Requirements for remote backup of Exchange 2007...

More information

Configuring Windows Server 2008 Active Directory

Configuring Windows Server 2008 Active Directory Configuring Windows Server 2008 Active Directory Course Number: 70-640 Certification Exam This course is preparation for the Microsoft Technical Specialist (TS) exam, Exam 70-640: TS: Windows Server 2008

More information

Searching for accepting?

Searching for accepting? If you have set up a domain controller previously with Windows 2000 Server, or Windows Server 2003, then you would be familiar with the dcpromo.exe command also be used to set up a Domain Controller on

More information

6425C - Windows Server 2008 R2 Active Directory Domain Services

6425C - Windows Server 2008 R2 Active Directory Domain Services Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Introduction This five-day instructor-led course provides in-depth training on configuring Active Directory Domain Services

More information

CHAPTER THREE. Managing Groups

CHAPTER THREE. Managing Groups 3 CHAPTER THREE Managing Groups Objectives This chapter covers the following Microsoft-specified objectives for the Managing Users, Computers, and Groups section of the Managing and Maintaining a Microsoft

More information

5.6.3 Lab: Registry Backup and Recovery in Windows XP

5.6.3 Lab: Registry Backup and Recovery in Windows XP 5.6.3 Lab: Registry Backup and Recovery in Windows XP Introduction Print and complete this lab. In this lab, you will back up a computer registry. You will also perform a recovery of a computer registry.

More information

SafeGuard Enterprise Administrator help

SafeGuard Enterprise Administrator help SafeGuard Enterprise Administrator help Product version: 5.60 Document date: April 2011 Contents 1 The SafeGuard Management Center...4 2 Log on to the SafeGuard Management Center...5 3 Operating steps

More information

SAM Backup and Restore Guide. SafeNet Integration Guide

SAM Backup and Restore Guide. SafeNet Integration Guide SAM Backup and Restore Guide SafeNet Integration Guide April 2011 Introduction Copyright 2011 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete

More information

Contents Introduction... 3 Introduction to Active Directory Services... 4 Installing and Configuring Active Directory Services...

Contents Introduction... 3 Introduction to Active Directory Services... 4 Installing and Configuring Active Directory Services... Contents 1. Introduction... 3 1.1. Setup... 3 2. Introduction to Active Directory Services... 4 3. Installing and Configuring Active Directory Services... 5 3.1. Joining to Domain... 5 3.2. Promoting Member

More information

Changing Your Cameleon Server IP

Changing Your Cameleon Server IP 1.1 Overview Technical Note Cameleon requires that you have a static IP address defined for the server PC the Cameleon server application runs on. Even if the server PC has a static IP address, you may

More information

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Course Number: 6425C Course Length: 5 Days Course Overview This five-day course provides in-depth training on implementing,

More information

Step-by-Step Guide to Active Directory Bulk Import and Export

Step-by-Step Guide to Active Directory Bulk Import and Export Page 1 of 12 TechNet Home > Windows Server TechCenter > Identity and Directory Services > Active Directory > Step By Step Step-by-Step Guide to Active Directory Bulk Import and Export Published: September

More information

Module 10: Maintaining Active Directory

Module 10: Maintaining Active Directory Module 10: Maintaining Active Directory Contents Overview 1 Lesson: Introduction to Maintaining Active Directory 2 Lesson: Moving and Defragmenting the Active Directory Database 6 Lesson: Backing Up Active

More information

Moving the TRITON Reporting Databases

Moving the TRITON Reporting Databases Moving the TRITON Reporting Databases Topic 50530 Web, Data, and Email Security Versions 7.7.x, 7.8.x Updated 06-Nov-2013 If you need to move your Microsoft SQL Server database to a new location (directory,

More information

Quickly Recovering Deleted Active Directory Objects

Quickly Recovering Deleted Active Directory Objects The Essentials Series: Tackling Active Directory s Four Biggest Challenges Quickly Recovering Deleted Active Directory Objects sponsored by by Greg Shields Qu ickly Recovering Deleted Active Directory

More information

Acronis Backup & Recovery 11

Acronis Backup & Recovery 11 Acronis Backup & Recovery 11 Quick Start Guide Applies to the following editions: Advanced Server Virtual Edition Advanced Server SBS Edition Advanced Workstation Server for Linux Server for Windows Workstation

More information

Microsoft Active Directory Backup and Recovery in Windows Server 2008. written by Shawn Barker Product Manager, Quest Software, Inc.

