Professional Documents
Culture Documents
WindowsServer2008R2ADBackupandDisasterRecoveryProcedures V3.3
WindowsServer2008R2ADBackupandDisasterRecoveryProcedures V3.3
Version: 3.3
1. Contents
1. CONTENTS ........................................................................................................................................... 2
2. CONTACT INFORMATION ....................................................................................................................... 4
3. VERSION CONTROL .............................................................................................................................. 5
4. TERMS AND ABBREVIATIONS ................................................................................................................. 5
5. INTRODUCTION ..................................................................................................................................... 6
6. SCOPE................................................................................................................................................. 6
7. ACTIVE DIRECTORY CONTENT BACKUP AND RESTORE METHODS ............................................................. 6
7.1 System State Backup.................................................................................................................... 7
7.2 Active Directory Recycle Bin ......................................................................................................... 8
7.3 Active Directory Snapshot Backups .............................................................................................. 9
7.4 Tombstone Reanimation ............................................................................................................. 10
8. INSTALLING AND CONFIGURING BACKUPS ............................................................................................ 10
8.1 System State Backup.................................................................................................................. 10
8.2 Snapshot Backups ...................................................................................................................... 11
8.2.1 Manual Snapshots ................................................................................................................. 11
8.2.2 Scheduled Snapshots ............................................................................................................ 11
8.3 Enable Active Directory Recycle Bin .......................................................................................... 12
8.4 Configuring Garbage collection process ..................................................................................... 12
8.4.1 Without Recycle Bin ............................................................................................................... 13
8.4.2 With Recycle Bin .................................................................................................................... 13
9. W HEN TO RESTORE............................................................................................................................ 14
10. W HERE TO RESTORE.......................................................................................................................... 15
11. COMMON TASKS ................................................................................................................................ 15
11.1 Remove Domain Controller from DNS........................................................................................ 15
11.2 Remove Domain Controller from Active Directory ...................................................................... 15
11.3 Change the Active Directory Restore Mode (DSRM) Administrator Password .......................... 17
11.4 Verification of a Successful Restore ........................................................................................... 17
11.5 How to Disable Initial Replication ............................................................................................... 18
12. ACTIVE DIRECTORY CONTENT RECOVERY ........................................................................................... 18
12.1 Overview ..................................................................................................................................... 18
12.1.1 Authoritative Restore ............................................................................................................. 18
12.1.2 Non-Authoritative Restore ..................................................................................................... 19
12.2 Recovery through System State Backup .................................................................................... 19
12.2.1 Restore your Backups files to restore from ........................................................................... 19
12.2.2 Non-Authoritative Restore ..................................................................................................... 20
12.2.3 Authoritative Restore ............................................................................................................. 21
12.3 Recovery through tombstone object reanimation ....................................................................... 22
12.3.1 Authoritative Restore through LDP.exe ................................................................................. 23
12.3.2 Authoritative Restore through ADRestore.exe ...................................................................... 24
12.4 Active Directory Recovery through Snapshots ........................................................................... 24
12.5 Active Directory Restore through Recycle Bin ............................................................................ 26
12.6 Restoring Back-Links .................................................................................................................. 28
12.6.1 Restore group memberships through NTDSUTIL and LDIFF ............................................... 28
12.6.2 Restore security principals two times .................................................................................... 29
13. ENTIRE DOMAIN RECOVERY................................................................................................................ 29
14. ENTIRE FOREST RECOVERY................................................................................................................ 30
15. FSMO ROLES RECOVERY .................................................................................................................. 32
15.1 Overview ..................................................................................................................................... 32
15.2 How to find the existing FSMO role holders ............................................................................... 34
15.3 How to Seize a Role ................................................................................................................... 34
15.4 How to Move a Role.................................................................................................................... 35
16. SYSVOL RECOVERY ......................................................................................................................... 35
16.1 Overview ..................................................................................................................................... 35
2/42
3/42
2. Contact Information
IT doesnt matter
Even in our fast growing world of technology, IT became a commodity the same way as
electricity did. Its not the software, hardware or technologies that will make the difference, but
the way how you design, implement, maintain and use it. Speaking personally, as an architect,
software, hardware and technology as such are not that important. They are only a way to
create a stable, reliable and secure IT infrastructure to meet all your business and technical
needs. Cost reductions, flexibility and future scalability are key words in every project Im
involved with.
