1 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory Goals  Use the.

Slides:



Advertisements
Similar presentations
Copyright line. Maintaining an Active Directory Environment Exam Objectives Backup and Recovery Backup and Recovery Offline Maintenance Offline Maintenance.
Advertisements

Module 13: Maintaining the Active Directory Database
Corso referenti S.I.R.A. – Modulo Disaster Recovery 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.
11 BACKING UP AND RESTORING DATA Chapter 4. Chapter 4: BACKING UP AND RESTORING DATA2 CHAPTER OVERVIEW Describe the various types of hardware used to.
Active Directory Disaster Recovery Paul Simmons Support Engineer Directory Services Microsoft Corporation.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Hands-On Microsoft Windows Server 2003 Administration Chapter 10 Monitoring and Troubleshooting Windows Server 2003.
7.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
14.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
8.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Chapter 12 - Backup and Disaster Recovery1 Ch. 12 – Backups and Disaster Recovery MIS 431 – Created Spring 2006.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.
A+ Guide to Software, 4e Chapter 4 Supporting Windows 2000/XP Users and Their Data.
10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Administering Active Directory
Lesson 19 – ADMINISTERING WINDOWS 2000 SERVER : THE BASICS.
Chapter 16 Chapter 16: Troubleshooting. Chapter 16 Learning Objectives n Develop your own problem-solving strategy n Use the Event Viewer to locate and.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Week:#14 Windows Recovery
5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.
7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 5: User Environment and Multiple Languages.
Maintaining Windows Server 2008 File Services
Installing a New Windows Server 2008 Domain Controller in a New Windows Server 2008 R2.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 12: Managing and Implementing Backups and Disaster Recovery.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 14: Problem Recovery.
1 Objectives Discuss the Windows Printer Model and how it is implemented in Windows Server 2008 Install the Print Services components of Windows Server.
1 Chapter Overview Backing Up Your Network Backing Up and Restoring Active Directory.
Module 8: Designing Active Directory Disaster Recovery in Windows Server 2008.
1 Administering Active Directory Locating Active Directory Objects Controlling Access to Active Directory Objects Publishing Resources in Active Directory.
Microsoft ® Official Course Module 12 Monitoring, Managing, and Recovering AD DS.
Ch 11 Managing System Reliability and Availability 1.
1 Introducing Windows Backup There are different methods for starting Windows 2000 Backup. Requirements for running Windows 2000 Backup All users can back.
Course 6425A Module 9: Implementing an Active Directory Domain Services Maintenance Plan Presentation: 55 minutes Lab: 75 minutes This module helps students.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 7: Active Directory Replication.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
13.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 13: Implementing Data and.
Administering Windows 7 Lesson 11. Objectives Troubleshoot Windows 7 Use remote access technologies Troubleshoot installation and startup issues Understand.
Hands-On Microsoft Windows Server 2008
Module 13: Configuring Availability of Network Resources and Content.
5.1 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam Microsoft® Windows® 2000 Directory Services Infrastructure Goals 
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 7: Advanced File System Management.
Chapter Fourteen Windows XP Professional Fault Tolerance.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 12: Managing and Implementing Backups and Disaster Recovery.
Chapter 18: Windows Server 2008 R2 and Active Directory Backup and Maintenance BAI617.
Module 12: Managing Disaster Recovery. Overview Preparing for Disaster Recovery Backing Up Data Scheduling Backup Jobs Restoring Data Configuring Shadow.
Maintaining Active Directory Domain Services
Active Directory Maintenance, Troubleshooting, and Disaster Recovery Lesson 11.
11 DISASTER RECOVERY Chapter 13. Chapter 13: DISASTER RECOVERY2 OVERVIEW  Back up server data using the Backup utility and the Ntbackup command  Restore.
1 Week #10Business Continuity Backing Up Data Configuring Shadow Copies Providing Server and Service Availability.
Chapter 10 Chapter 10: Managing the Distributed File System, Disk Quotas, and Software Installation.
1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.
IT1001 – Personal Computer Hardware & system Operations Week7- Introduction to backup & restore tools Introduction to user account with access rights.
1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management.
Backing Up Lesson 12. Backups A backup is simply a copy of the data on a computer’s hard disks, stored on another medium in case a hard drive fails. If.
1 Remote Installation Service Windows 2003 Server Prof. Abdul Hameed.
Maintaining Windows Server 2008 File Services
Active Directory Replication (Part 1) Paige Verwolf Support Professional Microsoft Corporation © 1999 Microsoft Corporation. All rights reserved.
Unit 10 NT1330 Client-Server Networking II Date: 8/16/2016
CONFIGURING HARDWARE DEVICE & START UP PROCESS
Global Catalog and Flexible Single Master Operations (FSMO) Roles
Microsoft Windows Server 2003 Active Directory Infrastructure
Global Catalog and Flexible Single Master Operations (FSMO) Roles
Introducing NTFS Reliability Security Long file names Efficiency
Presentation transcript:

1 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory Goals  Use the Backup Wizard to troubleshoot Active Directory  Schedule Active Directory backups  Examine Active Directory restores  Execute a nonauthoritative restore  Execute an authoritative restore

2 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  Active Directory is a transaction log-based database service that depends on files such as ntds.dit and a number of log files in order to function  To prepare for disaster recovery, you must use the Backup Wizard to back up Active Directory  The wizard creates an archive with a.bkf extension, which contains the files that were selected for backup  To back up Active Directory, you must be a member of either the Backup Operators or Administrators group (Skill 1) Using the Backup Wizard to Back Up Active Directory

3 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory Figure 8-1 The Backup Utility Advanced Mode window (Skill 1)

4 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  An Active Directory backup includes the Active Directory database file, ntds.dit, and the shared system volume (SYSVOL) folder  SYSVOL is a shared folder created when Active Directory is installed  It contains all publicly available files for domains, such as scripts and Group Policy Objects, which users and other domain controllers need for domain access Using the Backup Wizard to Back Up Active Directory (2) (Skill 1)

5 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  To back up Active Directory, you back up the System State data on a domain controller  In addition to the Active Directory database file and the SYSVOL folder, System State data has other components  Registry: Database that stores the configuration of a computer, including user profiles and folder settings  COM+ Class Registration database: Database that stores entries for dynamic link library (.dll) and executable (.exe) files on a computer Using the Backup Wizard to Back Up Active Directory (3) (Skill 1)

6 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  In addition to the Active Directory database file and the SYSVOL folder, System State data has other components  System boot files: Files used to load and configure the Windows Server 2003 operating system  Windows File Protection system files: All files under Windows File Protection Using the Backup Wizard to Back Up Active Directory (4) (Skill 1)

7 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  Tasks to perform before you start any backup operation  Choose the scope for the backup, based on your requirements  Back up the entire contents of a computer  Select only particular files, drives, or network data  Back up only the System State data Using the Backup Wizard to Back Up Active Directory (5) (Skill 1)

8 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  Tasks to perform before you start any backup operation  Choose the type of backup media  You can use Zip or Jaz drives, tape, or the hard drive on a remote file server  A backup to a file on the file server can be backed up to a Zip, Jaz, or tape drive  Magnetic tape is the most widely used backup medium  Inexpensive  Stores large amounts of data Using the Backup Wizard to Back Up Active Directory (6) (Skill 1)

9 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  Tasks to perform before you start any backup operation  Choose the type of backup  There are five backup types from which you can choose  To choose one of these types, you must first understand the archive attribute or archive bit and how each backup type handles it Using the Backup Wizard to Back Up Active Directory (7) (Skill 1)

10 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  Tasks to perform before you start any backup operation  Choose the type of backup  Archive attribute  A property for files and folders that is used to identify them when they have changed  When a file has changed, the archive attribute, which is actually an attribute of the file header, is automatically selected Using the Backup Wizard to Back Up Active Directory (8) (Skill 1)

11 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  Tasks to perform before you start any backup operation  Choose the type of backup  Archive attribute  Some backup types  Remove the archive attribute to mark files as having been backed up, while others do not  Some backup types use the archive attribute to determine which files to back up  Others back up all files regardless of the status of the archive attribute Using the Backup Wizard to Back Up Active Directory (9) (Skill 1)

12 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  Tasks to perform before you start any backup operation  Choose the type of backup  Archive attribute  Organizations use a blend of the different backup types  This optimizes the time spent on both the backup and the restore processes Using the Backup Wizard to Back Up Active Directory (10) (Skill 1)

13 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  Tasks to perform before you start any backup operation  Notify users about the backup operation  Through or administrative messages  During the backup operation, users who are connected over the Internet will have their sessions terminated and may lose any unsaved data Using the Backup Wizard to Back Up Active Directory (11) (Skill 1)

14 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  Tasks to perform before you start any backup operation  Make sure that the media device you have selected for storing the backup is listed in the Windows Server Catalog  The catalog contains a list of devices tested by Windows Hardware Testing Labs  These devices are supported by Windows Server 2003 Using the Backup Wizard to Back Up Active Directory (12) (Skill 1)

