Configuring Backup and Recovery:
Putting the disk online cannot be done using the below disk part command and should be done using GUI by right click mycomputer manage only. Put the disk online and initialize it.
Disk part: List disk info like physical hard drive, external attached drives, and USB disks Clean, format (FAT/ NTFS) The commands are as follows:
`
For windows backup it needs to be installed as a feature by going to server manager. The reason why command-line tolls is checked is it allows you to access the powershell commands and WBADMIN scripts. WBADMIN is a cmd tool which has lots of flexibility and configurability to do the backups. Normally it is used for system state backup . It will not backup the entire PC hard drives like the windows backup does.
The above backup solution is not a ESM (Enterprise storage management) replacement. In other words there are big companies like EMC2 which provide gigantic robotic tape libraries and big hard drives for corporate wide solutions. We can use windows Backup for small to medium size organizations which can afford up to half a million dollars for tapes for archiving their data etc. The other scenario would be for larger organizations which has branch offices if has a 256k WAN link it will take lot of time to backup with the slow WAN links and such scenarios we can use windows backup for their local site backup. The windows backup will backup the entire drive . We cannot choose according to the file/folder basis. If you want to backup a drive C: to a destination of other drive then that destination drive is not visible in the windows explorer.
Block level Backup: The Block level backup is more efficient and faster than our old method of using archive bits. Let us see how our old conventional backup used to work. Suppose we have a paint file of 600MB if you right click properties you see a check mark for archive as shown in following figure
While taking a backup the backup product will look at that check mark on the file and thinks ok this file needs to be backed up . After backup the check mark is cleared. So after clearing the check mark next time when the backup is scheduled again the backup product will think as there is no check mark is there on it the file is already backed up and there is no need for me to backup. Suppose we say if we have modified the file of that 600MB and the changes made is 1MB. Now the total size of the file is 601MB. Now the archive bit is set again (the Check mark is present). The backup product will know now ok this file needs to be backed up. Now it will back up the entire 601MB but not only the change 1MB. This is nothing but the waste of space with the traditional backup strategy.
The block level backup is very intelligent and it will notice where that little 1MB of file has been changed on that file and put one little change on the backup hard drive. This is used in conjunction with vss( volume shadow copy service). Backup Media: This windows backup cannot be directly done on the tapes unless we are using Microsoft product like Microsoft DPM (Data protection Manager- which is a part of an ESM solution) and there should be one local hard drive need to be assigned to that. After back up on the local hard drive you can copy that backup file from the hard drive on to the tapes using a third party backup solution. If you backup to network it can be done only once to a network location using WBADMIN tool. Next you do it, it will overwrite the existing backup. Cannot backup to a CD/DVD because it will prompt you to install a new DVD when it is ran out of space.
BACKUP MEDIA TO HARD DRIVE: If you assign the backup to a hard drive that hard drive or LUN will be hidden in order to prevent from the accidental deletion, fideling around with the files, formatting etc. The rotation for the backup will be easy using hard disk to backup like say if you have two external HD. You can use one for backup and next morning remove the backed up hard drive and keep it offsite. Now install the second hard drive etc. Note: The source file you are backing up shouldn’t be greater than 1.96TB. BACKUP EXECUTION: How do you execute a backup? Generic users cannot do it. You either need to be a backup administrator. A Backup administrator can run an existing schedule; they cannot create their own schedule. They can create a spontaneous backup like a one off backup but they cannot schedule. Your administrator can schedule the backup because he has execution permissions and privilege. You can either use GUI or WBADMIN utility. There is a GUI utility called Windows NT backup utility used traditionally. Files backed up using that NT backup can be restored in present windows 2008 technology using a restore utility called windowsNT restore utility which can be downloaded from Microsoft website
CRITICAL VOLUME: When you do your backup remember that it always want to backup your critical volume which is the drive containing system files (operating system drive), Boot (which contains boot files), any drives contain SYSVOL, AD DS DATABASE (NTDS.DIT), any drive contains directory services (AD DS) logs. SYSTEM STATE: There is also a difference in how you backup the system state now. With NT backup you can choose to backup the system state alone without backing up the entire drive or anything like that where as in GUI backup you can’t do that anymore you have to choose the entire drive (c or what ever) . However with the command line we can do the system state backup but the size of the backup will be almost the size of backing yp the drive C anyway. You can specify in WBADMIN to backup system state The system state backup includes Registry (hkey user, hkey sub keys etc) COM+ (programmatic operating system and your programs) BOOT FILES ( Necessary to get the OS started) WRP( WINDOWS Resource Protection) Files (files in system 32 which protects the operating system) Role specific (AD DS database, cluster config, IIS config files) NOTE: The systemstate is already included in the critical volume backup WBADMIN can be used only for system state backup. If you want to browse the files for backup it isn’t that easy because some operating system files are protected by system permission which will be messed up if you dig in to it. If you done that it might effect your ability to restore it. Although you want to dig in to it there will be some utilities available that expose those system directories which will expose it as a virtual drives. The backup will be done as a VHD file which can be put in the virtual machine. However if you have backed up only a volume that cannot be put in the VM directly, you need to install OS in the virtual machine and then install the backedup volume from the backup. If you want to restore you can restore using WBADMIN which is the case if you only want to restore just the system state. When using WBADMIN use the following commands with that as well Wbadmin /get versions It will have universal time stamp for various backups done using wbadmin .
