Tip

Protect your Active Directory at all cost

James Michael Stewart, Contributor

The Active Directory database for your domain is a single point of failure that could bring down not only your network, but your entire organization as well. Most companies rely heavily, if not exclusively, on their network for their daily operations and ultimately their profits. Every minute your network is down can result in hundreds to hundreds of thousands of dollars in lost profits or incurred expenses. Thus, protecting the stability of your network's lifeblood, i.e. the Active Directory database, becomes a mission-critical issue.


Microsoft built in several self-repair mechanisms and self-adjusting features to keep AD happy and healthy. But you should not rest on your laurels.

First and foremost, you should always deploy at least three domain controllers (DC) in each domain. Windows 2000 domains no longer use the term backup domain controller, but you can still consider it a backup as in a protection against failure of your primary machine. Two DCs offers the protection against a single failure, but the more important your business and the more you rely upon your network for productivity, the more you should implement protection against multiple failures.

Another reason to deploy multiple DCs is to spread the load of the AD operations master roles among several systems. Ideally you should have 2 global catalog servers, plus one server each for schema master, domain naming master, PDC emulator, RID master, and infrastructure master. Thus a

Requires Free Membership to View

total of 7 DCs would provide for maximum load balancing and protection against multiple system failures. The larger your network and the more crucial your dependence on it, the more reasonable this number sounds (and in some cases seems too small).

In addition to relying on internal checking and multiple DCs to maintain your AD, you should still deploy a reliable backup system. A reliable backup is one that is capable of backing up your network (whether every bit or just the created data (i.e. not software and OS)) in a reasonable amount of time and offers an efficient method to restore some or all of the backed up data. Make sure your backup solution supports backing up the live AD database. This is usually a separate file selection checkbox named System State or similar.

As part of your backup schedule, you should include regular backup verifications and restore tests. A backup is only good if you can read it, if it contains the necessary data, and it can be restored. Be sure to abide by intelligent backup etiquette, such as replacing tapes after 6 to 10 uses, storing backups off site, and physically controlling access to backup media at all times.

In the unlikely event that all of your DCs are damaged or corrupted, a backup is your only form of insurance. Believe me, if you don't pay for protection now, you will pay for the lack of that protection later.


James Michael Stewart is a researcher and writer for Lanwrights, Inc.


This was first published in May 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.