15 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  Tasks to perform before you start any backup operation  Make sure the backup media device is attached to the computer and the device is switched on  Make sure the backup media is loaded in the media device Using the Backup Wizard to Back Up Active Directory (13) (Skill 1)

16 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory Figure 8-2 The Backup or Restore Wizard (Skill 1)

17 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory Figure 8-3 The Backup or Restore screen (Skill 1)

18 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory Figure 8-4 The What to Back Up screen (Skill 1)

19 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  The default settings in the Backup Wizard work well in most cases  Additional advanced settings  Specify a backup type other than Normal  Verify data after the backup operation to ensure its success Using the Backup Wizard to Back Up Active Directory (14) (Skill 1)

20 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  Additional advanced settings  Append the backup data to an existing archive or create a new archive  Set a job name to identify the backup job  Schedule the backup process to occur at specified intervals Using the Backup Wizard to Back Up Active Directory (15) (Skill 1)

21 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory Figure 8-5 The Items to Back Up screen (Skill 1)

22 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory Figure 8-6 The Backup Type, Destination, and Name screen (Skill 1)

23 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory Figure 8-7 The Completing the Backup or Restore Wizard screen (Skill 1)

24 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  To be prepared to recover from a hardware failure, system or disk failure, or a virus attack, it is best back up Active Directory daily, preferably after office hours  A typical schedule  Perform a Normal backup once a week  Perform an Incremental backup on each other day of the week  This method ensures the backup file occupies less disk space and that you have the most recent data in the event of a disaster Scheduling Active Directory Backups (Skill 2)

25 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  Most production networks have ample backup capacity to perform a full Normal backup daily  Backing up servers can become time-consuming  To ease the burden, use the Backup utility to schedule backups to run at specified dates and times  Ntbackup then uses the Task Scheduler to schedule the backup Scheduling Active Directory Backups (2) (Skill 2)

26 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  Task Scheduler  Runs the Backup Wizard to carry out the backup operation at the scheduled date and time  This is also known as an unattended backup  Two ways to schedule an unattended backup  Use the Advanced settings on the Completing the Backup Wizard screen  Use the Schedule Jobs tab in the Backup Utility to schedule unattended backups Scheduling Active Directory Backups (3) (Skill 2)

27 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory Figure 8-8 Running Ntbackup from the Run dialog box (Skill 2)

28 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory Figure 8-9 Scheduling a System State Backup (Skill 2)

29 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory Figure 8-10 The How to Back Up screen (Skill 2)

30 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory Figure 8-11 The Backup Options screen (Skill 2)

31 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  Task Scheduler  On the Schedule Jobs tab in the Backup window  Click the icon for a scheduled job to open the Scheduled Job Options dialog box  You can change the job name on the Schedule data tab  You can view the job details on the Backup details tab Scheduling Active Directory Backups (4) (Skill 2)

32 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  Task Scheduler  On the Schedule Jobs tab in the Backup window  View details about the backup in the Job summary section  Displays the backup type  Displays the properties set for the backup job  Whether Verify data has been set  Whether hardware compression is to be used  Whether access is restricted to the owner or administrator  The media name used for the job and the set description Scheduling Active Directory Backups (5) (Skill 2)

33 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  Using Ntbackup  You cannot back up individual components of the System State data because of the dependencies between components  Third-party utilities such as Veritas Backup Exec can back up individual components  You can use Ntbackup to restore System State data to an alternate location Scheduling Active Directory Backups (6) (Skill 2)

34 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  When you restore the System State to an alternate location, certain components are restored  SYSVOL directory  Cluster database data  System boot files  When you restore the System State to an alternate location, certain components are not restored  Active Directory database  Certificate Services database  COM+ Class Registration database Schedule Active Directory Backups (7) (Skill 2)

35 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory Figure 8-12 The Schedule Job dialog box (Skill 2)

36 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory Figure 8-13 The Advanced Schedule Options dialog box (Skill 2)

37 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory Figure 8-14 The Set Account Information dialog box (Skill 2)

38 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory Figure 8-15 Scheduled jobs on the calendar on the Schedule Jobs tab (Skill 2)

39 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  Active Directory stores information about all of the objects in a domain  If the files that make up Active Directory become corrupt, users and applications cannot access Active Directory objects  In disaster recovery situations, you must restore the latest System State backup data to restore Active Directory objects Examining Active Directory Restores (Skill 3)

40 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  Methods of restoring System State data  Nonauthoritative restore (Normal)  Authoritative restore  Primary restore Examining Active Directory Restores (2) (Skill 3)

