DOCSLIB.ORG

Microsoft Active Directory Backup and Recovery in Windows Server 2008

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Microsoft Active Directory Backup and Recovery in Windows Server 2008 Microsoft Active Directory Backup and Recovery in Windows Server 2008 written by Shawn Barker Product Manager, Quest Software, Inc. © Copyright Quest® Software, Inc. 2008. All rights reserved. This guide contains proprietary information, which is protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser's personal use without the written permission of Quest Software, Inc. WARRANTY The information contained in this document is subject to change without notice. Quest Software makes no warranty of any kind with respect to this information. QUEST SOFTWARE SPECIFICALLY DISCLAIMS THE IMPLIED WARRANTY OF THE MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Quest Software shall not be liable for any direct, indirect, incidental, consequential, or other damage alleged in connection with the furnishing or use of this information. TRADEMARKS All trademarks and registered trademarks used in this guide are property of their respective owners. World Headquarters 5 Polaris Way Aliso Viejo, CA 92656 www.quest.com e-mail: [email protected] Please refer to our Web site for regional and international office information. Updated—April 2, 2008 WPW_RMAD_Win_040208_AG CONTENTS INTRODUCTION ..........................................................................................1 CHANGES TO ACTIVE DIRECTORY BACKUP AND RECOVERY IN WINDOWS SERVER 2008 ..............................................................................................2 BACKUP ..................................................................................................... 2 TROUBLESHOOTING........................................................................................ 3 RESTORE .................................................................................................... 3 ENTERPRISE EXAMPLE: BACKING UP AND RECOVERING ACTIVE DIRECTORY ITEMS USING WINDOWS SERVER 2008 NATIVE TOOLS .............................................................. 4 QUEST RECOVERY MANAGER FOR ACTIVE DIRECTORY................................6 BACKUP ..................................................................................................... 6 TROUBLESHOOTING........................................................................................ 7 RESTORE .................................................................................................... 8 COMPARISON: AD BACKUP AND RECOVERY IN THE ENTERPRISE................9 SUMMARY .................................................................................................11 MORE INFORMATION .................................................................................... 11 ABOUT THE AUTHOR .................................................................................12 ABOUT QUEST SOFTWARE, INC. ................................................................13 CONTACTING QUEST SOFTWARE....................................................................... 13 CONTACTING QUEST SUPPORT......................................................................... 13 NOTES.......................................................................................................14 i White Paper INTRODUCTION Microsoft released Windows Server 2008, its first major server platform since Windows Server 2003, in February, 2008. Anticipated by many enterprises, it includes new technical, security, management, and administrative features designed to increase server reliability and flexibility. Windows Server 2008 also includes a number of Active Directory improvements and extensions. The core Active Directory functionality in Windows Server 2003 is renamed Active Directory Domain Services (AD DS) in Windows Server 2008, distinguishing it from new components such as Active Directory Certificate Services (AD CS), Active Directory Federation Services (AD FS), Active Directory Lightweight Directory Services (AD LDS), and Active Directory Rights Management Services (AD RMS). Read-Only Domain Controller (RODC) is a new AD DS security feature that is garnering considerable attention. An RODC allows you to deploy a read-only copy of the domain database in environments where physical or administrative security is weaker, such as in branch offices. RODCs contain all AD DS objects and attributes, except for account passwords. Since changes cannot originate at an RODC, a malicious or inexperienced user cannot create unwelcome changes that will replicate throughout the entire AD forest. AD DS is still vulnerable to human error, equipment failure, or mis-configured software, any of which can corrupt AD and Group Policy data. Corruptions and deletions can negatively impact application response times, user productivity, or business metrics, which is why it’s critical to have a reliable recovery plan. Correcting and restoring AD objects and attributes using Windows Server 2003 native tools has typically been a time-consuming and error-prone process. A recent survey1 of over 150 enterprises revealed that 60 percent of them had at least one AD accident in the past year. Depending on the nature of the problem, these accidents can take hours or even days to rectify. Windows Server 2008 introduces some changes to the backup and recovery of AD. While Microsoft has introduced a new backup mechanism—and a tool for browsing backup data—AD objects are not significantly easier or quicker to recover than they have been in the past. Since the new backup method is neither similar nor backwards-compatible with the tools used in Windows Server 2003, AD administrators with mixed Windows environments will be forced to run separate backup mechanisms, complicating both training and business processes. This white paper provides an overview of the new AD backup and recovery features included in Windows Server 2008, and examines the tools that will be available to help enterprises prevent downtime and the resulting impact on users during an AD recovery. It introduces Quest Recovery Manager for Active Directory, and how it works with the new features to simplify the complexity of Windows Server 2008. 