Active Directory, 5th Edition by Brian Desmond, Joe Richards, Robbie Allen, Alistair G. Lowe-Norris

A very important though often overlooked aspect of maintaining Active Directory is having a solid disaster recovery plan in place. While the reported incidents of corruption of Active Directory have been minimal, it has happened and is something you should be prepared for, regardless of how unlikely it is to occur. You’re much more likely to need to restore accidentally deleted objects than to have to deal with complete corruption, and thus you should be prepared for this as well. Do you have a plan in place for what to do if a domain controller that has a FSMO role suddenly goes offline, and you are unable to bring it back? These are all stressful scenarios: clients are complaining or an application is no longer working correctly, and people aren’t happy. It is during times like these that you don’t want to have to scramble to find a solution. Having well-documented and tested procedures to handle these issues is critical.

In this chapter, we will look at how to prepare for failures by backing up Active Directory. We will then describe how you can recover all or portions of Active Directory from a backup, as well as how to recover deleted objects from the Active Directory Recycle Bin. We will then cover how to recover from FSMO failures. Finally, we will look at other preventive maintenance operations you can do to ensure the health of Active Directory.