Active Directory Disasters Five Dreaded Days that Can Ruin Your Whole Vacation

For those of us in IT, an Active Directory disaster is the ultimate “bad day at the office.” Every Windows network relies on AD for nearly all its authentication and authorization; so, when AD sneezes, the whole organization gets a cold. And just like getting a cold can ruin a long-anticipated vacation, AD disasters evoke reactions spanning simple irritation to a meltdown worthy of Clark Griswold’s Walley World freakout. For comparison, lets break down common AD disasters using a scale of vacation nightmares…

Dreaded Day #1: Losing a domain controller (Losing your ticket)

You left your car in long-term parking and schlepped your luggage to the terminal, only to discover your boarding passes are at home on the kitchen table. They can print new ones, right? I don’t know, can they? Most likely, your airline will do what’s required to help you make your flight. Kind of like losing a Domain Controller on AD… It’s a hassle, but there’s always a backup, and your users can be up and running again without a lot of finger pointing (most of the time).

 

Dreaded Day #2: Losing a user (Missing your flight)

This one’s not so easy. You’ll almost certainly incur a ticket fee to switch to a later flight, and if your whole family is going on vacation; those fees add up fast. So it is with a lost user — if the person associated with a lost object is up against a tight deadline, time lost to initiate a restore can cost them. Native recovery tools can help, but like missing that flight leaves you burning precious vacation hours in an airport instead of on balmy sands; time spent restoring a lost user diverts resources from more profitable activities.

 

 

Dreaded Day #3: Losing an entire group of users (Losing your luggage)

So now you’ve finally arrived at that exotic destination only to be told your family is without clothes or toiletries. Maybe the airline will find your bags in the 48 hours promised. If not, you’ll be going on an impromptu shopping trip in a (likely overpriced) tourist mall. As uncomfortable as the possibility of being without clean underwear in a strange place is, equally scary is the reality that it only takes three mouse clicks for anyone to delete entire groups of objects in AD. Yes, three clicks to delete hundreds of user names, passwords, mailboxes, permissions, everything — gone.

 

Dreaded Day #4: Losing your entire forest (Not booking a hotel reservation)

So you’ve arrived on time with all your bags, only to discover that the super-cheap travel site you used to book hotel reservations is as reliable as the location’s tap water. So you and your family sit atop your luggage in 100-degree heat outside your overbooked hotel while everyone looks at you to do something. If that sounds bad, consider the process involved in an AD forest recovery… Microsoft outlines 15 steps for a multi-domain environment just to get the first domain controller operational again. Each additional domain requires another 12 steps just to get the first DC up and running. Faced with this, it’s easy to start wishing you were back in Buffalo in January.

 

Dreaded Day #5: Any of the above plus losing backup data: (All of the above, plus losing your family on location).

So you forgot your ticket, which caused you to miss your flight and the airline to put your bags on the wrong plane. By the time you arrived, the hotel had given your reservation to someone else. Then while striking out on your own to search for vacant rooms, you get on the wrong shuttle and end up miles away from where your family waits in overheated desperation. Such is the experience of losing a domain controller, a user object, a group of users, or an entire forest — without backup data. This potentially career-ending scenario is more likely than any of us like to think.

 

Don’t let any of these dreaded days ruin your vacation — Learn more about Active Directory disaster recovery solutions.

Anonymous