Zoho Banner September 2011

Archive for January, 2011

 

On and off over the past couple of days I’ve been trialling one of Quest’s cloud services – OnDemand Recovery for AD.  The other service that Quest currently offers in the Microsoft space is Log Management, which allows the collection, storage and forensic analysis of Windows Event Log data. 

For those of you familiar with Quest’s Recovery Manager for AD, the OnDemand version has similarities, but quite a few differences too.  You can find a useful table comparing the feature sets of the two products here.

The basic concept behind OnDemand Recovery for AD is that by subscribing to a cloud service to support the recovery of AD objects you avoid having to deploy and manage infrastructure components within your environment.  At USD0.60 per user per month the service is likely to attract SMB customers, but is unlikely to tempt large enterprises that typically have existing, comprehensive backup and recovery solutions.

The first thing that popped into my head when I looked at the feature set was why anyone would subscribe to the service when Windows Server 2008 R2 AD includes the AD Recycle Bin (for free).  The Recycle Bin combined with the “Protection from accidental deletion” feature (introduced in Windows Server 2008 AD) can provide a reasonably comprehensive toolset for protection and deleted object recovery.  After spending some time looking at Quest’s product it struck me that OnDemand Recovery for AD has two significant advantages over the native Microsoft toolset:

  1. Ease of use.  The OnDemand web interface is very straightforward to set up and operate.  A child could do it.  The same cannot be said of the AD Recycle Bin, which requires that you know your way around Powershell AD cmdlets.
  2. Ability to restore objects to a previous state.  The AD Recycle Bin is great for restoring deleted objects, but doesn’t let you revert an existing, non-deleted object back to a previous state.  For example, let’s say you run a script that accidentally changes the telephoneNumber attribute of 5000 users to “911”.  In this scenario you can’t use the AD Recycle Bin to change the numbers back because the objects have been modified, not deleted.  You would typically need to go through the process of an authoritative restore of those objects from backup – a time consuming task that carries an element of risk.  With OnDemand Recovery for AD you could have those 5000 user objects reverted to their previous state within a couple of minutes.  I have included screenshots below to illustrate just how simple this is.

From your OnDemand Recovery for AD home page select “Restore”

rmadod0a

Choose the backup that contains the content that you would like to revert to.

rmadod1

The OnDemand software then compares the current state of AD objects with those in the backup set and then displays any differences.

rmadod2

In this example, two objects with differences are detected.  One is a modification (update) and the other is a deletion.  In this example, I selected the modified object (Autumn Metzler).

rmadod3a

After clicking Finish you see the restore operation in progress.

rmadod4

And that’s it! Ok, in this example I only worked with one object, but the principle is the same for multiple objects and the OnDemand product allows you to multi-select objects that you want to restore.

On balance I think Quest’s OnDemand Recovery for AD service is going to be a good choice for SMBs that are looking for a simple and easy-to-use product for quick AD object recovery.

I’ve only scratched the surface of the product’s capabilities here.  If you want to learn more I recommend giving the product a trial (very simple to setup) and perusing the following document:

Protect Your Data with Quest OnDemand Recovery for Active Directory

A couple of weeks ago I blogged about using Quest’s ActiveRoles Quick Connect Express for Exchange 2010 Global Address List synchronisation (GAL Sync).  Since then I’ve written a step-by-step guide which will hopefully help others who want to use this very useful freeware utility.  You can download the guide (pdf format) here:

GAL Sync with ActiveRoles Quick Connect Express – Step-by-Step Guide v1

I have also updated the Powershell script that exposes the provisioned Contact objects in the target GAL.  You can download the script here:

ConfigureContacts.ps1

If you have any feedback on the guide please post a comment here or contact me directly (tony@activedir.org)

10 years ago today I started ActiveDir.org and the AD discussions mailing list is still going strong!  Thanks to everyone who has made it a success over the years and especially to Martin Tuip who helped me get set up and Matty Holland who does all the development work.

It makes me feel quite old!