Make sure you have backups, and then make sure that they can restore properly. Especially when learning the ropes, there is nothing worse than the feeling of dread when you make a mistake and then have to figure out when your last usable backup is, and then figuring out how to restore it. Veeam is a good option as it is very flexible, it is also free to use the Community Edition and allows for image, VM, file, etc backups.
We actually have Veeam! We've only got the one VMWare AD server, but we have Veeam making regular automatic backups of the whole thing. Hoping to get a second server for redundancy soon.
Backups are always good but domain controllers have special considerations. Just keep in mind that once you have more than one domain controller, you should really never do a restore of an individual domain controller. Especially when they are virtual and so easily replaced, it's not worth the problems it will cause. Domain Controllers keep track of sync updates between themselves and if you restore one, it will know it can't get back in sync and best case it shuts off its ability to do anything with AD (users can't log in against it, etc), worst case it overwrites recent changes with it's outdated info and things start breaking across your environment. If something breaks on one DC, just leave it broke and shut it down, stand up a new vm and add it as a new domain controller to the domain, then just delete the broken VM. You'd then do a manual cleanup of AD to remove the references to the broken DC, you can find the proper steps to do so on the internet.
If you have a really severe issue with AD that really does need restoration (and I've never run across such a situation that would truly warrant this), kill all your domain controllers but one and only restore that one, preferably your FSMO Master Role holder. Then set up new domain controllers to replace all the other ones. That way you have a single copy of the "truth" of your AD post restoration that gets replicated to all the new DC's without issue.
SiliconStew on
Just remember that half the people you meet are below average intelligence.
Enable Active Directory Recycle Bin if you haven't done so already and create a test-account and delete and restore it, so you have done it before you ever need to do it during production time.
Steam/Origin: davydizzy
+5
Options
lwt1973King of ThievesSyndicationRegistered Userregular
Quick question, what's the best and easy PDF software that you use? We need something to just add a couple of things to PDF's per day so it doesn't have to have all the bells and whistles.
"He's sulking in his tent like Achilles! It's the Iliad?...from Homer?! READ A BOOK!!" -Handy
Quick question, what's the best and easy PDF software that you use? We need something to just add a couple of things to PDF's per day so it doesn't have to have all the bells and whistles.
They all suck for different flavors of suckitude. Foxit and Nitro don't suck too horribly much, usually.
Feral on
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
I'm in a slow argument with one of our web hosting companies where one of their techs included this line, trying to justify why they don't have load balancers in their infrastructure:
Our engineering team used to run load balancers, but they turned out to be clunky and failure-prone.
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
I'm in a slow argument with one of our web hosting companies where one of their techs included this line, trying to justify why they don't have load balancers in their infrastructure:
Our engineering team used to run load balancers, but they turned out to be clunky and failure-prone.
Sounds like you need to be in a fast argument about switching web hosting companies.
Just remember that half the people you meet are below average intelligence.
I'm in a slow argument with one of our web hosting companies where one of their techs included this line, trying to justify why they don't have load balancers in their infrastructure:
Our engineering team used to run load balancers, but they turned out to be clunky and failure-prone.
Sounds like you need to be in a fast argument about switching web hosting companies.
This is the new hosting company that we just switched (one particular service) over to.
Their argument is "we put everything on AWS so we don't need load balancers"
Feral on
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
I'm in a slow argument with one of our web hosting companies where one of their techs included this line, trying to justify why they don't have load balancers in their infrastructure:
Our engineering team used to run load balancers, but they turned out to be clunky and failure-prone.
Sounds like you need to be in a fast argument about switching web hosting companies.
This is the new hosting company that we just switched (one particular service) over to.
Their argument is "we put everything on AWS so we don't need load balancers"
Let me guess, their stuff is stood up on EC2 instances in AWS just like they were on-prem...
0
Options
That_GuyI don't wanna be that guyRegistered Userregular
Quick question, what's the best and easy PDF software that you use? We need something to just add a couple of things to PDF's per day so it doesn't have to have all the bells and whistles.
Several of my clients use Bluebeam but it's still not as good as Adobe Acrobat.
I'm in a slow argument with one of our web hosting companies where one of their techs included this line, trying to justify why they don't have load balancers in their infrastructure:
Our engineering team used to run load balancers, but they turned out to be clunky and failure-prone.
Sounds like you need to be in a fast argument about switching web hosting companies.
This is the new hosting company that we just switched (one particular service) over to.
Their argument is "we put everything on AWS so we don't need load balancers"
Let me guess, their stuff is stood up on EC2 instances in AWS just like they were on-prem...
That's how it looks.
The initial problem that led us down this rabbit hole is that we have certain other vendors who need us to give them the static IPs assigned to this particular service, and this hosting company refuses to do that because "compute nodes have dynamic IPs"
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
I'm in a slow argument with one of our web hosting companies where one of their techs included this line, trying to justify why they don't have load balancers in their infrastructure:
Our engineering team used to run load balancers, but they turned out to be clunky and failure-prone.
