Goals - PowerPoint PPT Presentation

slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Goals PowerPoint Presentation
play fullscreen
1 / 75
Goals
124 Views
Download Presentation
reya
Download Presentation

Goals

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Goals • Use the Backup Wizard to troubleshoot Active Directory • Schedule Active Directory backups • Examine Active Directory restores • Execute a nonauthoritative restore • Execute an authoritative restore

  2. (Skill 1) Using the Backup Wizard to Back Up Active Directory • Active Directory is a transaction log-based database service that depends on files such as ntds.dit and a number of log files in order to function • To prepare for disaster recovery, you must use the Backup Wizard to back up Active Directory • The wizard creates an archive with a .bkf extension, which contains the files that were selected for backup • To back up Active Directory, you must be a member of either the Backup Operators or Administrators group

  3. (Skill 1) Figure 8-1 The Backup Utility Advanced Mode window

  4. (Skill 1) Using the Backup Wizard to Back Up Active Directory (2) • An Active Directory backup includes the Active Directory database file, ntds.dit, and the shared system volume (SYSVOL) folder • SYSVOL is a shared folder created when Active Directory is installed • It contains all publicly available files for domains, such as scripts and Group Policy Objects, which users and other domain controllers need for domain access

  5. (Skill 1) Using the Backup Wizard to Back Up Active Directory (3) • To back up Active Directory, you back up the System State data on a domain controller • In addition to the Active Directory database file and the SYSVOL folder, System State data has other components • Registry:Database that stores the configuration of a computer, including user profiles and folder settings • COM+ Class Registration database: Database that stores entries for dynamic link library (.dll) and executable (.exe) files on a computer

  6. (Skill 1) Using the Backup Wizard to Back Up Active Directory (4) • In addition to the Active Directory database file and the SYSVOL folder, System State data has other components • System boot files: Files used to load and configure the Windows Server 2003 operating system • Windows File Protection system files: All files under Windows File Protection

  7. (Skill 1) Using the Backup Wizard to Back Up Active Directory (5) • Tasks to perform before you start any backup operation • Choose the scope for the backup, based on your requirements • Back up the entire contents of a computer • Select only particular files, drives, or network data • Back up only the System State data

  8. (Skill 1) Using the Backup Wizard to Back Up Active Directory (6) • Tasks to perform before you start any backup operation • Choose the type of backup media • You can use Zip or Jaz drives, tape, or the hard drive on a remote file server • A backup to a file on the file server can be backed up to a Zip, Jaz, or tape drive • Magnetic tape is the most widely used backup medium • Inexpensive • Stores large amounts of data

  9. (Skill 1) Using the Backup Wizard to Back Up Active Directory (7) • Tasks to perform before you start any backup operation • Choose the type of backup • There are five backup types from which you can choose • To choose one of these types, you must first understand the archive attribute or archive bit and how each backup type handles it

  10. (Skill 1) Using the Backup Wizard to Back Up Active Directory (8) • Tasks to perform before you start any backup operation • Choose the type of backup • Archive attribute • A property for files and folders that is used to identify them when they have changed • When a file has changed, the archive attribute, which is actually an attribute of the file header, is automatically selected

  11. (Skill 1) Using the Backup Wizard to Back Up Active Directory (9) • Tasks to perform before you start any backup operation • Choose the type of backup • Archive attribute • Some backup types • Remove the archive attribute to mark files as having been backed up, while others do not • Some backup types use the archive attribute to determine which files to back up • Others back up all files regardless of the status of the archive attribute

  12. (Skill 1) Using the Backup Wizard to Back Up Active Directory (10) • Tasks to perform before you start any backup operation • Choose the type of backup • Archive attribute • Organizations use a blend of the different backup types • This optimizes the time spent on both the backup and the restore processes

  13. (Skill 1) Using the Backup Wizard to Back Up Active Directory (11) • Tasks to perform before you start any backup operation • Notify users about the backup operation • Through e-mail or administrative messages • During the backup operation, users who are connected over the Internet will have their sessions terminated and may lose any unsaved data

