Technet Bookmarks » Active Directory Backup and Restoration – Windows Server 2008

Technet Bookmarks

« VMware DRS – Introduction Windows Server 2008 Interview Questions »

Active Directory Backup and Restoration – Windows Server 2008
Windows Server 2008 Backup tools

How do you backup AD?

Active Directory is backed up as part of system state, a collection of system components that depend on each other. You must back up and restore system state components together. Components that comprise the system state on a domain controller include:
www.technetbookmarks.com/62-active-directory-backup-and-restoration-windows-server-2008.shtml 1/4

When a domain controller is started. Active Directory includes: Ntds. replication occurs and the changes in Active Directory are replicated to the previously failed computer.log and Res2. Now let’s suppose that the failure you suffered was due to human error. Each domain controller keeps its own USN. The domain controller is brought up to date with the rest of the network. and a non-authoritative restore synchronizes changes to the domain controller being booted. that indicates an update is available. This is a non-authoritative restore. replication is not started. These are the files required for Windows 2000 Server to start. Windows 98. User logon scripts for Windows 2000 Professional based clients and clients that are running Windows 95. System registry. Performing a normal restore would not bring back the deleted objects. The term “authoritative” is used to describe a restore in which the domain controller being restored has the master. zone data is backed up as part of the system disk. or Windows NT 4. NOTE Domain controllers use Universal Sequence Numbers (USNs) to keep track of Active Directory data and to determine if an update is available.dit: The Active Directory database.0. replication occurs during the boot phase. Note: If you use Active Directory-integrated DNS. Edb*.1/19/13 Technet Bookmarks » Active Directory Backup and Restoration – Windows Server 2008 System Start-up Files (boot files). and all the changes and deletions made by the administrator will be replicated back to the domain controller. other domain controllers have continued to function normally. The system volume provides a default Active Directory location for files that must be shared for common access throughout a domain. If the USN of the other domain controller is the same or lower. you must perform an authoritative restore and specify the objects that you want to replicate to the rest of the network. The Component Object Model (COM) is a binary standard for writing component software in a distributed systems environment. let’s suppose that a domain controller fails due to hardware failure. File system junctions. File Replication service (FRS) staging directories and files that are required to be available and synchronized between domain controllers. or authoritative. If you do not use Active Directory-integrated DNS. However.shtml 2/4 . replication will occur. Using USNs is a more accurate method than using time stamps. SYSVOL. A non-authoritative restore is a domain controller being restored that does not have an authoritative copy of Active Directory. To explain further. To recover your lost users and OUs. Difference between Authoritative Vs non-authoritative restore. How to run a non-authoritative restore: www. Edb. then the zone data is backed up as part of the Active Directory database. An authoritative restore pushes Active Directory out to other domain controllers. It takes several days to obtain a replacement part for the machine and to repair the domain controller.technetbookmarks. These usually host user logon scripts and Group Policy objects (GPOs) for non-Windows 2000based network clients. and various changes in the network and Active Directory have taken place. if you back up the system disk along with the system state. Res1. During this time.com/62-active-directory-backup-and-restoration-windows-server-2008. and Active Directory is synchronized. Windows 2000 GPOs.log: The transaction logs. Whether the restore is authoritative or non-authoritative then specifies the direction of replication. copy of Active Directory. and replication is started. you must explicitly back up the zone files. each 10 megabytes (MB) in size. Active Directory. they are also backed up as part of system state. If you follow the normal procedure of restoring Active Directory from yesterday’s backup and rebooting the server.chk: The checkpoint file. When the failed domain controller is started for the first time after completing the recovery process. and checks its USN with the USN of other domain controllers on a regular basis. Class registration database of Component Services.If you installed Windows Clustering or Certificate Services on your domain controller. and an administrator deletes significant portions of Active Directory. If the USN of the other domain controller is higher. The SYSVOL folder on a domain controller contains: NETLOGON shared folders.log: Reserved transaction logs.

we need to specify UNC in backuptarget switch. www. P erform the below steps to recover the OU. type ntdsutil activate instance NTDS 7. Type wbadmin get versions from a command prompt 4. Use the most recent backup file set that was created before the deletion. After the restore. go ahead with Authoritative restore. The reason is if you do a normal restore.technetbookmarks. Type authoritative restore to get into the right NTDSUTIL context 8. You must have a system state backup before performing below steps. Login with ./administrator and the domain recovery mode password you set up while running Dcpromo 3. Type restore object “distinguishedName” for a single account or restore subtree “distinguishedName” if you are restoring an entire OU. This will find out all backups available and Figure out which version you want to restore 5.1/19/13 Technet Bookmarks » Active Directory Backup and Restoration – Windows Server 2008 just go to Windows server backup and click recover. the entire AD database will be replicated with other domain partners. 6.shtml 3/4 .com/62-active-directory-backup-and-restoration-windows-server-2008. since backup is stored locally on disk. the USN of an object will increase by 10.000 and other domain controllers will treat this server as updated server and this information will be replicated to all domain controllers. How to run authoritative restore: Let’ s assume. This restore is useful in a scenario let’s say a disk failed and once we restore the entire backup after new disk replacement. 1. Type wbadmin start systemrecovery -version:ID – backuptarget:backuplocation In the above command. we haven’t specified the network location but if the backup is on a SAN or on another server. If there was an accidently user or OU deleted. an OU was deleted from AD database. Restart the DC into directory services recovery mode (Hit F8) 2.

shtml 4/4 . “The error code is 29506” Installing Windows Server 2008 R2 Step by Step Silverlight ListBox.technetbookmarks. 2012 at 3:22 pm This is great content.com/62-active-directory-backup-and-restoration-windows-server-2008. informative content that any reader can understand.1/19/13 Technet Bookmarks » Active Directory Backup and Restoration – Windows Server 2008 9. You’ve loaded this with useful. SelectedItem and MVVM Light How to Configure iLO on your HP Proliant Server Kolam Masks I High Quality Free TV Dialog Against The SpiderMan – Part II Sony Ericsson W910i review PROCESSOR / CPU (Central Processing Unit) Managing Active Directory FSMO Roles Ports. PRISM. Reboot normally One Response to “ Active Directory Backup and Restoration – Windows Server 2008 ” metal stamping jewelry says: October 9. MVVM. Cables & Connectors Kolam Masks II Army Bus Attacked Apple event: Coverage of the iPad 3 annoucement site links Make sure you visit Market Reach for all your direct mail marketing For more information on Multimode Fibre Optic Cable from Mainframe Communications Technet Bookmarks www. I enjoy reading articles that are so very well-written.

Sign up to vote on this title
UsefulNot useful