Is your Active Directory environment prepared to quickly recover in the event of a disaster? There are so many different scenarios that could bring your AD environment to a halt. The most spine chilling scenarios are ones we are not yet aware of.
Inexperienced individuals can wield significant power over your entire Active Directory infrastructure. Without proper security controls, all it takes is one disgruntled person, or someone with slow reactions, or one who means well but doesn’t know much to shut down your entire business for an indefinite amount of time. Costing your company thousands of dollars an hour.
Here’s a scary thought: One needs only three mouse clicks to accidentally or maliciously delete entire trees of objects. At all times, hundreds or even thousands of users and their computers are just three mouse clicks away from complete obliteration. As they go, so also goes the sum total of their information: names, passwords, personal information, mailboxes, and permissions—everything gone, simply by a misplaced mouse-click.
Think about it. You have a situation where many AD objects attributes have been modified. This could be caused by an errant script or a provisioning application that integrates with AD and updates user or computer information like group membership or specific user attributes. Accidental changes to AD objects can happen and it’s not possible to roll back these changes natively without doing a full blown authoritative restore which means taking Domain Controllers offline.
Such disasters waiting to happen must be planned for in order to prevent them. That means implementing good controls over Active Directory data such as protecting all your OUs natively. It also means incorporating solutions that can restore your data in seconds, rather than hours or days without taking a Domain Controller offline.
For more specific real world disaster scenarios, check out:
Active Directory Recovery: Be More Prepared