{"id":910,"date":"2025-01-24T09:30:18","date_gmt":"2025-01-24T09:30:18","guid":{"rendered":"https:\/\/virtualall.sk\/?p=910"},"modified":"2026-01-11T08:45:43","modified_gmt":"2026-01-11T08:45:43","slug":"ako-a-preco-zalohovat-active-directory","status":"publish","type":"post","link":"https:\/\/virtualall.sk\/en\/2025\/01\/ako-a-preco-zalohovat-active-directory\/","title":{"rendered":"Ako a pre\u010do z\u00e1lohova\u0165 Active DirectoryHow and Why to Backup Active Directory"},"content":{"rendered":"
\nTL;DR – R\u00fdchle zhrnutie:<\/strong> Z\u00e1lohovanie Active Directory je kritick\u00e9 pre ochranu IT infra\u0161trukt\u00fary. Veeam umo\u017e\u0148uje z\u00e1lohu AD datab\u00e1zy (NTDS.dit) s granul\u00e1rnou obnovou objektov. Pravidlo 3-2-1, immutable storage a \u0161ifrovanie z\u00e1loh pre ochranu pred ransomware.\n<\/div>\n
\nR\u00fdchle fakty o z\u00e1lohovan\u00ed Active Directory:<\/strong><\/p>\n
    \n
  • N\u00e1stroj:<\/strong> Veeam Backup & Replication<\/li>\n
  • Datab\u00e1za:<\/strong> NTDS.dit<\/li>\n
  • Obnova:<\/strong> Granul\u00e1rna (\u00fa\u010dty, skupiny, GPO)<\/li>\n
  • Pravidlo:<\/strong> 3-2-1 (3 k\u00f3pie, 2 m\u00e9di\u00e1, 1 offsite)<\/li>\n
  • Ochrana:<\/strong> Immutable storage, \u0161ifrovanie AES-256<\/li>\n
  • Testovanie:<\/strong> SureBackup<\/li>\n<\/ul>\n<\/div>\n

    Z\u00e1lohovanie Active Directory<\/strong> je jednou z najd\u00f4le\u017eitej\u0161\u00edch \u00faloh v spr\u00e1ve IT infra\u0161trukt\u00fary. AD riadi autentifik\u00e1ciu, autoriz\u00e1ciu, spr\u00e1vu pou\u017e\u00edvate\u013eov a zariaden\u00ed. Bez funk\u010dnej AD m\u00f4\u017ee cel\u00e1 sie\u0165 presta\u0165 fungova\u0165.<\/p>\n

    Pre\u010do z\u00e1lohova\u0165 Active Directory<\/h2>\n
      \n
    • V\u00fdpadky slu\u017eieb<\/strong> – bez AD pou\u017e\u00edvatelia nemaj\u00fa pr\u00edstup k zdrojom<\/li>\n
    • Strata \u00fadajov<\/strong> – po\u0161kodenie NTDS.dit datab\u00e1zy<\/li>\n
    • Zv\u00fd\u0161en\u00e1 zranite\u013enos\u0165<\/strong> – kompromit\u00e1cia AD = pr\u00edstup k celej sieti<\/li>\n<\/ul>\n

      Ransomware a Active Directory<\/h2>\n

      Kybernetick\u00e9 \u00fatoky \u010doraz \u010dastej\u0161ie cielia na AD:<\/p>\n

        \n
      • R\u00fdchla obnova po \u00fatoku<\/strong> – bez platenia v\u00fdkupn\u00e9ho<\/li>\n
      • Minimaliz\u00e1cia prestojov<\/strong><\/li>\n
      • Zachovanie d\u00e1tovej integrity<\/strong><\/li>\n<\/ul>\n

