Forest Recovery: Create, configure, verify and run forest recovery plan

Content: 

Summary

This article describes how to create, verify, and run Active Directory forest Recovery plans using Cayosoft Guardian.  

Forest recovery plans enable organizations to design, validate, and regularly test the entire forest recovery process. These plans involve recovering a set of selected domain controllers to a pre-configured recovery site using previously created domain controller backups. Pre-recovery validation ensures the consistency of the recovery plan and the readiness of target machines in the recovery site. The recovery process itself is fully automated, providing a seamless and efficient operation.

Every Active Directory organization should develop a comprehensive recovery plan to address potential outages. Regular testing of these plans is essential to ensure preparedness. Cayosoft Guardian automates the most critical tasks associated with Active Directory forest recovery, simplifying the process and enhancing reliability.

Cayosoft Guardian has the following options:

• Automated Recovery: Cayosoft Guardian automates the forest recovery process, restoring your forest to its state at a selected time. Any modifications to the Active Directory database made after the selected time will be lost.
• Isolated Recovery Site: In the event of a forest-wide failure, diagnosing the cause can take significant time. Learn more about forest-wide failure symptoms in the following article: Detect symptoms of forest-wide failure. Cayosoft Guardian allows you to recover the forest to an isolated recovery site, ensuring that recovery operations do not affect the production environment. This enables immediate execution of the recovery plan without waiting for problem diagnosis. 

Preparing a Recovery Site

A recovery site must be prepared in advance to verify the forest recovery plan or to execute it during an actual recovery event.

Components of a Recovery Site

A well-prepared recovery site includes:

• Virtual Machines: These will be used for recovering the domain controllers.
• Storage with Backups: Ensure that backups of the domain controllers are stored and readily accessible.
• Cayosoft Guardian Installation: Install Cayosoft Guardian to manage the recovery process.
• Network Infrastructure: Set up the necessary network infrastructure to support the recovery operations.

Manually creating recovery sites can be time-consuming. It is strongly recommended to have at least one verified recovery site ready for immediate use. This ensures that, in the event of a failure, the recovery process can be initiated without delay, significantly reducing downtime and ensuring business continuity.

Learn more about how to prepare a recovery site manually in the following article: Prepare recovery site manually.

Learn more about how to automate the creation of the recovery site in Azure in the following article: Forest Recovery: Create a cloud recovery site to use in the Forest Recovery plan.

Create a forest recovery plan 

Before creating a forest recovery plan make sure that you added all Backup locations containing backups of the domain controllers to be recovered. You might check that you have all the necessary backups registered in the DC Backups node. 

Learn more about how to add backup locations in the following article: Forest Recovery: Add backup locations.

To create a recovery plan: 

1. Open Cayosoft Guardian web portal.
2. Expand the Forest Recovery node.
3. Select the Recovery Plans node.
4. Click Add button. 
5. Select Forest recovery plan option. This is a comprehensive strategy designed to restore the entire Active Directory forest to a functional state after a catastrophic failure. This plan involves recovering all domain controllers across the forest, ensuring that all domains and their respective objects are restored. The process is fully automated, including pre-recovery validation and execution, minimizing manual intervention and ensuring consistency and reliability.
6. 
7. Select Active Directory forest to be recovered.
8. Enabling the Recover One Domain Controller per Domain option in a recovery plan ensures that only one domain controller per domain is initially recovered, which is recommended for speeding up the recovery process. This approach minimizes resource usage and complexity, allowing a quick return to operational status. Additional domain controllers can be manually promoted once the initial recovery is successful. Disabling this option allows the recovery plan to include one domain controller per domain to be recovered from a backup, with other domain controllers automatically repromoted, providing a more comprehensive and automated recovery solution.
9. Select a recovery date using Recover to this point in time.
10. After confirmation, Cayosoft Guardian will discover the latest backups created before the selected date on the connected Backup Locations and automatically assign these backups to each domain controller to be recovered.

