BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

PowerBroker Recovery for Active Directory Takes the Pain and Uncertainty out of AD Recovery

Posted March 19, 2012    Morgan Holm

I remember back in school working on an essay for days, saving it to my local 5 ¼ inch floppy just to find a disk error when trying to print it the day before it was due. Remembering all that I wrote, and then actually doing the work, gave me an unsettling feeling in my lower stomach. I am sure we have all been there. Well, having more than a decade of experience with Active Directory I can tell you I have come across a fair share of administrators who have come across a similar scenario.

The thought of a blown away OU or massive disruption caused by an automated script “gone bad” is definitely not fun for an administration team and can greatly affect a business’s bottom line. When rewriting my lost essay it was just me making additions and changes to the source, and therefore foreseeable that I could remember most of the additions and edits that I had made. However, in Active Directory there could be dozens of administrators, help desk staff, users, and automated processes making changes to the directory objects. When a malicious or inadvertent change affects the health of the directory, restoring it is not only a daunting administrative task, it is also an expensive and timely exercise that includes:

Backup Identification and Verification: The administrators need to find and verify the last “good” backup from which to start their recovery operations.

Data Loss Discovery and Validation: The administrators need to identify the good changes, and inform the business that these changes made will need to be reapplied. The volume of these changes and potential for data loss could be significant. Take for example a scenario where the directory troubles are discovered at 3:00 PM and the last good backup was the previous evening—say 1:00 AM. In this example there are 14 hours of potential user and system driven changes that may have been applied to the production Active Directory, but not reflected in the backup source. This could include user and group changes dictated by help desk and HR processes. Not only do these changes need to be re-applied, but also any supplementary documentation to support compliance and security initiatives may also need to be updated to reflect these issues and remediation efforts.

Data re-application: Once the source backup and good changes have been identified, they need to be re-applied to the directory. This could be done manually, but it is preferred that these changes can be applied in an automated way to speed recovery and reduce errors. This may involve re-running automated processes, creating and running some scripts. However, when performing the recovery you need to ensure that you are only applying the good changes in a way that does not affect other objects and attributes—again, not a trivial process.

While these steps are somewhat generalized, they outline some of the high-level steps required to recover from a domain and object level directory issues and outages. Finding a good backup is typically not that difficult, assuming that you are performing and verifying Active Directory backups within your environment. But, that is only a small component of the recovery operation. Reducing data loss, verifying the final directory state, and ensuring that all supporting documentation and processes have been updated can take a significant amount of time and resources.

This is why Active Directory recovery solutions have become a staple for many organizations in which their AD environment has become a critical component of their IT and business processes.

PowerBroker eliminates and automates much of the recovery process to reduce errors, eliminate data loss and ensure the business is up and running as quickly as possible.

Backup Identification and Verification
PowerBroker Recovery for Active Directory eliminates the need to find and load various backup files by providing a single-instance online change log, which enables organizations to quickly review and compare directory objects back to previous point-in-time backups from a single interface.

Data Loss Discovery, Validation and Re-application
PowerBroker Recovery for Active Directory also provides online object and attribute level comparisons and rollbacks to target only those specific changes that need to be rolled back. This greatly reduces possible data loss and errors, as well as the labor cost of locating and reapplying specific changes from a point-in-time backup.

Ensuring Zero Data Loss
In addition to point-in-time backups, PowerBroker Recovery for AD is the only solution to provide a continuous change log for Active Directory. This online log protects directory content up to the point of the error or malicious event. If a user, or even an entire OU, is deleted, the change log will enable the user to recover all object and attribute data up to the point of the deletion event, resulting in ZERO data loss with a few clicks of the mouse. The continuous audit log also features an “UNDO” button that enables changes to objects and attributes to be rolled back with a single mouse click.

If you’re organization is serious about Active Directory and concerned about the potential impact of outages, you may want to have a look at our award winning solution
http://www.beyondtrust.com/Home/AllProducts/

Tags:
, , ,

Leave a Reply

Additional articles

pbps-customer-campaign-image

You Change Your Oil Regularly; Why Not Your Passwords?

Posted September 11, 2014    Chris Burd

There are many things in life that get changed regularly:  your car oil, toothbrush and hopefully, your bed sheets.  It’s rare that you give these things much thought – even when you forget to change them. But what if you’re forgetting something that can cost you millions of dollars if left unchanged for long periods…

Tags:
, , ,

On-Demand Webcast: The Little JPEG that Could (Hack Your Organization) with Marcus Murray

Posted September 10, 2014    Chris Burd

IT security has come a long way, but every once in a while you see something that makes you think otherwise. Every day, internal and external hackers breach and traverse “secure” environments, making you wonder just how easy it is for attackers to completely compromise your network. In a new on-demand BeyondTrust webcast, Marcus Murray,…

Tags:
, , , , ,

Retina Vulnerability Audits – September 2014 Patch Tuesday

Posted September 9, 2014    BeyondTrust Research Team

The following is a list of Retina vulnerability audits for this September 2014 Patch Tuesday: MS14-052 – Cumulative Security Update for Internet Explorer (2977629) 35141 – Microsoft Cumulative Security Update for Internet Explorer (2977629) 35142 – Microsoft Cumulative Security Update for Internet Explorer (2977629) – IE8/2003 35143 – Microsoft Cumulative Security Update for Internet Explorer (2977629) – IE8…