![]() Active Directory incorporates the tombstone lifetime into the backup and restores process as a means of protecting itself from inconsistent data. The default tombstone lifetime is 60 days. At a minimum, perform at least two backups within the tombstone lifetime. A backup that is older than the tombstone lifetime set in Active Directory is not a good backup.If you have lost all domain controllers, you can recover a primary domain controller (containing FSMO roles), and deploy a new secondary domain controller, replicating changes from the primary DC to the secondary DC. You should back up the domain controller that has FSMO (Flexible Single Master Operation) roles installed. If you have more than one domain controller, you should back up at least one of them. It is obvious that if you have just one domain controller in your infrastructure, you should back up this DC. At least one domain controller in a domain must be backed up. ![]() This approach ensures AD database integrity and avoids any chances of conflicts that may occur because of the restoration. ![]() StorageCraft can help you implement a modern approach to 3-2-1-1 for storage, backup, and disaster recovery. By focusing on business continuity and following the 3-2-1-1 rule you can be more confident that you can recover your data if an attack is successful. However, in case of a single DC failure, you should not restore this DC from backup, instead, you should simply install a fresh new server and promote it as a Domain Controller. One thing is certain: the ransomware threat to data backups is not going away.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |