ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Redbook and MS articles on restoring AD -- false

2003-09-22 14:21:43
Subject: Redbook and MS articles on restoring AD -- false
From: Adam Boyer <Adam.J.Boyer AT FRB DOT GOV>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Mon, 22 Sep 2003 14:05:49 -0400 
Disclaimer: I am not a Windows guy, and certainly not any kind of
authoritiy on these topics.  Nonetheless, in developing AD restore plans, I
found the following statements in "Deploying the TSM Client  in a Windows
2000 Environment", as well as its cited MS TechNet articles, etc. to be
untrue.  MS tech support confirmed the falsity of the statements in
question, albeit in an unofficial manner.  If anyone has reached
conclusions to the contrary, please post them.

1. Incrementing USNs

"For the authoritative restore to be successful, the Update Sequence Number
of the restored object must be higher than the USN on the other domain
controllers. By default, the authoritative restore process increases the
USN
by 100,000. In some situations this may not be enough, causing the
authoritative restore to be ineffective. To overcome such situations the
verinc
parameter must be used when using the authoritative restore command.
This allows the USN to be increased by a number higher than 100,000."

from Deploying Tivoli Storage Manager for Windows 2000 (p. 118)

This is misleading/false.  The USN is not the important number here, and it
is not directly related to "ntdsutil /verinc".  Like the parameter says,
"verinc" affects the "version number" of the AD object, not the USN.  Try
this and see for yourself.


2. Restoring the SYSVOL

 See: Deploying Tivoli Storage Manager for Windows 2000 (p. 124 - 127)

I think besides being confusing, this section seems to indicate that part
of the SYSVOL needs to be restored after any AD object is authoritatively
restored.    I have not found this to be the case, and the MS tech support
person agreed, saying that the SYSVOL only needs to be restored after a
Group Policy Object is restored.  After restoring a user/computer, the
SYSVOL shouldn't need to be restored.  This also raises the point that the
restoration of GPOs, which without using Group Policy Management Console is
a pretty painful process, is notably absent from TSM documentation.


If anyone out there is a Windows/AD expert and disagrees with these
findings, please speak up and allow me to stand corrected.


Adam Boyer
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Redbook and MS articles on restoring AD -- false, Adam Boyer <=
Previous by Date:  Re: backup stg pool not giving scratch tapes back., Steve Argersinger
Next by Date:  Re: ! using drm with a shared library., Koen Willems
Previous by Thread:  backup stg pool not giving scratch tapes back., John C Dury
Next by Thread:  TDP for SQL Server GUI startup problem - Solved, Ung Yi
Indexes:  [Date] [Thread] [Top] [All Lists]