1 Microsoft Active Directory Backup and Recovery in Windows Server 2008 CHANGES TO ACTIVE DIRECTORY BACKUP AND RECOVERY IN WINDOWS SERVER 2008 The new functionality and changes affecting the Active Directory backup and recovery process in Windows Server 2008 can be broken down into three subsections: backup, troubleshooting, and restore. Backup Windows Server Backup is the utility in Windows Server 2008 that replaces the NTBackup utility available in previous server releases. According to Microsoft 2 literature, Windows Server Backup is a “basic backup and recovery solution” whose “simple design makes it especially well-suited for smaller organizations or 3 individuals who are not IT professionals. ” Reading between the lines, enterprise IT professionals may find it does not meet the specific needs of their AD environment. There are a number of new features introduced in Windows Server Backup. A Microsoft Management Console (MMC) Backup snap-in allows IT administrators or backup operators to manage both local and remote server backups through the same user interface on a single server. Windows Server Backup can now backup data from applications such as Microsoft SQL Server™ and Windows SharePoint® Services using Volume Shadow Copy Service (VSS). Both full and incremental backups are now supported. However, there are some limitations in Windows Server Backup that can affect enterprise backup processes in general and Active Directory backups in particular. Windows Server Backup is not backwards-compatible, so you cannot recover backups created via NTBackup. Windows Server Backup is also less granular than previous backup utilities. Considering the multiple domain controllers (DCs) established in many larger organizations, this can complicate the Active Directory backup and recovery process. For example, the Windows Server Backup graphical interface does not allow you to create backups of just the System State, so every volume hosting AD components must be backed up in its entirety. Depending on where the AD database, logs, SYSVOL, Windows directory, and boot files are located, this may involve backing up multiple server partitions. While it is possible to create System State backups using the WBADMIN.EXE command line utility, these backups include system protected files and still result in large backups regardless of the size of the AD database. While there are performance improvements to the Windows Server 2008 backup utility, its large backups consume additional storage. This will result in slower restore times, as IT administrators must manually sift through large backups. 2 White Paper Troubleshooting Windows Server 2008 includes a new feature called AD DS Snapshot Viewer, designed to make it easier to view backed-up data. With Snapshot Viewer, you can browse VSS-created snapshots of the AD database to determine whether they contain the desired data before attempting a restore. You can browse these read- only snapshots on a domain controller without starting the domain controller in Directory Services Restore Mode (DSRM). In contrast, Windows Server 2003 had no way of viewing multiple AD backups taken at different
Load more

Recommended publications
  • Backing up and Recovering Virtual Machines
    4959_Ch07_CMP3 4/20/05 5:30 PM Page 223 CHAPTER 7 ■ ■ ■ Backing Up and Recovering Virtual Machines For virtual machines running in a production environment, backup and recovery is just as serious as for all the other servers on the network. When running servers inside VMs, you’ll be faced with several new challenges, as well as advantages, when planning and implementing a backup strategy. In this chapter, you’ll explore the process of planning for and administering backup and recovery operations on VMs and VM hosts. Along the way, you’ll see the different approaches you can take to secure VM data, which include the following: •Traditional agent-based backups •Non-agent-based backups •Flat-file backups Also, many organizations have embraced the idea of maintaining a warm standby VM server that can be brought online if a primary server fails. This approach, for many organiza- tions, may mean that data is unavailable for a few minutes following the loss of a server. If you can’t afford to cluster all your systems, or if some of your applications don’t support clustering, then you may find this approach to be a perfect fit. Since the focus of this chapter is purely on VM backup and recovery, we’ll walk you through the process of maintaining a standby VM server in Chapter 14. Optimizing your backup strategy often means much more than simply installing software and letting it do its magic. Oftentimes, custom scripting is required to get the backup results you desire. Because of the importance of getting your virtual infrastructure to work around your needs (instead of the other way around), we’ll also show you several scripting ideas to both enhance and automate the backup, recovery, and availability of your VMs.