  14. (Skill 1) Using the Backup Wizard to Back Up Active Directory (12) • Tasks to perform before you start any backup operation • Make sure that the media device you have selected for storing the backup is listed in the Windows Server Catalog • The catalog contains a list of devices tested by Windows Hardware Testing Labs • These devices are supported by Windows Server 2003

  15. (Skill 1) Using the Backup Wizard to Back Up Active Directory (13) • Tasks to perform before you start any backup operation • Make sure the backup media device is attached to the computer and the device is switched on • Make sure the backup media is loaded in the media device

  16. (Skill 1) Figure 8-2 The Backup or Restore Wizard

  17. (Skill 1) Figure 8-3 The Backup or Restore screen

  18. (Skill 1) Figure 8-4 The What to Back Up screen

  19. (Skill 1) Using the Backup Wizard to Back Up Active Directory (14) • The default settings in the Backup Wizard work well in most cases • Additional advanced settings • Specify a backup type other than Normal • Verify data after the backup operation to ensure its success

  20. (Skill 1) Using the Backup Wizard to Back Up Active Directory (15) • Additional advanced settings • Append the backup data to an existing archive or create a new archive • Set a job name to identify the backup job • Schedule the backup process to occur at specified intervals

  21. (Skill 1) Figure 8-5 The Items to Back Up screen

  22. (Skill 1) Figure 8-6 The Backup Type, Destination, and Name screen

  23. (Skill 1) Figure 8-7 The Completing the Backup or Restore Wizard screen

  24. (Skill 2) Scheduling Active Directory Backups • To be prepared to recover from a hardware failure, system or disk failure, or a virus attack, it is best back up Active Directory daily, preferably after office hours • A typical schedule • Perform a Normal backup once a week • Perform an Incremental backup on each other day of the week • This method ensures the backup file occupies less disk space and that you have the most recent data in the event of a disaster

  25. (Skill 2) Scheduling Active Directory Backups (2) • Most production networks have ample backup capacity to perform a full Normal backup daily • Backing up servers can become time-consuming • To ease the burden, use the Backup utility to schedule backups to run at specified dates and times • Ntbackup then uses the Task Scheduler to schedule the backup

  26. (Skill 2) Scheduling Active Directory Backups (3) • Task Scheduler • Runs the Backup Wizard to carry out the backup operation at the scheduled date and time • This is also known as an unattended backup • Two ways to schedule an unattended backup • Use the Advanced settings on the Completing the Backup Wizard screen • Use the Schedule Jobs tab in the Backup Utility to schedule unattended backups

  27. (Skill 2) Figure 8-8 Running Ntbackup from the Run dialog box

  28. (Skill 2) Figure 8-9 Scheduling a System State Backup

  29. (Skill 2) Figure 8-10 The How to Back Up screen

  30. (Skill 2) Figure 8-11 The Backup Options screen

  31. (Skill 2) Scheduling Active Directory Backups (4) • Task Scheduler • On the Schedule Jobs tab in the Backup window • Click the icon for a scheduled job to open the Scheduled Job Options dialog box • You can change the job name on the Schedule data tab • You can view the job details on the Backup details tab

  32. (Skill 2) Scheduling Active Directory Backups (5) • Task Scheduler • On the Schedule Jobs tab in the Backup window • View details about the backup in the Job summary section • Displays the backup type • Displays the properties set for the backup job • Whether Verify data has been set • Whether hardware compression is to be used • Whether access is restricted to the owner or administrator • The media name used for the job and the set description

  33. (Skill 2) Scheduling Active Directory Backups (6) • Using Ntbackup • You cannot back up individual components of the System State data because of the dependencies between components • Third-party utilities such as Veritas Backup Exec can back up individual components • You can use Ntbackup to restore System State data to an alternate location

  34. (Skill 2) Schedule Active Directory Backups (7) • When you restore the System State to an alternate location, certain components are restored • SYSVOL directory • Cluster database data • System boot files • When you restore the System State to an alternate location, certain components are not restored • Active Directory database • Certificate Services database • COM+ Class Registration database

  35. (Skill 2) Figure 8-12 The Schedule Job dialog box

  36. (Skill 2) Figure 8-13 The Advanced Schedule Options dialog box

  37. (Skill 2) Figure 8-14 The Set Account Information dialog box

  38. (Skill 2) Figure 8-15 Scheduled jobs on the calendar on the Schedule Jobs tab

