Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Backup of Active Directory?
- Thread starter atanoli
- Start date
I've got this from Technet :
The Backup tool has several features that make backing up Active Directory a straightforward task that you can integrate into your regular backup procedures without interrupting the network or the operation of the domain controller you are backing up. For example, by using the Windows 2000 Backup tool you can:
·Back up Active Directory while the domain controller is online.
·Back up Active Directory, along with other system and data files.
·Back up Active Directory by using batch file commands.
·Back up Active Directory to any removable media, any available network drive, or a file.
Although Backup provides several methods for backing up data, the only type of Backup supported by Active Directory is normal backup. A normal backup creates a backup of the entire system while the domain controller is online. A normal backup marks each file as having been backed up, which clears the Archive attribute of the file. A normal backup also truncates the log files of database applications. To restore a system from a normal backup requires a single restore from the backup media (by comparison, restoring a system from an incremental backup requires all incremental backups as well as the first normal backup).
In addition, when you back up Active Directory, the Backup tool also automatically backs up all of the system components and all of the distributed services upon which Active Directory is dependent. This dependent data, which includes Active Directory, is known collectively as the System State data.
On a Windows 2000 domain controller, the System State data encompasses the system startup files; the system registry; the class registration database of COM+ (an extension to the Component Object Model); File Replication service (the SYSVOL directory); Certificate Services database (if it is installed); Domain Name System (if it is installed); Cluster service (if it is installed); and Active Directory. From a practical standpoint, this means that when you use the Backup tool to back up Active Directory, you cannot back up Active Directory by itself. It is recommended that you schedule and perform regular backups as a normal practice.
Active Directory Restore
There are two methods for restoring replicated data on a domain controller. You can reinstall Windows 2000, reconfigure the domain controller, and then let the normal replication process repopulate the new domain controller with data from its replica partners, or, you can use the Backup tool to restore replicated data from backup media without reinstalling the operating system or reconfiguring the domain controller. In addition, there are two general methods for restoring replicated data from backup media: nonauthoritative and authoritative. Since Active Directory is replicated data, these methods apply to Active Directory restores.
During nonauthoritative restore, the distributed services on a domain controller are restored from backup media and the restored data is then updated through normal replication. In short, each restored directory partition is updated with that of its replication partners. Nonauthoritative restore is typically performed when a domain controller has completely failed due to hardware or software problems.
Authoritative restore occurs after nonauthoritative restore has been performed. During authoritative restore, an entire directory, a subtree, or individual objects can be designated to take precedence over any other instances of those objects on domain controllers. So, through normal replication, the restored domain controller becomes authoritative in relation to its replication partners. Authoritative restore is typically used to restore a system to a previously known state, for example before Active Directory objects were erroneously deleted. The Ntdsutil command-line tool allows you to authoritatively restore the entire directory, a subtree, or individual objects provided they are leaf objects.
Permissions and User Rights
To back up or nonauthoritatively restore Active Directory, you must have the following permissions and user rights:
·To back up the System State data, the person performing the backup procedure must be either a Backup Operator or an Administrator.
·To restore the System State data, the person performing the procedure must be a Local Administrator.
Backup Operator, Administrator, and Local Administrator are Windows 2000 built-in groups. They are already set up and have the necessary permissions and user rights already defined.
Support for Third-Party Backup Tools
The Backup tool can read tapes created by third-party vendor backup tools. This can be useful in situations in which the third-party backup software is not readily available for some reason, such as when a computer is rebuilt and your third-party backup software is not yet installed. Also, third-party tools permit the use of remote tape devices, which are useful when performing enterprise-wide backups. For the Backup tool to read the tape successfully, the software used to create the tape must use the Microsoft tape format (MTF), and it must not compress the data.
Peter Van Eeckhoutte
peter.ve@pandora.be
The Backup tool has several features that make backing up Active Directory a straightforward task that you can integrate into your regular backup procedures without interrupting the network or the operation of the domain controller you are backing up. For example, by using the Windows 2000 Backup tool you can:
·Back up Active Directory while the domain controller is online.
·Back up Active Directory, along with other system and data files.
·Back up Active Directory by using batch file commands.
·Back up Active Directory to any removable media, any available network drive, or a file.
Although Backup provides several methods for backing up data, the only type of Backup supported by Active Directory is normal backup. A normal backup creates a backup of the entire system while the domain controller is online. A normal backup marks each file as having been backed up, which clears the Archive attribute of the file. A normal backup also truncates the log files of database applications. To restore a system from a normal backup requires a single restore from the backup media (by comparison, restoring a system from an incremental backup requires all incremental backups as well as the first normal backup).
In addition, when you back up Active Directory, the Backup tool also automatically backs up all of the system components and all of the distributed services upon which Active Directory is dependent. This dependent data, which includes Active Directory, is known collectively as the System State data.
On a Windows 2000 domain controller, the System State data encompasses the system startup files; the system registry; the class registration database of COM+ (an extension to the Component Object Model); File Replication service (the SYSVOL directory); Certificate Services database (if it is installed); Domain Name System (if it is installed); Cluster service (if it is installed); and Active Directory. From a practical standpoint, this means that when you use the Backup tool to back up Active Directory, you cannot back up Active Directory by itself. It is recommended that you schedule and perform regular backups as a normal practice.
Active Directory Restore
There are two methods for restoring replicated data on a domain controller. You can reinstall Windows 2000, reconfigure the domain controller, and then let the normal replication process repopulate the new domain controller with data from its replica partners, or, you can use the Backup tool to restore replicated data from backup media without reinstalling the operating system or reconfiguring the domain controller. In addition, there are two general methods for restoring replicated data from backup media: nonauthoritative and authoritative. Since Active Directory is replicated data, these methods apply to Active Directory restores.
During nonauthoritative restore, the distributed services on a domain controller are restored from backup media and the restored data is then updated through normal replication. In short, each restored directory partition is updated with that of its replication partners. Nonauthoritative restore is typically performed when a domain controller has completely failed due to hardware or software problems.
Authoritative restore occurs after nonauthoritative restore has been performed. During authoritative restore, an entire directory, a subtree, or individual objects can be designated to take precedence over any other instances of those objects on domain controllers. So, through normal replication, the restored domain controller becomes authoritative in relation to its replication partners. Authoritative restore is typically used to restore a system to a previously known state, for example before Active Directory objects were erroneously deleted. The Ntdsutil command-line tool allows you to authoritatively restore the entire directory, a subtree, or individual objects provided they are leaf objects.
Permissions and User Rights
To back up or nonauthoritatively restore Active Directory, you must have the following permissions and user rights:
·To back up the System State data, the person performing the backup procedure must be either a Backup Operator or an Administrator.
·To restore the System State data, the person performing the procedure must be a Local Administrator.
Backup Operator, Administrator, and Local Administrator are Windows 2000 built-in groups. They are already set up and have the necessary permissions and user rights already defined.
Support for Third-Party Backup Tools
The Backup tool can read tapes created by third-party vendor backup tools. This can be useful in situations in which the third-party backup software is not readily available for some reason, such as when a computer is rebuilt and your third-party backup software is not yet installed. Also, third-party tools permit the use of remote tape devices, which are useful when performing enterprise-wide backups. For the Backup tool to read the tape successfully, the software used to create the tape must use the Microsoft tape format (MTF), and it must not compress the data.
Peter Van Eeckhoutte
peter.ve@pandora.be
- Thread starter
- #3
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question