    [Show full text]
  • Don't Hyper-Ventilate Over Hyper-V Backup!
    Don’t Hyper-Ventilate over Hyper-V backup! A straightforward solution to Hyper-V backup Presented by Linus Chang, Lead Developer of BackupAssist The theme of today is... Hyper-V! Today’s agenda 1. The causes of discomfort and concern 2. Solving the difficulty problem 3. Solving the price problem 4. What else can BackupAssist do? The causes of discomfort and concern Quick recap of the causes of Hyper-V hyperventilation: 1 Difficulty = stress = nervous breakdown Traditional backup methods don’t hit the spot! Not straightforward to image guests: no USB pass through How to back up multiple machines? 2 Price gives your client a heart attack Install a license on each guest machine? Install an expensive “special version” or “agent” to allow unlimited guest backups? Solving the difficulty problem The difficulty problems The difficulty problems: Recovery scenarios with a normal server Recovery scenarios Installation – on host or guest or both? Recovery scenarios with a hyper-v server One-pass or two-pass backup? BackupAssist handles all recovery scenarios One pass – backup the physical host only VM #1 VM #2 VM #3 Backup device Physical Server Two pass – backup the physical host first, VM #1 then the virtual guests VM #2 VM #3 Backup device Physical Server Solving the difficulty problem The problems Recovery scenarios with a normal server: Recovery scenarios with a normal server Recover the entire server from bare metal Recovery scenarios Recover specific files and folders with a hyper-v server Recover a complete Exchange Server BackupAssist
    [Show full text]
  • Dell Feature and Functional Testing for Windows Server 2008
    Dell Feature and Functional Testing for Windows Server 2008 By Barun Chaudhary and Manjunath Narayanan April 2008 Windows Server® 2008 is Microsoft’s first major Server Operating System release in five years. Dell’s close partnership with Microsoft has allowed engagement with the testing and development of this operating system for more than 4 years. Some of the highlights of Dell’s testing efforts include compatibility tests on Dell™ PowerEdge™ server platforms, testing upgrade and migration scenarios, and testing compatibility of OpenManage™, the Dell systems management software. Whenever there were new features or technology included with the Milestone or Beta releases, Dell endeavored to ensure that as many of our platforms and OpenManage components were ready to support those features as possible. Based on the current status of testing, Dell is committed to supporting more than 40 currently shipping and legacy server platforms across 5 generations with Windows Server 2008. Supporting this number of servers has required significant development efforts to help ensure good customer experience. Dell has a set of internal tools to track various parameters like test results, defect tracking, total time spent, driver or firmware changes, etc. Dell estimates it has spent more than 1800 hours testing currently shipping and future Dell servers for compatibility with Windows Server 2008. An additional 1700+ hours were spent at Dell to help ensure OpenManage will be compatible with Windows Server 2008 on as many platforms as possible. To serve this purpose more than 30 different configurations were tested on different Dell platforms. In addition to these efforts, Dell has spent more than 750 hours testing various Windows Server 2008 features on the entire supported server line.