Sounds like you need to be in a fast argument about switching web hosting companies.
This is the new hosting company that we just switched (one particular service) over to.
Their argument is "we put everything on AWS so we don't need load balancers"
Ah, of course! Those jokers at Amazon put Elastic Load Balancers, Application Load Balancers, and Network Load Balancers in the AWS menus just to trick people. But they won't fall for that ruse!
Just remember that half the people you meet are below average intelligence.
Quick question, what's the best and easy PDF software that you use? We need something to just add a couple of things to PDF's per day so it doesn't have to have all the bells and whistles.
Several of my clients use Bluebeam but it's still not as good as Adobe Acrobat.
Quick question, what's the best and easy PDF software that you use? We need something to just add a couple of things to PDF's per day so it doesn't have to have all the bells and whistles.
Several of my clients use Bluebeam but it's still not as good as Adobe Acrobat.
Nitro is better than acrobat pro.
We've been pushing Kofax PowerPDF, I find it runs better than the other alternatives.
Because if you're going to attempt to squeeze that big black monster into your slot you will need to be able to take at least 12 inches or else you're going to have a bad time...
Currently on "ass slightly warm but not quite on fire" over this one
Fun times
Yeah, we've got a LoB application that uses Kinesis that we can't get data to or from right now. At least it's a slow time of the year for that business unit so for us the impact is about as low as it could be for that level of outage.
Just remember that half the people you meet are below average intelligence.
If you have AD FS (and a recent version of it), you can configure extranet smart lockout which helps a bit to narrow down where the lockouts are coming from, but otherwise it's mostly Event Comb.
If you have AD FS (and a recent version of it), you can configure extranet smart lockout which helps a bit to narrow down where the lockouts are coming from, but otherwise it's mostly Event Comb.
ADFS 4 (2016) or higher.
You'd still see the correct caller computer name if it was from ADFS though.
An advanced persistent threat (state-level actor backed by Russia, most likely) infiltrated Solarwinds's digital supply chain and injected a trojan into Solarwinds patches. If you've downloaded or updated anything from Solarwinds for the Orion framework (such as, but not limited to, Network Performance Monitor) in 2020 you might be affected.
SolarWinds has just been made aware our systems experienced a highly sophisticated, manual supply chain attack on SolarWinds® Orion® Platform software builds for versions 2019.4 HF 5 and 2020.2 with no hotfix or 2020.2 HF 1. We have been advised this attack was likely conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed attack, as opposed to a broad, system-wide attack. We recommend taking the following steps related to your use of the SolarWinds Orion Platform.
Also, let me point out that Solarwinds stock is only down 17% after a day trading on this news.
What in the actual fuck. Maybe they're assuming the money the company gets from overtime from Solarwinds professional services to mitigate their own vulnerability will make it better?
Is this a good strategy? Unleash a devastating vuln on your customers and then make bank having them pay you to fix it?
Also, let me point out that Solarwinds stock is only down 17% after a day trading on this news.
What in the actual fuck. Maybe they're assuming the money the company gets from overtime from Solarwinds professional services to mitigate their own vulnerability will make it better?
Is this a good strategy? Unleash a devastating vuln on your customers and then make bank having them pay you to fix it?
There's no sign Solarwinds is doing this. They've already filed SEC filings about how bad this is, and there's no signs they are gonna try to make money off this.
Edit: I should note I'm a Solarwinds Fanboy and I don't want them getting too hurt.. but hopefully this makes them a better company because more and more legit complaints are coming out about how they are handling this.
That_GuyI don't wanna be that guyRegistered Userregular
edited December 2020
Y'all got any suggestions for a SATA RAID card that supports 16tb drives? The built in VROC raid controller in this T40 server I have won't work with 16tb drives. I just need a RAID1 on these 2 drives for a backup appliance. I was doing some research and the card needs LBA48 to support the drives I intend to use.
Also, let me point out that Solarwinds stock is only down 17% after a day trading on this news.
What in the actual fuck. Maybe they're assuming the money the company gets from overtime from Solarwinds professional services to mitigate their own vulnerability will make it better?
Is this a good strategy? Unleash a devastating vuln on your customers and then make bank having them pay you to fix it?
There's no sign Solarwinds is doing this. They've already filed SEC filings about how bad this is, and there's no signs they are gonna try to make money off this.
Edit: I should note I'm a Solarwinds Fanboy and I don't want them getting too hurt.. but hopefully this makes them a better company because more and more legit complaints are coming out about how they are handling this.
Also, let me point out that Solarwinds stock is only down 17% after a day trading on this news.
What in the actual fuck. Maybe they're assuming the money the company gets from overtime from Solarwinds professional services to mitigate their own vulnerability will make it better?
Is this a good strategy? Unleash a devastating vuln on your customers and then make bank having them pay you to fix it?