EDE Consulting
EDE Consulting was formed in 2006. Though a young company, all our IT professionals are senior
consultants with 10 to 20 years of experience in IT business. EDE Consulting has extensive
experience with everything related to enterprise system management, network management,
system migration and integration, and this at consultancy, architectural and implementation
level.
While you take care of your core business, EDE Consulting looks after your IT infrastructure.
We think beyond the technical aspects of IT. If, for example, we design a disaster recovery
procedure, this procedure includes all documentation, personal procedures, access lists, and so
on.
Among our current customers you will find: Fortis, Dexia, ING, Oleon, AGF, KUL, ...
http://www.linkedin.com/pub/peter-van-keymeulen/3/531/783
4/42
3. Version Control
Version
V1.1
V3.0
V3.1
V3.2
V3.3
Status
Review
Final
Update
Update
Update
Date
22.10.2010
10.03.2011
28.04.2011
17.11.2011
30.01.2012
Authors
Van Keymeulen Peter
Van Keymeulen Peter
Van Keymeulen Peter
Van Keymeulen Peter
Van Keymeulen Peter
Explanation
Recovery Time Objective
Recovery Point Objective
Business Impact Analysis
Active Directory Domain Services
Volume Shadow Copy
Microsoft Office SharePoint Server
System Center Configuration Manager
System Center Operations Manager
ePolicy Orchestrator
Domain Name System
Network Time Protocol
IP version 6
Remote Procedure Call
Windows Name Service
NT Directory Service - Active Directory database
Distributed File System Replication
Universal Naming Convention (path)
DNS server record
DNS canonical name record
Flexible Single Master Operation
Primary Domain Controller Master
Relative ID Master
Infrastructure master
Global Catalog
Schema Master
Domain Naming Master
Windows Time Protocol
5/42
Changes
5. Introduction
You all know that Active Directory Domain Services (ADDS) is a mission-critical component in
your Windows infrastructure. If Active Directory goes down, your network is essentially useless.
Consequently, your backup and recovery plans for Active Directory are fundamental to security,
business continuity, and regulatory compliance.
Windows Server 2008 brings many new features to Active Directory, two of which have a
significant impact on your backup and recovery plans: the new Windows Server Backup utility
and the ability to take and work with Volume Shadow Copy Service snapshots of Active
Directory. In this article I will describe everything you need to know about Active Directory
backup and disaster recovery.
6. Scope
This document tackles all possible scenarios, mechanisms and techniques related to Active
Directory Backup and Disaster Recovery.
V1 version contained the following items:
Active Directory Content Backup and Restore through System State
Active Directory Content Backup and Restore through Tombstone Reanimation
SYSVOL restore
FSMO roles restore
Restore an Entire Forest
Restore an Entire Domain
This (V3) version contains the following items:
Active Directory Content Backup and Restore through System State
Active Directory Content Backup and Restore through Tombstone Reanimation
Active Directory Content Backup and Restore through the recycle bin
Active Directory Content Backup and Restore through snapshot
SYSVOL restore
FSMO roles restore
Restore an Entire Forest
Restore an Entire Domain
ADS DRP mode
Useful links
6/42
7/42
8/42
9/42
10/42
To find out all System State Backups stored on your domain controller:
Logon to the system with at least domain controller local administrator privileges
From the command prompt, execute the following command:
Wbadmin get versions
11/42
12/42
13/42
9. When to Restore
When an object is deleted in Windows 2008R2, the DC from which the object was deleted
informs the other DCs in the environment about the deletion by replicating what is known as a
tombstone(if the recycle bin isnt enabled) or Deleted (with recycle bin).
A tombstone or deleted object is a representation of an object that has been deleted from the
directory. The tombstone object is removed by the garbage collection processes, based on the
tombstone lifetime setting, which by default is set to 180 days by default in Windows 2008R2.
A Deleted object will be recycled after the Recycle object lifetime, which is by default equal to
the tombstone lifetime, or 180 days in Windows 2008R2.
A backup older than the tombstone lifetime set in Active Directory is not considered to be a
good backup.
Active Directory protects itself from restoring data older than the tombstone lifetime. For
example, lets assume that we have a user object that is backed up. If after the backup the
object is deleted, a replication operation is performed to the other DCs and the object is
replicated in the form of a tombstone. After 180 days, all the DCs remove the tombstone as part
of the garbage collection process. This is a process routinely performed by DCs to clean up their
copy of the database.