  39. (Skill 3) Examining Active Directory Restores • Active Directory stores information about all of the objects in a domain • If the files that make up Active Directory become corrupt, users and applications cannot access Active Directory objects • In disaster recovery situations, you must restore the latest System State backup data to restore Active Directory objects

  40. (Skill 3) Examining Active Directory Restores (2) • Methods of restoring System State data • Nonauthoritative restore (Normal) • Authoritative restore • Primary restore

  41. (Skill 3) Examining Active Directory Restores (3) • Nonauthoritative restore (Normal) • When to use this method • You need to recover a domain controller from hardware failure or replacement • You are sure the data on the other domain controllers in the forest is correct • All you must do is restore the most recent System State backup of the domain controller • Restored data, including Active Directory objects, will have the USN they had when the System State backup was created

  42. (Skill 3) Examining Active Directory Restores (4) • Nonauthoritative restore (Normal) • Update sequence numbers (USNs) • Used to detect and propagate Active Directory changes among the servers on the network • Make multi-master replication possible • Used to track changes made to the database just like a version number in DNS • When you create an object, Active Directory assigns a unique USN to the object • When you make changes to the object, Active Directory increments the USN for the object by one

  43. (Skill 3) Examining Active Directory Restores (5) • Nonauthoritative restore (Normal) • Update sequence numbers (USNs) • The copy of the object that has the highest USN is considered to be the most up-to-date, and is replicated to the other domain controllers • Because the USNs in the System State backup will be lower than more recent versions of Active Directory objects, the Active Directory replication system views data that is restored non-authoritatively as old data • If more recent data is available on other servers, the Active Directory replication system uses it to update the restored data

  44. (Skill 3) Examining Active Directory Restores (6) • Nonauthoritative restore (Normal) • After the nonauthoritative restore • Active Directory replication begins • Changes that occurred on the other domain controllers are automatically propagated to the domain controller that has come back online • You must use an authoritative restore to replicate restored data to other servers

  45. (Skill 3) Examining Active Directory Restores (7) • Nonauthoritative restore (Normal) • Unless you only have one domain controller, or are at an isolated remote location, a nonauthoritative restore is not very useful • This is because in order to perform a nonauthoritative restore on a failed domain controller, you must first reinstall Windows Server 2003 and promote the server to a domain controller • As part of this process, the Active Directory database is copied from the other servers onto your failed server, fully restoring Active Directory

  46. (Skill 3) Examining Active Directory Restores (8) • Authoritative restore • Used when an Active Directory object, or group of objects, has been accidentally deleted • When an object is deleted in Active Directory, it is not truly deleted; it is tombstoned • Tombstoning essentially marks the object “dead,” which makes it unusable, and updates the USN for the object • This is done so that the “deletion” is properly replicated to all domain controllers

  47. (Skill 3) Examining Active Directory Restores (9) • Authoritative restore • Once every night, a process known as Garbage Collection runs on all domain controllers • Any object that has been tombstoned for more than 60 days (by default) is actually deleted during this process • Because of the tombstoning process, to effectively restore a deleted object • You must increment the USN of that object subsequent to the actual restore process • This makes the restored copy the more up-to-date version

  48. (Skill 3) Examining Active Directory Restores (10) • Authoritative restore • During an authoritative restore, the USN of the deleted object is increased by 100,000 for each day since the backup was performed so that it is higher than the USNs of the existing objects • You perform an authoritative restore by executing the Ntdsutilcommand on a domain controller

  49. (Skill 3) Examining Active Directory Restores (11) • Authoritative restore • Using Ntdsutil • Ntdsutil is a command-line utility, which is stored in %Systemroot%\System32 • It supplies a number of other directory management features not found in any of the graphical tools • You mark Active Directory objects for authoritative restore • This modifies the USN making it higher than any other update sequence number in the Active Directory replication system • Objects restored using this command are considered to be the most current copy of those objects, and are properly replicated to the other servers on the network

  50. (Skill 3) Figure 8-16 Authoritative Restore