Chapter 13. Protecting AD data
The data in your Active Directory is precious. If anything happens to it, your users won’t be able to log on and perform their work. The organization is in trouble at that point. This chapter shows you how to protect AD data, which, in turn, protects the organization and ultimately protects your job!
Warning
No single scheme of protection is foolproof, which is why I recommend that you implement as many different ways to protect your data as you can.
There are four techniques for protecting your AD data that you’ll meet in this chapter. You start with protection from accidental deletion. This technique protects you as an administrator, as well as the data, because it removes the ability to delete objects such as user accounts. It takes away those “oops” moments when you realize you’ve deleted the wrong account. This protection is a security setting on an object so it can be easily removed when you need to move or delete the object.
Second, snapshots provide a point-in-time copy of the data in your Active Directory. You can take snapshots on a periodic basis and compare the current live object, such as a user account, with a previous version. This provides a method to investigate changes and have the information available so that a change can be reversed if needed.