5 Active Directory Tragedies You Can Prevent - Beware the Ides of March

We all read “Julius Caesar” in high school, but for most us, that’s been a while (or longer than that); so, a little refresh is in order. As you may recall, Caesar had a problem with accepting the many ominous portents that came his way. Nightmares, pleas from his wife, a soothsayer shouting warnings from the crowd… All of it was brushed aside in service of his own ambition. Shakespeare’s take away for his audience? Don’t be like Caesar. Yet, as great drama captures so well, we often can’t help being our own undoing.

In any Windows network, Active Directory (AD) serves as the source of nearly all authentication and authorization. And as in that ancient Roman power struggle, when your unifying power is taken out, the whole republic can be torn asunder. Failing to prevent an Active Directory disaster won’t leave you bleeding to death on the senate floor, but it may feel like it.

Ides of March, Tragedy #1: Losing a Domain Controller

Losing a domain controller (DC) means losing authentication and authorization services for some portion of your IT environment. While this is bad, losing a DC is probably the least fatal of AD disasters, owing to the fact that almost every AD has a minimum of two DCs in place. With the right tools, restoring a DC from a good backup doesn’t take much time. And being able to get the server up and running quickly can make all the difference. It’s never wise to let the plebeians know what intrigues go on behind the senate doors.

Ides of March, Tragedy #2: Losing a User, Computer Object or Group Policy

Brutus made the mistake of trusting Marc Antony to deliver a harmless eulogy at Caesar’s funeral; instead he incited the crowd to such fury that Brutus wound up fleeing for his life. Though the stakes may be less dramatic in an AD disaster, your AD recovery plan should spell out the processes and technologies needed for quick restoration of Group Policies — all while locking down completion only to trusted individuals. You’ll need to protect domain security and ensure that an auditor can verify your process was conducted correctly, just like Brutus needed to convince the people he did it all for them.

Ides of March, Tragedy #3: Losing an Entire Group of Users or Computer Objects

Think about this: at any given time, all of your users and their computers are just three mouse clicks away from annihilation. That means passwords, personal information, mailboxes, permissions… everything gone. It took only the well-intentioned (though brutal) actions of one man, Brutus, to throw the mighty Roman Republic into chaos that ultimately saw its tradition of democracy replaced by monarchy and empire. In the same way, all it takes is someone with good intentions, but lacking skills or experience with AD, to throw your business into chaos. Recovering from this disaster means incorporating solutions that can restore data in seconds, rather than hours or days.

Ides of March, Tragedy #4: Losing Your Entire Forest

In classic tragedy, the protagonist is imbued with a fatal flaw that inevitably leads to his downfall. For Julius Caesar, that flaw was his own hubris. AD’s multi-master replication also has a fatal flaw — any corruption can quickly spread across every domain controller, causing irreparable harm before you realize the system is tearing itself apart. And putting it back together is no easy task… AD services must be reconstructed, metadata cleaned up, trusts reestablished, accounts reset, and lots more.

Ides of March, Tragedy #5: Any of the Above and Losing Backup Data

Like Caesar ignoring the soothsayer’s warning, this potentially career-ending disaster can arise from a false sense of security. Maybe backup jobs weren’t run on domain controllers, or perhaps the backups failed, leaving unheeded warnings in long-neglected logs. Because the stakes are so high, many organizations are now choosing to go with an automated backup tool to safeguard their AD foundation. Offloading backups and storage to a third-party product or service can save time and money, and perhaps prevent treason from taking root in your 8 - 5 republic.

To learn more, download the white paper!