Microsoft Active Directory Backup and Recovery in Windows Server 2008. written by Shawn Barker Product Manager, Quest Software, Inc. Microsoft Active Directory Backup and Recovery in Windows Server 2008 written by Shawn Barker Product Manager, Quest Software, Inc. Copyright Quest Software, Inc. 2008. All rights reserved. This guide

More information

Windows 2008 Server DIRECTIVAS DE GRUPO. Administración SSII

Windows 2008 Server DIRECTIVAS DE GRUPO. Administración SSII Windows 2008 Server DIRECTIVAS DE GRUPO Administración SSII Group Policy A centralized approach to applying one or more changes to one or more users or computers Setting: Definition of a change or configuration

More information

MS-6425C - Configuring Windows Server 2008 Active Directory Domain Services

MS-6425C - Configuring Windows Server 2008 Active Directory Domain Services MS-6425C - Configuring Windows Server 2008 Active Directory Domain Services Table of Contents Introduction Audience At Clinic Completion Prerequisites Microsoft Certified Professional Exams Student Materials

More information

Chapter. Managing Group Policy MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER:

Chapter. Managing Group Policy MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER: Chapter 10 Managing Group Policy MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER: Implement and troubleshoot Group Policy. Create a Group Policy object (GPO). Link an existing GPO. Delegate administrative

More information

Introduction to Auditing Active Directory

Introduction to Auditing Active Directory Introduction to Auditing Active Directory Prepared and presented by: Tanya Baccam CPA, CITP, CISSP, CISA, CISM, GPPA, GCIH, GSEC, OCP DBA Baccam Consulting LLC tanya@securityaudits.org Objectives Understand

More information

6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Course Details Course Code: Duration: Notes: 6425C 5 days This course syllabus should be used to determine whether

More information

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Course Code: M6425 Vendor: Microsoft Course Overview Duration: 5 RRP: 2,025 Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Overview This five-day instructor-led course

More information

How to monitor AD security with MOM

How to monitor AD security with MOM How to monitor AD security with MOM A article about monitor Active Directory security with Microsoft Operations Manager 2005 Anders Bengtsson, MCSE http://www.momresources.org November 2006 (1) Table of

More information

Group Policy 21/05/2013

Group Policy 21/05/2013 Group Policy Group Policy is not a new technology for Active Directory, but it has grown and improved with every iteration of the operating system and service pack since it was first introduced in Windows

More information

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Course Number: 6425B Course Length: 5 Days Course Overview This five-day course provides to teach Active Directory Technology

More information

NE-6425C Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

NE-6425C Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services NE-6425C Configuring and Troubleshooting Windows Server 2008 Active Domain Services Summary Duration Vendor Audience 5 Days Microsoft IT Professionals Published Level Technology 02 June 2011 200 Windows

More information

Active Directory backup and restore with Acronis Backup & Recovery 10

Active Directory backup and restore with Acronis Backup & Recovery 10 Active Directory backup and restore with Acronis Backup & Recovery 10 Table of Contents 1. Introduction... 3 2. Backup and Recovery overview... 3 3. Active Directory backup... 3 4. Active Directory recovery...

More information

Portions of this product were created using LEADTOOLS 1991-2009 LEAD Technologies, Inc. ALL RIGHTS RESERVED.

