Active Directory Backup and Restoration – Windows Server 2008

Published on February 2017 | Categories: Documents | Downloads: 23 | Comments: 0 | Views: 143
of 4
Download PDF   Embed   Report

Comments

Content

1/19/13

Technet Bookmarks » Active Directory Backup and Restoration – Windows Server 2008

Technet Bookmarks
Home

« VMware DRS – Introduction Windows Server 2008 Interview Questions »

Active Directory Backup and Restoration – Windows Server 2008
Windows Server 2008 Backup tools

How do you backup AD?

Active Directory is backed up as part of system state, a collection of system components that depend on each other. You must back up and restore system state components together. Components that comprise the system state on a domain controller include:
www.technetbookmarks.com/62-active-directory-backup-and-restoration-windows-server-2008.shtml 1/4

1/19/13

Technet Bookmarks » Active Directory Backup and Restoration – Windows Server 2008

System Start-up Files (boot files). These are the files required for Windows 2000 Server to start. System registry. Class registration database of Component Services. The Component Object Model (COM) is a binary standard for writing component software in a distributed systems environment. SYSVOL. The system volume provides a default Active Directory location for files that must be shared for common access throughout a domain. The SYSVOL folder on a domain controller contains: NETLOGON shared folders. These usually host user logon scripts and Group Policy objects (GPOs) for non-Windows 2000based network clients. User logon scripts for Windows 2000 Professional based clients and clients that are running Windows 95, Windows 98, or Windows NT 4.0. Windows 2000 GPOs. File system junctions. File Replication service (FRS) staging directories and files that are required to be available and synchronized between domain controllers. Active Directory. Active Directory includes: Ntds.dit: The Active Directory database. Edb.chk: The checkpoint file. Edb*.log: The transaction logs, each 10 megabytes (MB) in size. Res1.log and Res2.log: Reserved transaction logs. Note: If you use Active Directory-integrated DNS, then the zone data is backed up as part of the Active Directory database. If you do not use Active Directory-integrated DNS, you must explicitly back up the zone files. However, if you back up the system disk along with the system state, zone data is backed up as part of the system disk.If you installed Windows Clustering or Certificate Services on your domain controller, they are also backed up as part of system state.
Difference between Authoritative Vs non-authoritative restore.

The term “authoritative” is used to describe a restore in which the domain controller being restored has the master, or authoritative, copy of Active Directory. A non-authoritative restore is a domain controller being restored that does not have an authoritative copy of Active Directory. When a domain controller is started, replication occurs during the boot phase, and Active Directory is synchronized. Whether the restore is authoritative or non-authoritative then specifies the direction of replication. An authoritative restore pushes Active Directory out to other domain controllers, and a non-authoritative restore synchronizes changes to the domain controller being booted. NOTE Domain controllers use Universal Sequence Numbers (USNs) to keep track of Active Directory data and to determine if an update is available. Each domain controller keeps its own USN, and checks its USN with the USN of other domain controllers on a regular basis. If the USN of the other domain controller is higher, that indicates an update is available, and replication is started. If the USN of the other domain controller is the same or lower, replication is not started. Using USNs is a more accurate method than using time stamps. To explain further, let’s suppose that a domain controller fails due to hardware failure. It takes several days to obtain a replacement part for the machine and to repair the domain controller. During this time, other domain controllers have continued to function normally, and various changes in the network and Active Directory have taken place. When the failed domain controller is started for the first time after completing the recovery process, replication occurs and the changes in Active Directory are replicated to the previously failed computer. The domain controller is brought up to date with the rest of the network. This is a non-authoritative restore. Now let’s suppose that the failure you suffered was due to human error, and an administrator deletes significant portions of Active Directory. If you follow the normal procedure of restoring Active Directory from yesterday’s backup and rebooting the server, replication will occur, and all the changes and deletions made by the administrator will be replicated back to the domain controller. Performing a normal restore would not bring back the deleted objects. To recover your lost users and OUs, you must perform an authoritative restore and specify the objects that you want to replicate to the rest of the network.

How to run a non-authoritative restore:

www.technetbookmarks.com/62-active-directory-backup-and-restoration-windows-server-2008.shtml

2/4

1/19/13

Technet Bookmarks » Active Directory Backup and Restoration – Windows Server 2008

just go to Windows server backup and click recover. Use the most recent backup file set that was created before the deletion. This restore is useful in a scenario let’s say a disk failed and once we restore the entire backup after new disk replacement, the entire AD database will be replicated with other domain partners. If there was an accidently user or OU deleted, go ahead with Authoritative restore. The reason is if you do a normal restore, the USN of an object will increase by 10,000 and other domain controllers will treat this server as updated server and this information will be replicated to all domain controllers.
How to run authoritative restore:
Let’ s assume, an OU was deleted from AD database. P erform the below steps to recover the OU. You must have a system state backup before performing below steps.

1. Restart the DC into directory services recovery mode (Hit F8)

2. Login with ./administrator and the domain recovery mode password you set up while running Dcpromo

3. Type wbadmin get versions from a command prompt

4. This will find out all backups available and Figure out which version you want to restore

5. Type wbadmin start systemrecovery -version:ID – backuptarget:backuplocation

In the above command, since backup is stored locally on disk, we haven’t specified the network location but if the backup is on a SAN or on another server, we need to specify UNC in backuptarget switch. 6. After the restore, type ntdsutil activate instance NTDS 7. Type authoritative restore to get into the right NTDSUTIL context

8. Type restore object “distinguishedName” for a single account or restore subtree “distinguishedName” if you are restoring an entire OU.

www.technetbookmarks.com/62-active-directory-backup-and-restoration-windows-server-2008.shtml

3/4

1/19/13

Technet Bookmarks » Active Directory Backup and Restoration – Windows Server 2008

9. Reboot normally

One Response to “ Active Directory Backup and Restoration – Windows Server 2008 ”
metal stamping jewelry says: October 9, 2012 at 3:22 pm This is great content. You’ve loaded this with useful, informative content that any reader can understand. I enjoy reading articles that are so very well-written. “The error code is 29506” Installing Windows Server 2008 R2 Step by Step Silverlight ListBox, PRISM, MVVM, SelectedItem and MVVM Light How to Configure iLO on your HP Proliant Server Kolam Masks I High Quality Free TV Dialog Against The SpiderMan – Part II Sony Ericsson W910i review PROCESSOR / CPU (Central Processing Unit) Managing Active Directory FSMO Roles Ports, Cables & Connectors Kolam Masks II Army Bus Attacked Apple event: Coverage of the iPad 3 annoucement

site links
Make sure you visit Market Reach for all your direct mail marketing For more information on Multimode Fibre Optic Cable from Mainframe Communications Technet Bookmarks

www.technetbookmarks.com/62-active-directory-backup-and-restoration-windows-server-2008.shtml

4/4

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close