Hi everyone! I hope you're all doing well. I have a two-part question regarding maintaining the health of our Windows Active Directory setup. First, what regular tasks do you perform on a weekly, monthly, or yearly basis to ensure your Active Directory is in good shape? I usually check the replication health between domain controllers occasionally and ensure the Windows backup job for the NTDS file is running. Secondly, we don't currently have a disaster recovery plan for our Active Directory. Is there a guide or resource that lists what files should be backed up for AD recovery, including details like passwords and services that need to be preserved? I'd appreciate any insights you have!
4 Answers
Make sure you have an AD health checklist. If your disaster recovery plan is just 'call Microsoft and hope for the best,' you're risking a huge mess with any replication issues.
You can start with the recovery guide available on Microsoft's site. It provides a comprehensive approach to Active Directory recovery. Check it out here: https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/forest-recovery-guide/ad-forest-recovery-guide.
I run dcdiag and repadmin tests weekly to keep an eye on things. Once a month, I boot up one of the domain controllers from backup on a separate VLAN. If it crashes, I know we’ve got some serious DR planning to do!
For regular checks, our Azure Active Directory connectors notify us about issues with any domain controllers or AD synchronization, which really helps. Our disaster recovery usually just involves restoring from backups if anything goes wrong.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures