The Active Directory service generally operates as a database that contains all the required information about an entire network. Consequently, it gets very important to have a proper backup of this Active Directory database as it helps in avoiding any kind of disastrous condition. Active Directory is generally backed up as a part of a system state or a collection of system components depending upon each other. Therefore, it is very compulsory that administrators backup and further try to restore every single system component like system registry, class registration database, boot files, AD database, transaction logs and the reserved transaction logs together.
In order to effectively restore data from a backup, it is really very important that the Active Directory backup should be performed smartly. Besides this, it also needs to be recreated after regular time periods. It is necessary to choose the domain controllers which must be backed up as well as the backup content. However, it is important to note that any backup that is older than the tombstone lifetime (TSL) value (default 60 days) set in the AD can never be considered as a fine backup.
Restoring the Active Directory
In situation where database gets corrupted in Active Directory or any hardware or software failure take place, it is very important that administrators restore the data from the available Active Directory backup as soon as possible. Furthermore, restoration is compulsory when any AD object gets deleted or modified. However, there are many different ways using which Active Directory database can be restored. Out of those different ways Active Directory's own replication process is one. Upon replication, almost entire and the latest changes or modifications get synchronized in every domain controller. The Backup utility can be utilized for restoring the replicated content from the backup copy without any requirement of reconfiguring the domain controller.
Selection of the appropriate restoration method
There are three different types of restoration procedure using which administrators can restore the backup data of a corrupt Active Directory. Following are the details of Active Directory backup methods:
Primary restore: This method is very effective in situation when all the domain controllers of a domain get lost and there is an urgent requirement for recreating the domain from the scratch. The Primary recovery method works by rebuilding the first domain controller in the domain. The primary restore can be conducted on local computer by the group members, provided that the members are delegated for this responsibility.
Non-authoritative (Normal) restore: Normal restore method restores the data present in AD to the state before the backup was created. The data is then upgraded through the replication process. This method can be performed on a domain controller only by the domain admin.
Authoritative restore: In an authoritative restore method, some explicit data is marked as current, which is further prevented from getting overwritten all through the replication procedure. Later in tandem with the normal restore method, the current authoritative data is replicated through the domain. During an authoritative restore method, every single change made to restore an object, which occured after the backup gets lost. Ntdsutil, a command line utility can be used to carry out an authoritative restore along with system utilities of Windows Server 2003.
No comments:
Post a Comment