        Z\u00e1loha AD vs z\u00e1loha cel\u00e9ho VM<\/h2>\n

        Z\u00e1loha AD datab\u00e1zy prin\u00e1\u0161a v\u00fdhody:<\/p>\n

          \n
        1. Granul\u00e1rna obnova<\/strong> – jednotliv\u00e9 \u00fa\u010dty, skupiny bez obnovy VM<\/li>\n
        2. R\u00fdchlos\u0165 obnovy<\/strong> – r\u00fdchlej\u0161ia ne\u017e kompletn\u00e1 VM obnova<\/li>\n
        3. Ni\u017e\u0161ia z\u00e1\u0165a\u017e<\/strong> – menej \u00falo\u017en\u00e9ho priestoru<\/li>\n
        4. Lep\u0161ia ochrana<\/strong> – jednoduch\u0161ie obnovi\u0165 iba AD datab\u00e1zu<\/li>\n<\/ol>\n

          Odpor\u00fa\u010dania pre z\u00e1lohovanie AD<\/h2>\n

          Pravidlo 3-2-1<\/h3>\n
            \n
          • 3 k\u00f3pie<\/strong> d\u00e1t<\/li>\n
          • 2 typy m\u00e9di\u00ed<\/strong> (disk + cloud)<\/li>\n
          • 1 offsite<\/strong> k\u00f3pia<\/li>\n<\/ul>\n

            Immutable storage<\/h3>\n
              \n
            • AWS S3 Object Lock<\/li>\n
            • Veeam Hardened Repository<\/li>\n
            • WORM \u00falo\u017eisko<\/li>\n<\/ul>\n

              \u0160ifrovanie<\/h3>\n
                \n
              • AES-256 bitov\u00e9 \u0161ifrovanie<\/li>\n
              • Bezpe\u010dn\u00e9 ulo\u017eenie k\u013e\u00fa\u010dov (HSM)<\/li>\n<\/ul>\n

                Veeam funkcie pre AD<\/h2>\n
                  \n
                • Granul\u00e1rna obnova<\/strong> – \u00fa\u010dty, skupiny, GPO<\/li>\n
                • SureBackup<\/strong> – automatick\u00e9 testovanie z\u00e1loh<\/li>\n
                • Hardened Repository<\/strong> – immutable storage<\/li>\n<\/ul>\n

                  Zhrnutie<\/h2>\n

                  Z\u00e1lohovanie Active Directory<\/strong> je nevyhnutn\u00e9 pre:<\/p>\n

                    \n
                  • Ochranu pred ransomware<\/li>\n
                  • R\u00fdchlu obnovu po incidentoch<\/li>\n
                  • Granul\u00e1rnu obnovu objektov<\/li>\n
                  • Kontinuitu podnikania<\/li>\n<\/ul>\n

                    \u010casto kladen\u00e9 ot\u00e1zky (FAQ)<\/h2>\n

                    Pre\u010do je d\u00f4le\u017eit\u00e9 z\u00e1lohova\u0165 Active Directory?<\/h3>\n

                    Active Directory<\/strong> je srdcom Windows infra\u0161trukt\u00fary. Riadi autentifik\u00e1ciu v\u0161etk\u00fdch pou\u017e\u00edvate\u013eov a zariaden\u00ed. Bez funk\u010dnej AD prestane fungova\u0165 cel\u00e1 sie\u0165 – e-mail, s\u00faborov\u00e9 servery, aplik\u00e1cie.<\/p>\n

                    \u010co je NTDS.dit?<\/h3>\n

                    NTDS.dit<\/strong> je datab\u00e1zov\u00fd s\u00fabor Active Directory obsahuj\u00faci v\u0161etky objekty dom\u00e9ny – pou\u017e\u00edvate\u013eov, skupiny, po\u010d\u00edta\u010de, GPO. Nach\u00e1dza sa v C:\\Windows\\NTDS\\ na dom\u00e9nov\u00fdch kontrol\u00e9roch.<\/p>\n

                    Ak\u00fd je rozdiel medzi z\u00e1lohou AD a VM?<\/h3>\n

                    Z\u00e1loha AD datab\u00e1zy<\/strong> umo\u017e\u0148uje granul\u00e1rnu obnovu objektov a je r\u00fdchlej\u0161ia. Z\u00e1loha cel\u00e9ho VM<\/strong> je komplexnej\u0161ia, ale pomal\u0161ia na obnovu. Ide\u00e1lne je kombinova\u0165 obe met\u00f3dy.<\/p>\n

