Active Directory Back Up and Monitoring Plan
Active directory is a database used for serving a central location for authenticating and authorizing all users and computers within a network. The Active Directory Domain Controllers keep and maintain information on groups and users in a network. This enables users to conveniently access network resources. Creating an effective back up plan is crucial for the small business as it helps prevent corruptions to the Active directory. The active directory back up plan will consist of detailed guidelines to restore the system operations in case of disruptions. The back up plan will clearly specify a recovery period, methods for reconfiguring and recovering the data in the directory. It will be based on an assessment of potential threats to the system. This will ensure that the client’s new system will be continually functional. Instituting a recovery timeline will increase efficiency during the actual backup implementation.
The back up plan I will design will involve the installation of backup utility software with similar features to the NT Back up utility. The backup system will make a provision in the software to restore minor corruptions like mistakenly deleted information. This is a more usual incident than the corruption of the entire directory. Backing up the system online will enable users access the system even when data saving and system recovery operations are being carried out. The installed software will back up the domain controllers’ system state for each domain in the forest. This will ensure that each domain controller in that forest can be recovered.
Backups are only able to work within a given period because the active directory will only keep deleted items for a given period before completely disposing them. This period is called a tombstone lifetime. Although tombstone values in the active directory can be altered, backups older than the given value will not be recovered. This is to prevent deleted items from being reinstituted in the directory. The back up software will thus provide for resetting the computers if the objects that need to be restored have been deleted for more than two months. This is inconsideration to the password lifetime of domain controllers, which on average is two months. The controllers will only accept one current computer password and another previous one.
The utility software will save the directory data daily. A scheduled option that can function without an operator will be programmed into the system. Using a secondary directory will enable the storage of data on a similar directory to the primary one. The secondary directory can take over the functions of the primary in case of system corruption.
Monitoring the back up system keeps it in proper working condition. Installing monitoring software is the best security option for the customer due to the numerous advantages. The main work of the system designer will be to set the parameters for triggering an alert in case the software detects performance problems in the directory. Tools needed include command line tools like Repamin.exe. This diagnoses replication problems. It enables administrators to look at the domain controller replication policy and trouble shoot it if needed. Knowledge consistency detectors monitor the replication policy.
Other command line tools directly interact with the directory database. They remove any decommissioned objects and examine trust relationships. As a result, when any problems are detected, the server will automatically shut down while checking the replication state in the domains. Trust relationships are the extent to which authorized users access a domain. For example, only certain users are allowed to log into pre-determined domains. Some monitoring tools can be shut down remotely by administrators and force the synchronization of the domain controllers. They also enable users to remove orphaned domains from the active directory to prevent the active directory from crashing.