1. Field of the Invention
Embodiments of the invention relate to disaster recovery of directory services and, in particular, to systems and methods for providing a full forest recovery of an Active Directory® forest.
2. Description of the Related Art
With today's increasing reliance on technology, it is crucial for a modern business to maintain the availability of its network computer environment. Unplanned downtime caused by a disastrous event can severely disrupt the operation of, and be extremely costly to, a business. Such is especially true when dealing with disasters relating to directory services that manage information regarding various network resources and settings across a domain.
Disaster recovery, which remains a major challenge in the software industry, can address a wide variety of directory service malfunctions. For instance, disasters related to Microsoft's Active Directory® (AD), a distributed directory service system, can be grouped into three general categories: physical disasters, granular disasters and corruption of the entire AD database.
Physical disasters generally involve the physical failure of one or more domain controllers in the AD system. Most of the AD service, however, remains operational. Granular disasters occur when some data within an AD database is deleted or inadvertently modified. Such granular disasters can occur frequently and be caused by, for example, human error (e.g., an administrator accidentally deleting a number of user objects), malicious activity, viruses and/or software failures. Granular disasters can often be remedied in a matter of minutes after the problem has been detected, thereby limiting business losses.
On the other hand, there is the possibility for a much greater logical disaster (or corruption) that can result in the entire AD forest becoming non-functional. Such forest-wide disasters necessitate recovery of the entire AD forest and often result in considerable user and system downtime and potentially very high business losses.
For example, one current solution to forest-wide disaster recovery in AD involves a manual, time-intensive process that requires restoration of a single domain controller from backup. The solution further involves physical isolation of each domain controller from others in the forest in order to rebuild the corrected forest environment one stage at a time. Such isolation, however, can present a considerable problem because it involves physical access to each domain controller, which is not always possible. This solution also requires numerous manual steps repeated on each domain controller in the forest and results in a relatively slow and tedious recovery, which is prone to human error. Moreover, the physical isolation of domain controllers results in the domain controllers being offline (e.g., disconnected from the network) during the recovery process.