Configure a forest recovery plan

The recovery plan consists of a list of domain controllers, domain controllers recovery settings, actions settings, and general plan settings. The values of some settings are populated from the backup automatically.

With deploying a recovery site in in CLOUD (Azure or AWS), Cayosoft Guardian automatically populates or modifies settings such as IP addresses, DNS-related settings, new DSRM passwords, credentials to access virtual machines in the cloud, and other settings that are required for successful recovery. Learn more in the following article: Forest Recovery: Create a Cloud Recovery Site to use in the Forest Recovery plan. 

With a recovery site created manually, some settings must be specified before launching the verification process or the forest recovery process such as credentials to connect to machines in the recovery site. You also might need to change other settings that are required for successful verification or recovery. Learn more in the following article: Prepare recovery site manually.

Learn more about recovery plan settings in the following article: Manage forest recovery plan settings.

Verify a forest recovery plan

With the verification process, Cayosoft Guardian checks the recovery plan settings and settings of each domain controller to be recovered. Learn more in the following article: Manage forest recovery plan settings. In case any issue is encountered an error or warning message will be shown on the plan itself or the domain controller properties page. Some of the verification checks are performed on the target machine in the recovery site. 

Before running verification in the environment recovery site must be ready. Cayosoft Guardian can recover your forest to manually created recovery sites or it can create an Azure Recovery site automatically. Learn more in: Forest Recovery: Create a cloud recovery site to use in the Forest Recovery plan.​

To verify the recovery plan:  

1. Open the Cayosoft Guardian web portal.
2. Expand the Forest Recovery node.
3. Select the Recovery Plans node.
4. Select your recovery plan and click Properties.
5. To start verification open a recovery plan and press Deploy recovery site or Verify.
   
6. Once the verification process starts Cayosoft Guardian opens execution history.  
7. Once verification is complete check the results in the Execution History of a plan. Also on the Domain Controllers tab, the status of each domain controller settings verification is displayed with an icon. If verification fails for a specific DC, on the DC properties page a message is displayed.   

After the Verify button is pressed an execution history record appears where you can observe execution steps, the current state, and the duration of each step. Each step produces detailed messages during the execution. These messages can be accessed with a click on the execution step. The Errors and warnings tab in the execution history record allows reviewing important issues related to this run.

To find verification history records related to specific Recovery Plans:

1. Open the Cayosoft Guardian web portal.
2. Expand the Forest Recovery node.
3. Select the Recovery Plans node.
4. Select your recovery plan and press Properties.
5. On the backup plan properties page switch to an Execution History tab.
6. Find a verification history record, select, and click Properties.
7. See execution details on the Execution and the Errors and warnings tabs:
   

Run a forest recovery plan 

You can run a recovery plan as soon as verification is complete successfully. With Cayosoft Guardian Forest recovery plan is fully automated. Do not perform any manual actions on target machines, storage, or Guardian Server during the recovery process. In case the forest recovery plan fails with an error, to retry recovery target environment must be reset to its original state before recovery.    

To run a forest recovery plan: 

1. Open the Cayosoft Guardian web portal.
2. Expand the Forest Recovery node.
3. Select the Recovery Plans node.
4. Open a recovery plan and press Run.
   
5. Once the recovery process starts Cayosoft Guardian opens execution history. 
6. Wait until recovery is complete.    

After the Run button is pressed an execution history record appears where you can observe execution steps, the current state, and the duration of each step. Each step produces detailed messages during the execution. These messages can be accessed with a click on the execution step. The Errors and warnings tab in the execution history record allows reviewing important issues related to this run.

Review a forest recovery plan execution results

To review a forest recovery plan execution results:

1. Open the Cayosoft Guardian web portal.
2. Expand the Forest Recovery node.
3. Select the Recovery Plans node.
4. Select your recovery plan and click Properties.
5. On the backup plan properties page switch to an Execution History tab.
6. Find an execution history record, and click Properties. 
7. See execution details on the Execution and the Errors and warnings tabs.