Portions of this product were created using LEADTOOLS 1991-2009 LEAD Technologies, Inc. ALL RIGHTS RESERVED. Installation Guide Lenel OnGuard 2009 Installation Guide, product version 6.3. This guide is item number DOC-110, revision 1.038, May 2009 Copyright 1992-2009 Lenel Systems International, Inc. Information

More information

Integrating LANGuardian with Active Directory

Integrating LANGuardian with Active Directory Integrating LANGuardian with Active Directory 01 February 2012 This document describes how to integrate LANGuardian with Microsoft Windows Server and Active Directory. Overview With the optional Identity

More information

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Five Days, Instructor-Led About this course This five-day instructor-led course provides in-depth training

More information

Keenan s brief Guide to AD Snapshots

Keenan s brief Guide to AD Snapshots Keenan s brief Guide to AD Snapshots Author: Keenan Buck Solutions Architect 1 P a g e K e e n a n B u c k Disclaimer CTCS expressly disclaims any liability, which may arise in any manner and to any party

More information

EVault for Data Protection Manager. Course 301 Server Protection with DPM File and System State

EVault for Data Protection Manager. Course 301 Server Protection with DPM File and System State EVault for Data Protection Manager Course 301 Server Protection with DPM File and System State Table of Contents Objectives... 3 Scenario... 3 Estimated Time to Complete This Lab... 3 Requirements for

More information

Deploying System Center 2012 R2 Configuration Manager

Deploying System Center 2012 R2 Configuration Manager Deploying System Center 2012 R2 Configuration Manager This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.

More information

Microsoft Exchange 2003 Disaster Recovery Operations Guide

Microsoft Exchange 2003 Disaster Recovery Operations Guide Microsoft Exchange 2003 Disaster Recovery Operations Guide Microsoft Corporation Published: December 12, 2006 Author: Exchange Server Documentation Team Abstract This guide provides installation and deployment

More information

Support Document: Microsoft SQL Server - LiveVault 7.6X

Support Document: Microsoft SQL Server - LiveVault 7.6X Contents Preparing to create a Microsoft SQL backup policy... 2 Adjusting the SQL max worker threads option... 2 Preparing for Log truncation... 3 Best Practices... 3 Microsoft SQL Server 2005, 2008, or

More information

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain MOC 6425

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain MOC 6425 Configuring and Troubleshooting Windows Server 2008 Active Directory Domain MOC 6425 Course Outline Module 1: Introducing Active Directory Domain Services This module provides an overview of Active Directory

More information

Windows Server 2008 Active Directory Resource Kit

Windows Server 2008 Active Directory Resource Kit Windows Server 2008 Active Directory Resource Kit Stan Reimer, Conan Kezema, Mike Mulcare, and Byron Wright with the Microsoft Active Directory Team To learn more about this book, visit Microsoft Learning

More information

Active Directory Installation on Windows Server 2012

Active Directory Installation on Windows Server 2012 Active Directory Installation on Windows Server 2012 What really active directory is..? Active Directory Domain Services (AD DS) is an extensible and scalable directory service you can use to efficiently

More information

Backup Exec System Recovery 7.0 Best Practices

Backup Exec System Recovery 7.0 Best Practices Backup Exec System Recovery 7.0 Best Practices Windows 2000/2003 Server and Active Directory Domain Controllers Updated By: Bill Felt Authored By: Aimee Barborka NOTE: As Symantec products evolve, some

More information

NetVanta Unified Communications Server Backup and Restore Procedures

NetVanta Unified Communications Server Backup and Restore Procedures NetVanta Unified Communications Technical Note NetVanta Unified Communications Server Backup and Restore Procedures 1 Introduction 1.1 Overview This document provides backup and restore procedures to protect

More information

How to properly backup and restore FactoryTalk AssetCentre data in the MSSQL database

How to properly backup and restore FactoryTalk AssetCentre data in the MSSQL database Protect Your FactoryTalk AssetCentre Data Backing up and Restoring FactoryTalk AssetCentre with Microsoft SQL Server 2005 How to properly backup and restore FactoryTalk AssetCentre data in the MSSQL database

