In earlier versions of Windows, Active Directory backup involves backing up the created System state, it is a small collection includes Active Directory database file Registry.
In Windows Server 2012, system state concept still exists, but it's bigger. Because of Teamwork server role, the physical configuration and Active Directory are system state now a subset of a full server backup, and some configuration, can be just as big. Backup Domain controller, you must be fully backed up all the critical volumes.
Restoring AD DS Data
When a domain controller or its directory is damaged, damage or failure, you have some with the option to restore the system.
Non-authoritative Restore
Such option is called normal or non-authoritative restore recovery. In a normal recovery In operation, you restore a backup Active Directory as a known good date. In fact, you roll domain controller back in time. When the AD DS domain controller is restarted, the domain controller Communicate with its replication partners, and requests all subsequent updates. In fact, the domain controller Catch by using the standard replication mechanism with the rest of the domain.
When a directory on a domain controller is destroyed normal recovery is useful or damaged, but the problem does not spread to other domain controllers. The circumstances in which the damage was done, and the damage is copied? For example, if you delete one or more and delete objects replicated?
In this case, a normal recovery is not enough. If you restore a known good version Active Directory and restart the domain controller, delete (ie to take place later Backup) is simply copied back to the domain controller.
Authoritative Restore
When a known good copy of AD DS is restored
contains something must be covered AD DS database to an existing object,
authoritative restore is necessary. At the authoritative restore, Active
Directory can restore a known good version, as you would in a normal recovery.
However, Restart the domain controller before the object that you have
previously marked accidentally deleted or damaged You want to keep as
authoritative, they can be copied from the recovery domain controller
Replication partners. Behind the scenes, when you mark objects as authoritative
back, Windows increment The version number of the characteristics of everything
is so high, is almost guaranteed to be higher version Than all the other domain
controllers version numbers.
When you restart the recovery domain
controller, copy it from all replication partners Directory changes made. It
also informs its partners, it has changed, and Change the version number of
partners to ensure that the changes take and copy them over Directory service.
Enable Active Directory Recycle Bin in the forest, you can use the Active
Directory Recycle Bin as a simpler alternative authoritative restore.
Other Restore Options
A
third option to restore the directory service is to restore the entire domain
controller. It By starting a full backup of the Windows Recovery Environment,
and then restore the server to complete Domain Controller. By default, this is
a normal recovery. If you need something as powerful, You need to restart the
server in Directory Services Restore Mode and set the object as authoritative Before
starting the domain controller in normal working conditions.
Finally,
you can restore to an alternate location on systemstate backups. This allows
you to Check the file and potential, mount the file NTDS.DIT. You should not
copy the files from a backup Product versions of files to restore location. Do
not take the initiative to make gradual return Directory. If you want to use
from the media install option, you can also use this option to create The new
domain controller.
No comments:
Post a Comment