                    Ako Veeam z\u00e1lohuje Active Directory?<\/h3>\n

                    Veeam<\/strong> m\u00f4\u017ee z\u00e1lohova\u0165 AD ako s\u00fa\u010das\u0165 VM z\u00e1lohy alebo pomocou Application-Aware Processing, ktor\u00e9 zabezpe\u010d\u00ed konzistenciu AD datab\u00e1zy. Veeam Explorer for AD umo\u017e\u0148uje granul\u00e1rnu obnovu.<\/p>\n

                    \u010co je pravidlo 3-2-1 v z\u00e1lohovan\u00ed?<\/h3>\n

                    Pravidlo 3-2-1<\/strong>: 3 k\u00f3pie d\u00e1t, 2 r\u00f4zne typy m\u00e9di\u00ed (napr. disk a cloud), 1 k\u00f3pia offsite. Roz\u0161\u00edren\u00e1 verzia 3-2-1-1-0 prid\u00e1va 1 immutable k\u00f3piu a 0 ch\u00fdb pri verifik\u00e1cii.<\/p>\n

                    Ako \u010dasto z\u00e1lohova\u0165 Active Directory?<\/h3>\n

                    Odpor\u00fa\u010da sa z\u00e1lohova\u0165 AD minim\u00e1lne raz denne<\/strong>. Pri kritick\u00fdch prostrediach \u010dastej\u0161ie (ka\u017ed\u00fdch 4-6 hod\u00edn). D\u00f4le\u017eit\u00e9 je ma\u0165 z\u00e1lohy star\u0161ie ako tombstone lifetime (60-180 dn\u00ed).<\/p>\n","protected":false},"excerpt":{"rendered":"

                    Z\u00e1lohovanie Active Directory je k\u013e\u00fa\u010dov\u00e9 pre ochranu va\u0161ej infra\u0161trukt\u00fary pred kybernetick\u00fdmi hrozbami, ako je ransomware. Pou\u017eite viac\u00farov\u0148ov\u00e9 z\u00e1lohovanie na viacer\u00e9 lokality, \u0161ifrovanie z\u00e1loh a immutable storage. Automatizujte z\u00e1lohovanie, testujte obnovite\u013enos\u0165 a zabezpe\u010dte izolovan\u00e9 \u00falo\u017eisko. Tieto postupy minimalizuj\u00fa prestoje a zaru\u010duj\u00fa r\u00fdchlu obnovu, \u010d\u00edm chr\u00e1nia va\u0161e kritick\u00e9 d\u00e1ta a slu\u017eby.<\/p>\n","protected":false},"author":1,"featured_media":1017,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[84],"tags":[60,59,108],"class_list":["post-910","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-veeam-br","tag-active-directory","tag-activedirectory","tag-backup"],"_links":{"self":[{"href":"https:\/\/virtualall.sk\/en\/wp-json\/wp\/v2\/posts\/910","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/virtualall.sk\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/virtualall.sk\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/virtualall.sk\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/virtualall.sk\/en\/wp-json\/wp\/v2\/comments?post=910"}],"version-history":[{"count":4,"href":"https:\/\/virtualall.sk\/en\/wp-json\/wp\/v2\/posts\/910\/revisions"}],"predecessor-version":[{"id":1902,"href":"https:\/\/virtualall.sk\/en\/wp-json\/wp\/v2\/posts\/910\/revisions\/1902"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/virtualall.sk\/en\/wp-json\/wp\/v2\/media\/1017"}],"wp:attachment":[{"href":"https:\/\/virtualall.sk\/en\/wp-json\/wp\/v2\/media?parent=910"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/virtualall.sk\/en\/wp-json\/wp\/v2\/categories?post=910"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/virtualall.sk\/en\/wp-json\/wp\/v2\/tags?post=910"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}