ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Backup a W2K Domain Controller?

2002-07-12 13:56:47
Subject: Re: Backup a W2K Domain Controller?
From: Jim Smith <smithjp AT US.IBM DOT COM>
Date: Fri, 12 Jul 2002 10:54:48 -0700 
Tony,

Some clarification: the restore of the Active Directory has two distinct
pieces.  The backup product puts the files (db, logs, etc.) back into the
proper location and then the system, upon reboot, replays the logs and
synchronizes the AD with the organization.  This synchronization is by
default "non-authoritative", i.e., what is restored gets synchronized by
"catching-up" to the rest of the organization.

Some of the cases that you list imply an "authoritative restore", i.e.,
the rest of the organization needs to synch-up to what has been restored.
Microsoft does not give backup vendors the ability to mark the AD restore
as authoritative.  To do this, you will need to use the tool
"ntdsutil.exe" which is shipped with Windows 2000 servers.  This allows
you to mark an object, container, section or entire AD as authoritative.

Generally, the procedure is:

1. restore the system following the procedures in the Redbook (see my
previous post)
2. reboot into Directory Services Restore Mode
3. use ntdsutil.exe to mark the restore as authoritative
4. reboot again.

Since ntdsutil.exe is Microsoft's tool, you might need to have MS support
stand by TSM support until any issues are resolved.

Thanks,
Jim Smith
TSM b-a client development

Given the Examples of backup reasons below:  Has any one every had a AD
corruption that that used TSM to recover from after the GC's have already
replicated that corrupted data out?

If so, did TSM support stand by them all the way until the issue was
resolved??

We are sort of leery about using TSM so the simple reason that they always
say  "We do not support BMR" and on a DC with AD this is critical.....

Any help would be great

****************************************************
"1.) Botched Schema update
2.) Accidental deletion of OU (or any other object)
3.) Database corruption **** (AD Corruption)
4.) System State.
5.) Accidentally deletion of a DNS zone
6.) Some DC's are also File/Print servers, DHCP, etc.

*** Some of these scenarios would require an authoritative restore
or a complete
rebuild of the Active Directory, as some changes are replicated
immediately."
****************************************************
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Please Explain!!" TSM and Windows 2000 Active Directory., Jim Smith
Next by Date:  Backup of dfs in a W2K Cluster, Rupp Thomas (Illwerke)
Previous by Thread:  Re: Backup a W2K Domain Controller?, Consiglio, Tony
Next by Thread:  Re: Backup a W2K Domain Controller?, Rushforth, Tim
Indexes:  [Date] [Thread] [Top] [All Lists]