Active Directory Disaster Recovery (THIS PAGE NEEDS UPDATING)

Any Active Directory Disaster Recovery procedure involves re-establishing forest domain controllers back to their pre-breakdown state. There are two procedures for Domain Controller Recovery, each with a specific purpose. Both are outlined below and referenced in the Forest Recovery Plan which follows them.

• RecovDCSync - Recover a Domain Controller Through Re-Synchronization
• RecovDCBackUp - Recover a Domain Controller from a Backup

In the event that the entire CSCF AD Forest is wiped out, Microsoft recommends that a forest be restored in the following order.

1. Recover, from backup, a single domain controller in the forest root domain.
2. Recover, from backup, a single domain controller in all tree root domains.
3. Recover, from backup, a single domain controller in all subsequent child domains.

In the case of the CSCF Active Directory, this means recovering, from backup, domain controllers in the forest in the following order.

1. CSCF (cscf.uwaterloo.ca)
   • elisa: Because this server also maintains the AD DNS Primary server
2. CSCF-SYSADMINS (sysadmins.cscf.uwaterloo.ca)
   • julia
3. CS-GENERAL (cs.uwaterloo.ca)
   • serverus: Because the openssh server for password sync with core.cs is on this server
4. CS-TEACHING (student.cs uwaterloo.ca)
   • canadenis: Because the openssh server for password sync with student.cs is on this server

Once a domain is re-established, the remaining domain controllers in each domain can be re-created through domain synchronization as described in RecovDCSync. You will need the following things.

• Physical Access to the Domain Controller hardware.
• The CSCF Standard Windows 2003 Terminal Server Image.
• The CSCF Local Administrator Master Password.

Once other services are re-established the AD DNS Secondary server on eponina should be re-established.