Showing results for 
Search instead for 
Did you mean: 
Level 3
Partner Employee

The Technical Services team for Backup and Recovery have produced a number of documents we call "Blueprints".

These Blueprints are designed to show backup and recovery challenges around specific technologies or functions and how NetBackup solves these challenges.

Each Blueprint consists of:

  • Pain Points: What challenges customers face
  • Whiteboard: Shows how NetBackup solves the customer challenges
  • Recommended Configuration: Shows recommended installation
  • Do’s: Gives detailed configurations suggested by Symantec
  • Don'ts: What configurations & pitfalls customers should avoid
  • Advantages: Summarizes the NetBackup advantages

The crucial role of Active Directory

Regulatory requirements require that your organization protect sensitive information at all times, regardless of where it is stored. The key to compliance is the ability to monitor and enforce security policies at all times – a task which poses challenges for many organizations. As a critical component of most network infrastructures, Active Directory is positioned to help meet many of these requirements with greater ease and fewer headaches. Active Directory provides a central service for administrators to organize network resources, manage users, computers, and applications. Many different objects can be stored in the Active Directory, including:

  • Users
  • Groups
  • Security credentials such as certificates
  • System resources such as computers (or servers) and printers Replication components, settings are themselves objects in the Active Directory
  • COM component configuration, which was stored in the registry in Windows NT, is now stored in the class store in the Active Directory
  • Rules and policies to control the working environment

You can think about AD in one of two ways — as a key part of your network wherein you spend a lot of time designing and tweaking its architecture, or simply as another database that exists on a server in your organization (in larger organizations AD would be a distributed database system).

As a database that exists on a server in your network, you should be following your best practices guidelines for backing it up and protecting it. As a key component of your network’s infrastructure, you should be planning on where it fits in the restoration chain in case you lose your network or building.

Protecting Active Directory

Protecting Active Directory is more essential than it first appears. Active Directory (AD) is the standard directory service in the Windows O/S. Exchange, SharePoint and SQL. All are dependent on its on-going good health, and yet, although we understand the necessity to protect our databases, email systems, applications – all of which are reliant on Active Directory in the Windows O/S, many organizations do not do anything specific to protect Active Directory?

Backing up Active Directory is pretty simple. However, everyone appreciates that an efficient backup and quick recovery of Active Directory to maintain business productivity is essential, and any administrator who has ever had to attempt to recover Active Directory data without such a tool is well versed on how frustrating and time consuming just the basic recovery process can be.

Should data in Active Directory corrupt – which can happen – it can have a ripple effect across the Windows environment including down to the application level of Microsoft Exchange, SQL, and SharePoint. Because Active Directory is a replicated database any human error, hardware or software failures, incorrectly modified or deleted objects, faulty scripts accidentally overwrite key Active Directory attributes can have a disastrous affect. Since it is a replicated database an accidentally deleted user account can result in a lengthy process while someone struggles to recover the Active Directory environment.

With no specific backup and recovery tool for managing Active Directory:

  • The recovery process for Active Directory is tedious and difficult
  • Active Directory restores often require command-line system tools
  • Requires a full restore of System State which increases downtime
  • Authoritative restores also require you to disconnect the Domain Controller from the network which prevents users from accessing network resources during the recovery
  • The domain controller must be rebooted at least twice, creating additional downtime and risk
  • After full recovery, Active Directory installations have redundancy, because of replication, and must wait for large portions of the directory to replicate inbound and outbound, creating additional downtime Copyright © 2014 Symantec Corporation. All rights reserved. Symantec and the Symantec logo are trademarks of Symantec Corporation. All other brands and products are trademarks of their respective holder/s.

Adequately protecting Active Directory as the primary directory service in Windows is essential. Microsoft Exchange, SQL, and SharePoint all depend on efficient backup and quick recovery of Active Directory.

You can download the full Blueprint from the link below.

Version history
Last update:
‎01-14-2015 03:25 AM
Updated by: