One of the most time consuming, aggravating and emotionally draining issues our customers can go through is a disaster recovery issue. The general gyst of this type of thing is:
-Accidental deletion of <insert terrifyingly large number here> users, groups or other objects in AD
-Mad scramble to immediately hinder AD replication throughout the enterprise only to realize that…
-AD replication is lightning fast and the deletion has already replicated everywhere.
-Simultaneous throbbing headache along with realization that you will likely be up all night recovering these objects and verifying that they are in good state.
Not a pretty picture is it?
Longhorn has planned features to help with that. With a bold statement like that though I must give a caveat: Longhorn Server is currently beta, and beta means incomplete. Unfortunately, my statements are not law, so the end product can change before the “release to manufacturing” or final RTM version.
However, because it is beta the Microsoft Directory Services Community has a unique opportunity to provide feedback. One of our devs has an idea around the above headache-all-nighter-disaster recovery scenario depicted above. Hear me out, then weigh in by either emailing me through the blog or posting a comment on the blog. I guarantee your feedback will be heard by the AD dev team.
The first part of the above scenario is key: accidental. Unintentional mass deletion of objects from AD.
What if, when viewing the properties of an object (like a user) in Active Directory Users and Computers (DSA.MSC) you had a checkbox that would say something like “prevent accidental deletion”? Have the check there, and the object cannot be deleted. Remove the checkbox, delete away.
Having this checked on all of your users, or perhaps a critical segment of them, could certainly save someone from an “oops” moment. On the other hand, maybe it will prevent some utility you need. I don’t know…what do you think?
Does that sound useful to you? Sound out! Let us know.
One other thing. I'll my next post or posts wil be regarding some features you may see (remember it's beta) in Active Directory for Longhorn. Don't miss the posts, I promise it's really good stuff.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.