Dell Recovery Manager for Active Directory Forest Edition is a product that can be employed to recover an Active Directory forest or specific domains in the forest in response to corruption or improper modification to the forest. Recovery Manager can automate the various manual tasks involved in a recovery, remotely quarantine corrupt domain controllers, and restore domain controllers to speed up the overall recovery and restore business operation quickly.
The process of recovering an Active Directory forest can be extremely complicated. For example, Microsoft outlines over a dozen steps just to get a domain controller up and running. These steps include quarantining domains, seizing operations master roles, metadata cleanup, DNS configuration, and resetting many Active Directory account passwords, among many others that must be performed on each domain controller in the forest. If these steps are performed incorrectly or out of order, the recovery process may need to be restarted from the beginning.
Recovery Manager facilitates this recovery process by automating the various steps thereby ensuring that they are completed correctly and in order. To employ Recovery Manager or other Active Directory recovery solutions, it is necessary to prepare a “disaster recovery plan” which defines the steps that the recovery solution should perform. Creating this disaster recovery plan can be a difficult process. Also, once the disaster recovery plan is created, it can be difficult to know whether it will be effective once recovery is necessary.
To address the concern of not knowing whether a disaster recovery plan will be effective, Dell has developed a tool, known as Active Directory Virtual Lab, which can be employed to create a virtual test environment in which the disaster recovery plan can be tested. The virtual test environment can be created from an entity's Active Directory forest by configuring virtual machines to emulate the forest or a portion of the forest. For example, a virtual machine could be created in the virtual test environment for each physical or virtual domain controller or standalone server in the forest. These virtual machines can be configured with the same settings as the corresponding domain controller or standalone server such as by specifying general settings (e.g., host name and access credentials), hardware settings (e.g., number of processors, the amount of memory, network settings (including those to isolate the virtual test environment from the source environment), and disk volumes), Active Directory settings (e.g., which FSMO roles the virtual machine will perform and whether the virtual machine will act as a Global Catalog server), etc. These settings could be automatically identified from the source forest and/or could be manually specified by the administrator.
To create these virtual machines, the recovery solution typically employs third-party virtualization software such as Microsoft System Center Virtual Machine Manager (SCVMM), VMware ESX, or VMware vCenter. FIG. 1 illustrates an example of this type of environment. As shown, the recovery solution can employ third-party virtualization software to create a virtual test environment based on a source environment. Because third-party virtualization software is employed, the recovery solution is limited to using the native tools of the third-party virtualization software to create and manage the virtual machines. As such, the recovery solution will be limited in how it can configure the virtual machines.
In some situations, the recovery solution may be able to configure a virtual machine using a batch file. The batch file could include instructions which when executed on the virtual machine will configure many of the various settings mentioned above. In these cases, the recovery solution can employ the native tools (or APIs) of the third-party virtualization software to transfer the batch file to the virtual machine and then invoke it.
In other situations, however, the recovery solution may not be able to employ a batch file. For example, because the domain controllers that are created in the virtual test environment will be exact copies of the domain controllers in the source environment, the target domain controller will include all software that was installed on the corresponding source domain controller. If the source domain controller includes security software (e.g., anti-virus software), the security software, which will also be installed on the target domain controller, may prevent the execution of batch files. If batch file execution is not available, the third-party virtualization software may not provide another viable option for configuring the target domain controller.