If you attempt to restore the deleted object after 180 days, the object cannot be replicated to
the other DCs in the domain because it has a USN that is older than the level required to trigger
replication. And the other DCs cannot inform the restored DC that the object was deleted, so the
result is an inconsistent directory.
14/42
15/42
16/42
11.3 Change the Active Directory Restore Mode (DSRM) Administrator Password
Change Directory Services Restore Mode Administrator password if you dont know it. Every
domain administrator can change the DSRM Administrator Password. This account and
password can only be used on a Domain Controller booted in the Active Directory Restore
mode.
To change the password:
Start, on the command prompt, ntdsutil
Type, without the quotes: set dsrm password and press return to enter the DSRM part
of ntdsutil.
Type: Reset Password on server <servername>, where servername is the name of the
Domain Controller on which we have to perform an AD recovery operation.
Enter the new administrator password.
Confirm the new administrator password.
Close ntdsutil.
17/42
18/42
19/42
Install Windows Backup and restore your system state using the wbadmin command and
the backuptarget: parameter
o
For the Catalog process to be successful, the path to the backup files should start at the level
where WindowsImageBackup is in the path. If you copy the backup files to a local attached
disk, the structure should be as follows:
E:\WindowsImageBackup\servername\Backup..
This will not work: E:\ servername\Backup..
20/42
Once the SystemState restore has been finished, select Y to reboot the system
Logon to the system using the DSRM account and password
Wait till the restore process has been finished.
To disable the Active Directory Restore Mode boot option, execute the following
command on the command prompt:
Bcdedit /deletevalue safeboot
Reboot the System
Once the SystemState restore has been finished, select Y to reboot the system
Logon to the system using the DSRM account and password
Wait till the restore process has been finished.
Disable the initial replication process, for more information, please refer to: 11.5. How to
Disable Initial Replication
From the command prompt, start ntdsutil and execute all of the following commands:
Activate instance ntds
Authoritative Restore
Restore Object <distinguished name>
Q to exit
Q to close ntdsutil
To disable the Active Directory Restore Mode boot option, execute the following
command on the command prompt:
21/42
Fig 3
Other Examples are:
Entire domain:
Entire OU:
One user:
Configuration:
dc=rsabb,dc=be,dc=extranet
ou=users, dc=rsabb,dc=be,dc=extranet
cn=peter, ou=users, dc=rsabb,dc=be,dc=extranet
cn=configuration, dc=be,dc=extranet
22/42
In this example, the user named peter01 has been deleted and tombstoned from the AD named:
test.be.extranet
To reanimate tombstones:
Copy the entire DN of the tombstone object
From the Browse menu, select modify
23/42
24/42
(DSA.msc), ADSIEDIT.msc, LDP.exe or others. You can also connect to it by using command line
tools such as LDIFDE or CSVDE, tools that allow you to export information from that database.
To list AD content through the snapshots using DSAMAIN:
First find the exact path of the NDTDS database file in the file structure of the mounted
snapshot. So search for the file named: ntds.dit.
First you need to mount a snapshot. Enter the following command on the command line:
25/42
To dismount snapshots:
Start, on the command prompt: ntdsutil.
First you need to mount a snapshot. Enter snapshot
Enter List All and decide up on which snapshot you want to use to recover from
Enter unmount <snapshot number>
You can unmount version after version.
The snapshot folder on the hard drive should be disappeared.
You can leave ntdsutil
26/42
27/42
28/42
29/42
30/42
31/42
Scope
Goals
Schema Master
Forest
Domain Naming
Master
Forest
RID Master
Domain
PDC Emulator
Domain
Infrastructure
Master
Domain
Seizing, or forcing transfer, as it is sometimes called, is a process carried out without the
cooperation of the original role holder. In other words, when the original role holder has
suffered a disaster, you can seize the role, forcing it to be moved to another DC within the
domain/forest.
32/42
The primary consideration is the permanence of the outage. Because of the chance of duplicate
schema changes being propagated throughout the environment, a seizure of the schema master
role should be carried out only if the failed role holder will never come back online.
Because of the infrequent requirement for a schema master role and the implications of a
seizure, you can usually live with the outage during the period of time it takes to restore the DC
holding the role. However, if you require the immediate use of the schema master role or if the
original role holder will never be brought back into the Windows 2008 environment, a seizure
can be carried out.
Recovering the Domain Naming Master
The primary consideration is the permanence of the outage. Because of the chance of duplicate
domain naming changes being propagated throughout the environment, a seizure of the domain
naming master role should be carried out only if the failed role holder will never come back
online.
Because of the infrequent requirement for a domain naming master role and the implications of
a seizure, you can usually live with the outage during the period of time it takes to restore the
DC holding the role. However, if you require the immediate use of the domain naming master
role or if the original role holder will never be brought back into the Windows 2008
environment, a seizure can be carried out.
Recovering the RID Master
Consider carefully before you decide to perform a seizure on an RID master. Because of the risk
of duplicate RIDs on the network, the sever that originally housed the RID master role should
never come back online.
Recovering the PDC Emulator
Because the role of the PDC emulator is not quite as critical as those previously mentioned, the
act of seizing the role does not have the ramifications of the others. If you choose to seize the
PDC emulator role, you do not need to completely rebuild the original role holder before it can
participate in the Windows 2008 environment again.
As a result, the decision to seize the PDC emulator role has fewer implications to your
environment and is generally considered a standard practice in the event of a PDC emulator
failure, particularly in a mixed mode environment.
The only real issue to consider is whether you are functioning in a mixed mode environment
with NT 4.0 BDCs. For the BDCs to be aware of the changes, a full synchronization of the BUILTIN
database with the new PDC emulator will occur.
Recovering a Global Catalog
This is not necessary when all domain controllers through the forest are Global Catalog. If not,
just enable the GC role on another remaining domain controller.
33/42
This is not necessary when all domain controllers through the forest are Global Catalog. If not,
simply seize the Infrastructure Master role to another remaining domain controller.
PDC
Infrastructure master
RID Master
Schema master
34/42
PDC
Infrastructure master
RID Master
Schema master
35/42
Once the SystemState recstore has been finished, select Y to reboot the system
Logon to the system using the DSRM account and password
Wait till the restore process has been finished.
At this point, SYSVOL has been restored authoritatively through NTDS. You now have the
possibility to authoritatively restore the Active Directory as well. Skip the next step if you
dont want the restore AD.
From the command prompt, start ntdsutil and execute all of the following commands:
Activate instance ntds
Authoritative Restore
Restore Object <distinguished name>
Q to exit
Q to close ntdsutil
To disable the Active Directory Restore Mode boot option, execute the following
command on the command prompt:
Bcdedit /deletevalue safeboot
Reboot the System
36/42
NTDSUTIL can be used to compact the Active Directory database to another location followed
by a copy and overwrites of the original database file with the new compacted database file:
On the domain controller, start a command prompt
on the command prompt, execute the following command
o net stop NTDS
Select Y to stop all dependency services
From the command prompt, start ntdsutil
Select Activate instance ntds
Select Files
Create a compacted copy of the current database onto another location by using the
command: compact to d:\
From another command prompt, copy the new compacted database file to it original
location (overwrite the original database file): copy D:\ntds.dit E:\NTDS_AD\ntds.dit
From the NTDSUTIL command, start a checksum and be sure that there are no
corruptions found. The AD database must be restored when any corruption occurs at
this point of the repair operation. This means that the corruptions are too complex to
solve with the compact command.
Applies to event:
Event Type:
Error
Event Source: NTDS ISAM
Event Category:
Database Page Cache
Event ID:
474
Date:
21/09/2009
Time:
13:06:02
User:
N/A
Computer:
<servername>
Description:
NTDS (420) NTDSA: The database page read from the file "e:\NTDS_AD\ntds.dit" at offset
1557479424 (0x000000005cd54000) for 8192 (0x00002000) bytes failed verification due to a page
checksum mismatch. The expected checksum was 2951061134 (0xafe59e8e) and the actual
checksum was 2951061135 (0xafe59e8f). The read operation will fail with error -1018 (0xfffffc06).
If this condition persists then please restore the database from a previous backup. This problem is
likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing
the problem.
37/42
38/42
RPO Defined 5
The Recovery Point Objective (RPO) is the point in time to which you must recover data as
4
39/42
40/42
Remove the A and PTR record for the server name from the DNS
Remove the A record for the domain for the server from the DNS
Remove all SRV records for the server from the DNS
41/42
42/42