Active Directory Incidents and Disasters - I Need ADVL!

According to a recent survey conducted by Dimensional Research on behalf of Quest, accidental changes to Active Directory tops the list of concerns by organizations surveyed, followed closely by Active Directory corruption. 

Also, in the list, as you can see are employee or ex-employee malicious incidents as well as Schema changes  followed by  natural disasters and Cyber-terrorism, indeed a growing concern over the last decade in the US.  However, when asked if these companies have a robust plan in place 59% either did not have a robust plan or any plan in place!  Also, only 55% of the customer who had a disaster recovery plan in place actually tested it.  As shocking as these results may be, it is something that has been coming up over and over again for us and we wanted to know why!

The reasons for not testing the Active Directory recovery plan on a regular basis:  65% of survey respondents indicated that it’s too hard to set up a test environment and 64% said they don’t have the resources.  So when asked, 80% agreed that it would be more efficient to test their disaster recovery plan if they could easily create a virtual lab that accurately mirrors their production Active Directory forest.

Recovery Manager for AD Forest Edition:  Active Directory Virtual Lab creator (ADVL)

What does it do?  It creates an isolated virtualized copy of all or part of your production forest.

What are the use cases?  It can be used to test AD schema upgrades, software deployments or service packs.  The biggest use case is that now you have the ability to validate your forest recovery procedure and you can export the results which will show each step as well as the total time the forest recovery took.

What are the main features? 

  • Virtual lab created on VMware or Microsoft SCVMM infrastructure
  • Source computers can be physical (P2V) or virtual (V2V)
  • Any computer can be added to lab (not only DCs)
  • Virtual lab isolated from production by configured network settings
  • Post-processing in virtual lab brings forest to a consistent state
  • Virtual lab created with disabled network adapters to prevent accidental isolation issues
  • Network adapters enabled automatically after confirmation from user

As seen In the figure below you can choose any domain controller or member server in your forest:

As seen in the screenshot below, the fully automated creation of your virtual lab using production data!

For more information on Recovery Manager for AD Forest Edition and the Active Directory Virtual lab (ADVL) click here.

For the full survey and the results check it out here!