There's no sign Solarwinds is doing this. They've already filed SEC filings about how bad this is, and there's no signs they are gonna try to make money off this.
Edit: I should note I'm a Solarwinds Fanboy and I don't want them getting too hurt.. but hopefully this makes them a better company because more and more legit complaints are coming out about how they are handling this.
Athenor
good lord, why?
Stockholm syndrome? We used to run SCOM, but it was horrible and bloated. And while Solarwinds is also bloated, at least we got to make it from the ground up and tune it to what we needed. It's been great actually having visibility into our systems.
Posts
Backups are always good but domain controllers have special considerations. Just keep in mind that once you have more than one domain controller, you should really never do a restore of an individual domain controller. Especially when they are virtual and so easily replaced, it's not worth the problems it will cause. Domain Controllers keep track of sync updates between themselves and if you restore one, it will know it can't get back in sync and best case it shuts off its ability to do anything with AD (users can't log in against it, etc), worst case it overwrites recent changes with it's outdated info and things start breaking across your environment. If something breaks on one DC, just leave it broke and shut it down, stand up a new vm and add it as a new domain controller to the domain, then just delete the broken VM. You'd then do a manual cleanup of AD to remove the references to the broken DC, you can find the proper steps to do so on the internet.
If you have a really severe issue with AD that really does need restoration (and I've never run across such a situation that would truly warrant this), kill all your domain controllers but one and only restore that one, preferably your FSMO Master Role holder. Then set up new domain controllers to replace all the other ones. That way you have a single copy of the "truth" of your AD post restoration that gets replicated to all the new DC's without issue.
They all suck for different flavors of suckitude. Foxit and Nitro don't suck too horribly much, usually.
the "no true scotch man" fallacy.
the "no true scotch man" fallacy.
Sounds like you need to be in a fast argument about switching web hosting companies.
This is the new hosting company that we just switched (one particular service) over to.
Their argument is "we put everything on AWS so we don't need load balancers"
the "no true scotch man" fallacy.
Let me guess, their stuff is stood up on EC2 instances in AWS just like they were on-prem...
Several of my clients use Bluebeam but it's still not as good as Adobe Acrobat.
That's how it looks.
The initial problem that led us down this rabbit hole is that we have certain other vendors who need us to give them the static IPs assigned to this particular service, and this hosting company refuses to do that because "compute nodes have dynamic IPs"
the "no true scotch man" fallacy.
the "no true scotch man" fallacy.
Ah, of course! Those jokers at Amazon put Elastic Load Balancers, Application Load Balancers, and Network Load Balancers in the AWS menus just to trick people. But they won't fall for that ruse!
Nitro is better than acrobat pro.
We've been pushing Kofax PowerPDF, I find it runs better than the other alternatives.
Fun times
Yeah, we've got a LoB application that uses Kinesis that we can't get data to or from right now. At least it's a slow time of the year for that business unit so for us the impact is about as low as it could be for that level of outage.
"It won't increase my bonus, and it literally costs nothing to make you work 20 hour days for a month to fix any problems."
the "no true scotch man" fallacy.
If you know where it’s coming from but not why... I do not.
ADFS 4 (2016) or higher.
You'd still see the correct caller computer name if it was from ADFS though.
An advanced persistent threat (state-level actor backed by Russia, most likely) infiltrated Solarwinds's digital supply chain and injected a trojan into Solarwinds patches. If you've downloaded or updated anything from Solarwinds for the Orion framework (such as, but not limited to, Network Performance Monitor) in 2020 you might be affected.
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
https://www.solarwinds.com/securityadvisory
the "no true scotch man" fallacy.
Assume advanced persistent threat on anything managed by solarwinds and assume compromise of all accounts due to kerberoasting.
Basically, if you used Solarwinds you need to reimage and rebuild everything you own.
XBL:Phenyhelm - 3DS:Phenyhelm
*pours one out for other security folk*
I'm sure it has other problems though
Oh man I hope shit is hitting the fan.
What in the actual fuck. Maybe they're assuming the money the company gets from overtime from Solarwinds professional services to mitigate their own vulnerability will make it better?
Is this a good strategy? Unleash a devastating vuln on your customers and then make bank having them pay you to fix it?
There's no sign Solarwinds is doing this. They've already filed SEC filings about how bad this is, and there's no signs they are gonna try to make money off this.
Edit: I should note I'm a Solarwinds Fanboy and I don't want them getting too hurt.. but hopefully this makes them a better company because more and more legit complaints are coming out about how they are handling this.
After doing a bunch of research, I think I'm going to give this one a try.
https://www.amazon.com/High-Point-RocketRAID-640L-PCI-Express/dp/B0034CQR4O
@Athenor
good lord, why?
the "no true scotch man" fallacy.
Stockholm syndrome? We used to run SCOM, but it was horrible and bloated. And while Solarwinds is also bloated, at least we got to make it from the ground up and tune it to what we needed. It's been great actually having visibility into our systems.