1 / 32

Active Directory Disaster Recovery Paul Simmons Support Engineer Directory Services Microsoft Corporation

2. Definition. Resolving problems on Microsoft

Leo
Download Presentation

Active Directory Disaster Recovery Paul Simmons Support Engineer Directory Services Microsoft Corporation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Active Directory Disaster Recovery Paul Simmons Support Engineer Directory Services Microsoft Corporation

    2. 2

    3. 3 Preventive Maintenance Use good hardware and test it regularly Test deployments in a lab before deployment Practice recovery scenarios in a lab Remove single points of failure Never have only one domain controller in a domain Back up before and after every major state change

    4. 4 Recovery Options Rebuild Winnt32, Dcpromo, and Re-replicate Known recovery time and results Restore Windows Backup (Ntbackup.exe) to restore to a known good state Re-replicate Repair Esentutl repair of database is a last resort Use integrity check to see if database is damaged

    5. 5 Recovery Tools Ntbackup – System State Ntdsutil – Metadata Cleanup Esentutl – Database Validation and Repair Winnt32 – Rebuild Dcpromo – Re-promote Component level recovery FAZAM Dfsutil.exe

    6. 6 Ntbackup Features: Backs up Active DirectoryŽ in online mode Scheduled backups What to back up System state: Active Directory, boot files, registry, and more Resources: Q240363: “How to Back Up and Restore the System State” Q233427: “Files and Folders Not Backed Up Using the Ntbackup.exe Tool”

    7. 7 Backup Limitations Backup life = tombstonelifetime value Default = 60 days old Password change interval = 30 days Password history = 2 (current and previous) Backup useful life = 60 days or two default password changes Old backups can reintroduce tombstoned objects Schema rollback is not supported

    8. 8 Ntdsutil Metadata cleanup Remove orphaned domain controllers or domains Integrity check and repair Wrapper around Esentutl Tells you if database is damaged Authoritative restore Mark selected objects on domain controller as authoritative

    9. 9 Nonauthoritative Restore What is it? Restore to known good point using Ntbackup Reboot into Active Directory mode to sync changes When to use Recover from hardware failure Return to known good state on single domain controller Options Rebuild server from scratch. Re-run Dcpromo. Restore machine to a known good point and sync deltas.

    10. 10 Authoritative Restore What is it? Restore to known good point using Ntbackup Make objects on reference domain controller as “master copy” for Active Directory When to use Accidental deletion or modification of objects or containers in the Active Directory Corruption of objects/attributes in the directory Options Find a good domain controller that has the objects and make it authoritative Restore from a backup that contains the objects and make it authoritative

    11. 11 Authoritative Restore Boot into offline restore mode Press F8 during boot phase Log on with offline administrator account Mark objects in Ntdsutil as authoritative Find machine with objects or restore them Restore subtree or entire database (rare) Best practice Use most specific distinguished name path needed for recovery Restore Active Directory over Terminal Services–Q256588

    12. 12 Winnt32 and Dcpromo What is it? Reinstall of OS Run Dcpromo When to use Known recovery time and end result No applications or services to protect Options Maintain standby server that can be shipped to remote site

    13. 13 Scenarios Hardware failure Deleted objects in Active Directory Flexible Single Master Operation (FSMO) recovery Demo of authoritative restore

    14. 14 Hardware Failure Scenario: Domain controller experiences catastrophic hardware failure Goal: Replace bad hardware or entire server and resume operations Given: Valid backup Identical hardware

    15. 15 Hardware Failure (2) Process Replace server or hardware Restore from tape backup Re-replicate Alternatives Winnt32 and Dcpromo

    16. 16 Hardware Failure (3) Restore to dissimilar hardware Q263532: “Disaster Recovery of Active Directory on Dissimilar Hardware” Requirements Same number of drives and drive letters Complete backup of system state and system drive Same NICS, video cards, HAL, kernel, and number of processors Remove teaming network cards on target Same disk drive controller and configuration

    17. 17 Deleted Objects in Active Directory Scenario Critical objects have been deleted from Active Directory Goal To recover the objects without re-creating them Given A valid backup

    18. 18 Deleted Objects in Active Directory (2) Resolution; restore from tape and authoritative restore in Ntdsutil: Restore recent backup containing deleted objects Mark deleted objects as authoritative using Ntdsutil Authoritative restore in Ntdsutil Alternative: Find replica domain controller that hasn’t received the deletions Mark deleted distinguished name as authoritative (no restore required)

    19. 19 Deleted Objects in Active Directory (3) Protection Set replication schedule once every four days on “backup domain controller” Mark objects as authoritative when deletion detected

    20. 20 FSMO Recovery Flexible Single Master Operations (FSMO) Q223787: “Flexible Single Master Operation Transfer and Seizure Process” Transfer roles Preferred Graceful Seizure of roles Last resort That server cannot come back online…EVER.

    21. 21 Ntdsutil FSMO Transfer UI

    22. 22 Demo: User Objects Created

    23. 23 Demo: Repadmin /Showmeta

    24. 24 Demo: System State Backup

    25. 25 Demo: Deleted Objects

    26. 26 Demo: Restore System State

    27. 27 Demo: Advanced Options

    28. 28 Demo: Authoritative Restore

    29. 29 Demo: Authoritative Restore (2)

    30. 30 Demo: Repadmin /Showmeta with Incremented Version Numbers

    31. 31 Additional References: Server recovery: http://www.microsoft.com/windows2000/techinfo/administration/fileandprint/recovery.asp Q241594: “HOW TO: Perform an Authoritative Restore to a Domain Controller in Windows 2000” Microsoft Windows 2000 Server Distributed Systems Guide, Chapters 9 and 10

    32. 32 Thank you for joining us for today’s Microsoft Support WebCast. For information about all upcoming Support WebCasts and access to the archived content (streaming media files, PowerPoint slides, and transcripts), please visit: http://support.microsoft.com/webcasts/ We sincerely appreciate your feedback. Please send any comments or suggestions regarding the Support WebCasts to feedback@microsoft.com and include “Support WebCasts” in the subject line.

More Related