41 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  Nonauthoritative restore (Normal)  When to use this method  You need to recover a domain controller from hardware failure or replacement  You are sure the data on the other domain controllers in the forest is correct  All you must do is restore the most recent System State backup of the domain controller  Restored data, including Active Directory objects, will have the USN they had when the System State backup was created Examining Active Directory Restores (3) (Skill 3)

42 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  Nonauthoritative restore (Normal)  Update sequence numbers (USNs)  Used to detect and propagate Active Directory changes among the servers on the network  Make multi-master replication possible  Used to track changes made to the database just like a version number in DNS  When you create an object, Active Directory assigns a unique USN to the object  When you make changes to the object, Active Directory increments the USN for the object by one Examining Active Directory Restores (4) (Skill 3)

43 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  Nonauthoritative restore (Normal)  Update sequence numbers (USNs)  The copy of the object that has the highest USN is considered to be the most up-to-date, and is replicated to the other domain controllers  Because the USNs in the System State backup will be lower than more recent versions of Active Directory objects, the Active Directory replication system views data that is restored non-authoritatively as old data  If more recent data is available on other servers, the Active Directory replication system uses it to update the restored data Examining Active Directory Restores (5) (Skill 3)

44 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  Nonauthoritative restore (Normal)  After the nonauthoritative restore  Active Directory replication begins  Changes that occurred on the other domain controllers are automatically propagated to the domain controller that has come back online  You must use an authoritative restore to replicate restored data to other servers Examining Active Directory Restores (6) (Skill 3)

45 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  Nonauthoritative restore (Normal)  Unless you only have one domain controller, or are at an isolated remote location, a nonauthoritative restore is not very useful  This is because in order to perform a nonauthoritative restore on a failed domain controller, you must first reinstall Windows Server 2003 and promote the server to a domain controller  As part of this process, the Active Directory database is copied from the other servers onto your failed server, fully restoring Active Directory Examining Active Directory Restores (7) (Skill 3)

46 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  Authoritative restore  Used when an Active Directory object, or group of objects, has been accidentally deleted  When an object is deleted in Active Directory, it is not truly deleted; it is tombstoned  Tombstoning essentially marks the object “dead,” which makes it unusable, and updates the USN for the object  This is done so that the “deletion” is properly replicated to all domain controllers Examining Active Directory Restores (8) (Skill 3)

47 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  Authoritative restore  Once every night, a process known as Garbage Collection runs on all domain controllers  Any object that has been tombstoned for more than 60 days (by default) is actually deleted during this process  Because of the tombstoning process, to effectively restore a deleted object  You must increment the USN of that object subsequent to the actual restore process  This makes the restored copy the more up-to-date version Examining Active Directory Restores (9) (Skill 3)

48 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  Authoritative restore  During an authoritative restore, the USN of the deleted object is increased by 100,000 for each day since the backup was performed so that it is higher than the USNs of the existing objects  You perform an authoritative restore by executing the Ntdsutil command on a domain controller Examining Active Directory Restores (10) (Skill 3)

49 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  Authoritative restore  Using Ntdsutil  Ntdsutil is a command-line utility, which is stored in %Systemroot%\System32  It supplies a number of other directory management features not found in any of the graphical tools  You mark Active Directory objects for authoritative restore  This modifies the USN making it higher than any other update sequence number in the Active Directory replication system  Objects restored using this command are considered to be the most current copy of those objects, and are properly replicated to the other servers on the network Examining Active Directory Restores (11) (Skill 3)

50 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory Figure 8-16 Authoritative Restore (Skill 3)

51 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory Figure 8-17 First level of commands for ntdsutil (Skill 3)

52 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  Primary restore  You do a primary restore when you must rebuild the domain from backup because all domain controllers in the domain have been lost  You perform a primary restore on the first domain controller and nonauthoritative restores on all of the other domain controllers  You only perform a primary restore when the server you are trying to restore is the only running server in a replicated data set Examining Active Directory Restores (12) (Skill 3)

53 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  Active Directory actually performs attribute level replication in most cases  If you change a field in a user account, only the field is replicated, not the entire object  To provide full replication functionality, Active Directory actually assigns a USN  To the database  To each object in the database  To each attribute of each object Examining Active Directory Restores (13) (Skill 3)

54 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  Nonauthoritative restore  Used to restore Active Directory in cases where no objects have been accidentally deleted and no other options are available  You use the backup of the System State data to restore Active Directory on a domain controller  To begin, start the computer in a special safe mode called Directory Services Restore Mode  Then use the Restore Wizard to restore Active Directory Executing a Nonauthoritative Restore (Skill 4)

