Active Directory is the foundation of our networks. If AD isn't up, nothing else is. Not even cloud apps if you are using federation. Thankfully AD is pretty resilient – unless someone purposefully or accidentally destroys AD. It happens. Here's a list of examples I know of personally:
- Public accounting firm's IT audit team corrupts Active Directory at a client's site while collecting information
- Disgruntled admin, in a fit of rage, deletes an OU containing several thousand users
- Invalid bitmask in an IPv6 subnet definition in Microsoft Sites and Services
- Corrupted DIT file due to memory or disk errors
- Malicious outsider gains access to IT infrastructure of a company and deletes so much data company goes out of business
- Accidental DNS zone deletion brings down all customer access to a cloud SaaS provider
Most AD disasters we know of are accidental but note that US-CERT specifically calls out targeted destructive malware and protections to take with Active Directory.
CERT's guidance reflects that fact that today even seemingly mundane businesses and good organizations like hospitals are up against skilled attackers who are highly motivated and at best reckless.
As more malicious actors get into the ransomware game we can expect to see threat of destruction become another option for attackers that don't succeed in encrypting large amounts of data.
But beyond financially motivated attackers there are plenty other actors out there who are highly motivated to simply damage infrastructure or cause harm to their perceived enemies.
So let me ask you, if you were that person and gained access to a network; Where would you hit it to cause the greatest damage? Active Directory is the nerve center of your network.
In a recent conversation on this, I was surprised how many people think they can rely on Windows Server 2016's AD Recycle Bin. In this webinar my long-time colleague, Brian Hymer, and I will explore destructive risks to Active Directory. We will classify them into 5 types of AD destructive disasters:
- Domain node object deletion
- Special object deletion
- Attribute changes
- Group policy
- Forest level emergencies
For each of these areas we'll discuss your options for recovery including:
- System-state recovery
- Forest-level recovery
- Recycle bin
We aren't talking about recovering individual domain controllers that go down. In this webinar we are focusing on when objects in AD are deleted or otherwise modified or when AD itself is corrupted beyond a single domain availability issue.
It basically comes down to this: unless it's simply a matter of domain node objects (users, groups, computers…) being deleted - there's a good chance the Recycle Bin just isn't going to cut it for you. AD is not as compartmentalized in terms of domains and domain controllers as many people think.
Brian and I will delve into all of these issues and make sure you understand how to prepare for and execute a successful forest recovery. Not something you want to do but you certainly want to know you can do it when it becomes necessary.
After that, Brian will briefly show you how Quest Recovery Manager for Active Directory can automatically protect your AD and help you recover a completely destroyed AD forest within a very short period of time. Please register now and join us for this real training for free ™.