The backup using GUI is as follows. You select the drive you want to backup. You should exclude the drive where you want to store your backup (your destination drive )
That enable system recovery option is checked which is nothing but the critical volume backup we discussed in the previous page which will include all the operating system files etc. The backup can be stored in the local drive or the remote shared folder but as we discussed before only one off backup is allowed to store in the network location though it is a GUI backup or a WBADMIN backup. Please see the figure below If you schedule a wbadmin backup to the same location it doesnot append as a differential or incremental backup but what it does is it will completely overwrite the existing backup. If you did something like that you will have only one days backup at all times.
With the below screenshot vss copy backup will be used if you are using any third party backup solution like Symantec backup exec because when you use option vss copy backup it will not delete the transaction logs. Now while backing up using Symantec that backup will delete the transaction logs. I f you select the option vss full backup it will delete the transaction logs during your normal windows backup only so there is no chance for you to backup the incremental or differential changes stored in the form of transaction logs. Hence from the above two points the recommendation is use second option if you are not using any third party backup solution and completely dependent on only windows backup. If you are using any kind of third party backup solution go with the Vss backup option.
As we mentioned earlier the drive scheduled for the backup will not be available in the windows explorer . In the below figure the disk1 is choosen for scheduled backups and so will not be available in the windows explorer.
Now let us backup using the command prompt using the tool called WBADMIN
If you want to create a script for the above commands you put dash quiet at the end of the command so that it will not prompt for the options yes or no. If you don’t the backup will wait for the user input to type yes or no which is not possible inside the script unless the script is stopped and edited. NOTE: The allcritical word in the command indicates all the system state backup components we discussed in the above pages.
From the following screenshot the total backup copies are 41. In order to know which backup contains what there should be some kind of command which will be seen in the other screenshot.
If there is a yesterday backup and one of your OUs got deleted, you can mount one of those backup files in to file system. You can list the entire different backups using the ntdsutil command.
In the above command different commands are listed in one single line. We are activating NTDS instance. Then creating a snapshot using the snapshot command. The list all indicates which will show all the backup list of different backups performed. It will take dump all the output in to snapshot.txt file.
Suppose if using the above backup you want to retrieve the information in the AD . So select that GUID (Global Unique Identifier) . Copy that GUID and paste it in the command prompt. Before pasting it in the command prompt some NTDS commands need to be run as follows:
After the above commands executed. Now if you go to c-drive it will be mounted inside c-drive as a real file system (folder containing files). We can see the historical copy of that backup to see any active directory files we require are inside that backup. Then use the following command
In the above command using that GUID from backup you are mounting to ntds.dit . Then press enter. Go to Ad users and computers –right click- click change domain controller . Then type the servername and port. If you see from above we have used port 5000 to access the AD database from that particular backup. The reason why we are using port no is as the AD database backed up is from the same server with the present AD database running we cant see the backup AD database which means that present running database and backup database cannot seen simultaneously. Please see below screenshot to enter server name and port number
Now press enter and you can see the status as online. Now if you go to the server manager and point the mouse curser to the AD users and computers you can see the tip text shows the servername and port number as shown below:
Now expand all the AD users and computers and check whether the desired object you are looking for is found from the backup or not. Once you find the object don’t forget to change back to your original DC.