55 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  Directory Services Restore Mode  This mode ensures the domain controller remains offline while you restore the Active Directory database and the SYSVOL folder  In this offline mode, Active Directory services on the domain controller are stopped so that a successful restoration can occur  The computer is not disconnected from the network, but all Active Directory services are halted Executing a Nonauthoritative Restore (2) (Skill 4)

56 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  Directory Services Restore Mode  After the Active Directory restoration process is complete and the server is restarted, the normal replication process updates the restored Active Directory database with the help of the replication partner domain controllers on the domain Executing a Nonauthoritative Restore (3) (Skill 4)

57 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory Figure 8-18 The Desktop message box (Skill 4)

58 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory Figure 8-19 Restoring the System State (Skill 4)

59 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory Figure 8-20 The Warning dialog box (Skill 4)

60 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  Directory Services Restore Mode  You can also use Ntdsutil to reset the Directory Services Restore Mode password  At the ntdsutil prompt, type Set DSRM and press [Enter]  At the Reset DSRM Administrator Password prompt, type Reset Password on server %s where %s is the name of the server  After you press [Enter], you are prompted to type the password and re-enter the password Executing a Nonauthoritative Restore (4) (Skill 4)

61 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory Figure 8-21 The Restore Progress dialog box (Skill 4)

62 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory Figure 8-22 The Backup Utility warning dialog box (Skill 4)

63 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  You use an authoritative restore to recover selected Active Directory objects  Preliminary tasks  Copy the Policies folder in the SYSVOL folder to an alternate location  Copy the Policies folder from the alternate location back to its original location  After you perform an authoritative restore  After the SYSVOL share has been published Executing an Authoritative Restore (Skill 5)

64 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  Preliminary tasks  Perform a nonauthoritative restore of the System State data  You can then use Ntdsutil to perform an authoritative restore to recover the deleted object Executing an Authoritative Restore (2) (Skill 5)

65 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  Run the Ntdsutil command-line utility to perform an authoritative restore  Ntdsutil marks an object for authoritative restore by increasing the USN by 100,000 for each day since the backup was performed so that it is higher than the USNs of the existing object  To restore a deleted object, you must specify the distinguished name of the object Executing an Authoritative Restore (3) (Skill 5)

66 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  Distinguished name (DN)  Uniquely identifies an object on a network  It is an LDAP component that includes the name of the domain that holds the object and the complete path to the object through the container hierarchy  It identifies an object throughout the LDAP hierarchy because it refers to the relative distinguished name, domain name, and the container where the object is stored Executing an Authoritative Restore (4) (Skill 5)

67 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  Distinguished name (DN)  Can consist of the common name (cn), the organizational unit name (ou), and the domain component name (dc)  The common name for a user object is the full user name, not the logon name  For user names and OUs that contain spaces, the DN must be enclosed in quotation marks Executing an Authoritative Restore (5) (Skill 5)

68 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  To restore an OU and all objects in it, use the command Restore subtree %s, where %s represents the server name  To restore an object, use Restore object %s  To override the version (USN) increase  Add the parameter verinc %d, where %d represents the variable by which you want to increment the version number  Use this parameter only to authoritatively restore over an incorrect authoritative restore Executing an Authoritative Restore (6) (Skill 5)

69 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  Just like a nonauthoritative restore, an authoritative restore requires that the domain controller be running in Directory Services Restore Mode  Run the Ntdsutil command  After you have restored the System State data  Before you have restarted the server from Active Directory Restore mode  You cannot restart normally between the nonauthoritative restore and the authoritative restore Executing an Authoritative Restore (7) (Skill 5)

70 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  After the restoration is complete, the domain controller is brought back online by restarting the computer normally  If the Active Directory database has changed on the replication partner domain controllers, the replication process updates their databases using the restored Active Directory database  The replication process also distributes information about the restored object to other domain controllers Executing an Authoritative Restore (8) (Skill 5)

71 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory Figure 8-23 Copying the Policies folder to an alternate location (Skill 5)

72 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  If you accidentally delete a large number of objects, manually recovering each object would be a cumbersome task  Instead you can authoritatively restore the entire database  To do this, type the restore database command at the authoritative restore prompt Executing an Authoritative Restore (9) (Skill 5)

73 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory  Do not perform an authoritative restore of the entire database on servers holding the RID master or schema master FSMO roles  The schema cannot be authoritatively restored, and authoritatively restoring the RID master can lead to SID conflicts Executing an Authoritative Restore (10) (Skill 5)

74 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory Figure 8-24 Confirming an authoritative restore (Skill 5)

75 Microsoft Windows Server 2003 Active Directory Infrastructure Backing Up and Restoring Active Directory Figure 8-25 Using Ntdsutil to recover a deleted object (Skill 5)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.