More information

Lab A: Deploying and Managing Software by Using Group Policy Answer Key

Lab A: Deploying and Managing Software by Using Group Policy Answer Key Lab A: Deploying and Managing Software by Using Group Policy Answer Key Exercise 1 Assigning Software This Answer Key provides the detailed steps for completing Lab A: Deploying and Managing Software by

More information

Restructuring Active Directory Domains Within a Forest

Restructuring Active Directory Domains Within a Forest C H A P T E R 1 2 Restructuring Active Directory Domains Within a Forest Restructuring Active Directory directory service domains within a forest with the goal of reducing the number of domains allows

More information

Restore von Active Directory mit einer von HP entwickelten Lösung

Restore von Active Directory mit einer von HP entwickelten Lösung estore von Active Directory mit einer von HP entwickelten Lösung (ecovering from Active Directory Disasters) Guido Grillenmeier Senior Consultant Technology Solutions Group Hewlett-Packard Agenda hat is

More information

Active Directory Infrastructure Design Document

Active Directory Infrastructure Design Document Active Directory Infrastructure Design Document Written By Sainath KEV Microsoft MVP Directory Services Microsoft Author TechNet Magazine, Microsoft Operations Framework Microsoft Speaker - Singapore Document

More information

2. Using Notepad, create a file called c:\demote.txt containing the following information:

2. Using Notepad, create a file called c:\demote.txt containing the following information: Unit 4 Additional Projects Configuring the Local Computer Policy You need to prepare your test lab for your upcoming experiments. First, remove a child domain that you have configured. Then, configure

More information

LDAP Implementation AP561x KVM Switches. All content in this presentation is protected 2008 American Power Conversion Corporation

LDAP Implementation AP561x KVM Switches. All content in this presentation is protected 2008 American Power Conversion Corporation LDAP Implementation AP561x KVM Switches All content in this presentation is protected 2008 American Power Conversion Corporation LDAP Implementation Does not require LDAP Schema to be touched! Uses existing

More information

CTERA Agent for Windows

CTERA Agent for Windows User Guide CTERA Agent for Windows September 2013 Version 4.0 Copyright 2009-2013 CTERA Networks Ltd. All rights reserved. No part of this document may be reproduced in any form or by any means without

More information

Team Foundation Server 2012 Installation Guide

Team Foundation Server 2012 Installation Guide Team Foundation Server 2012 Installation Guide Page 1 of 143 Team Foundation Server 2012 Installation Guide Benjamin Day benday@benday.com v1.0.0 November 15, 2012 Team Foundation Server 2012 Installation

More information

Topics. ADSIEDIT in ADUC

Topics. ADSIEDIT in ADUC 2008 AD Drilldown Topics RODCs Server Deletion Wizard AD snapshots 2008 AD backups Anti-deletion protection Fine-grained password policies Next closest site Server Core and AD ADSIEDIT in ADUC Read-Only

More information

Expert Reference Series of White Papers. In the Trenches: Eight Tips-n-Tricks For Microsoft Windows Group Policy

Expert Reference Series of White Papers. In the Trenches: Eight Tips-n-Tricks For Microsoft Windows Group Policy Expert Reference Series of White Papers In the Trenches: Eight Tips-n-Tricks For Microsoft Windows Group Policy 1-800-COURSES www.globalknowledge.com In the Trenches: Eight Tips-n-Tricks for Microsoft

More information

safend a w a v e s y s t e m s c o m p a n y

safend a w a v e s y s t e m s c o m p a n y safend a w a v e s y s t e m s c o m p a n y SAFEND Data Protection Suite Installation Guide Version 3.4.5 Important Notice This guide is delivered subject to the following conditions and restrictions:

More information

Video Administration Backup and Restore Procedures

Video Administration Backup and Restore Procedures CHAPTER 12 Video Administration Backup and Restore Procedures This chapter provides procedures for backing up and restoring the Video Administration database and configuration files. See the following

More information