To unmount the backup database Now press ctrl-c . Again go to ntdsutil as shown below. While unmounting enter the same GUID you mounted before.
CONCLUSION: From the above mount and dismount we managed to see what object we need but just wondering James didn’t show me how to restore that particular object from the backup database to the main database. Wow James is now showing how to restore .
Suppose someone says to delete TUscon users and you accidentally deleted OU but you are supposed to delete the Tuscon users group. So you have done the wrong thing of which you need to restore from the backup
Next step we need to do is to reboot the machine in order to restore from a backup.
The above command is rebooting the server mode from safe mode to directory services repair mode. This can be done normally pressing f8 key after reboot as well. Now to shutdown you can use the
startmenu or the command prompt shutdown /r /t 0. As soon as the replication takes place the OU is deleted on the other Domain controller. Suppose if we have DC1 and DC4 and we have deleted the OU from Dc4. When the OU is deleted the objected will not be completely deleted however it will be stored in a container called as Deleted Objects Container where it increases the container and all of its objects by say version number 2. Here let us Say the OU which we have deleted mistakenly will be version number 1. So normally it you deleted the OU from DC4 and the DC4 which has version1 for OU will be sent to deleted objects and increase its version to 2. It will tell the other to do the same during the replication process to DC1. So when you restore the OU using directory services restoration mode, it will restore the OU to version1 because when it is backed up the OU has version1 and is healthy. So if we want to restore the version1 OU from DC4 to DC1 which is during replication the DC1 would not accept because the DC1 has already got the deleted OU which has version2 and is greater than version 1 and the DC1 will argue with DC4 that I have a deleted OU which has more version number and I will keep that saying I am more authoritative . So though you restore it is no of use as we are facing problem during the replication. So we need to increment the version number to 100000 for the OU or object we want to restore
As we have already booted the machine in ADDS restore mode go to the command prompt and as follows:
So use wbadmin get versions command to get all the version of backup. See the most recent backup before your backup got deleted. Try to restore that. Note that you can check the OU is present or not by mounting using NTDSUTIL command discussed in the previous pages. Normally if you just restore it will be a non authoritative restore as that particular will not get incremented by 100000 instead all the existing objects will be overwritten by the backup which must not be the case. So in order to do the non-authoritatve restore (which might overwrite existing one) the command is as follows. The authoritative restore and non-authoritative restore will be done using NTDSUTIL command but before that the following command is common for the both the restores.
Then press enter. After that the next step would be to perform authoritative restore in this
As you want to restore OU you are using restore subtree command which will increase the version number to 100000 of that particular OU. In many Microsoft websites you may see restore database command which will increase the all the objects in the OU by 100000. Restore object will increase the version number of that particular object only (user, computer etc). After pressing enter running the above command it will ask you are you sure to perform the authoritative restore. Click yes and some steps will take place and you can see authoritative restore has completed successfully. Which has successfully updated 29 records and the restored objects are stored in the .txt file directory. Now you can quit and quit the NTDSUTIL mode and exit the command prompt mode. See below practically.
If you remember previously we used bcdedit command to reboot the PC in ADDS mode . if you wont exit from this mode though the system reboots it will boot in ADDS mode again until unless you exit that from the command prompt again. To do this see below
The other thing need to concentrate Is going to ADSI edit to see how objects are affected
In the above if you go to the properties of a particular object you can see the value is 2 given by creating a user and changing a password. If you see the Tuscon users below for example it has incremented the key version value by 100000 (1000002) which guarantee that it will update and not being overwritten by a deleted objects marker instead.
Now if you check in the other DC the same objects will appear as the version number is greater than the deleted objects version number. Restoring from the GUI includes only the volumes and the files containing within the volumes but not the objects like above. If you want to restore any corrupted .exe file etc it can be done going to server manager windows server backup –rightclick- restore-local server/remote server-browse the directory etc.