    [Show full text]
  • Windows Tool Reference
    AppendixChapter A1 Windows Tool Reference Windows Management Tools This appendix lists sets of Windows management, maintenance, configuration, and monitor- ing tools that you may not be familiar with. Some are not automatically installed by Windows Setup but instead are hidden away in obscure folders on your Windows Setup DVD or CD- ROM. Others must be downloaded or purchased from Microsoft. They can be a great help in using, updating, and managing Windows. We’ll discuss the following tool kits: ■ Standard Tools—Our pick of handy programs installed by Windows Setup that we think are unappreciated and not well-enough known. ■ Support Tools—A set of useful command-line and GUI programs that can be installed from your Windows Setup DVD or CD-ROM. ■ Value-Added Tools—Several more sets of utilities hidden away on the Windows Setup CD-ROM. ■ Windows Ultimate Extras and PowerToys for XP—Accessories that can be downloaded for free from microsoft.com. The PowerToys include TweakUI, a program that lets you make adjustments to more Windows settings than you knew existed. ■ Resource Kits—A set of books published by Microsoft for some versions of Windows that includes a CD-ROM containing hundreds of utility programs. What you may not have known is that in some cases you can download the Resource Kit program toolkits with- out purchasing the books. ■ Subsystem for UNIX-Based Applications (SUA)—A package of network services and command-line tools that provide a nearly complete UNIX environment. It can be installed only on Windows Vista Ultimate and Enterprise, and Windows Server 2003.
    [Show full text]
  • The Real MCTS MCITP Exam 70-648 Prep
    Chapter 5 MCTS/MCITP Exam 648 Maintaining an Active Directory Environment Exam objectives in this chapter: ■ Backup and Recovery ■ Offline Maintenance ■ Monitoring Active Directory Exam objectives review: ˛ Summary of Exam Objectives ˛ Exam Objectives Fast Track ˛ Exam Objectives Frequently Asked Questions ˛ Self Test ˛ Self Test Quick Answer Key 355 356 Chapter 5 • Maintaining an Active Directory Environment Introduction Being able to implement a Windows Server 2008 Active Directory environment is only half the battle. You must also be able to maintain the environment to provide minimum downtime and optimum performance of your enterprise. Various solutions and strategies come into play as part of maintenance. Some can be seen as larger “disaster recovery” components, whereas others may simply be “tweaking” the environment to improve user experience. In some situations, “maintenance” may fall somewhere in between—a user account is accidentally deleted, a file is accidentally deleted, or replication is under- performing or not performing at all! In this chapter, you will learn about the many maintenance and management tools offered as a part of Windows Server 2008, as well as some solutions to better improve your Windows Active Directory environment. These topics will be critical not only to your exam success, but also to your success as an IT professional. We will begin this section with a discussion of Windows Server Backup and how it has changed drastically from earlier versions of the Windows server product. Backup and Recovery Most people never think about backup and recovery until they need it. Microsoft has been shipping a simple backup solution with Windows since Windows NT 3.1 back in 1993.
    [Show full text]
  • OTRS: FAQ#100066 / How to -- Backup Exchange
    FAQ#100066 How To -- Backup Exchange Server Stores 09/27/2021 20:25:14 FAQ Article Print Category: Vault Votes: 0 State: public (all) Result: 0.00 % Language: en Last update: 12:05:29 - 11/03/2015 Keywords backup,Exchange,stores Symptom (public) Problem (public) Solution (public) Overview When using the Select service plan we support live backup of Exchange 2003, Exchange 2007, Exchange 2010 (or better) on Windows Server 2003 or 2008 (or better). For these configurations backup is done natively using the Volume Shadow Copy Service (VSS). We fully support older versions of Exchange on Windows Server 2003, but require a few seconds of downtime while a volume snapshot is taken. For older versions of Exchange Server on older versions of Windows you can either (a) backup a copy of Exchange database (recommended), or (b) use the ntbackup program that comes with Windows (or other backup software) to backup your Exchange Server Database to a file on a regular basis and use our software to backup these backup files remotely. Exchange Server 2003 or 2008 or 2010 (or better) on Windows Server 2003 or 2008: - Create a sub-account for each Exchange Server machine, as needed. - Login to each Exchange Server machine as a windows user that has rights to read the Exchange Server database files (*.edb, *.stm, *.log, *.chk). - Install and configure our software on each Exchange Server. - Use the Folders page to add the folder (directory) containing your Exchange Server database files (*.edb, *.stm, *.log, *.chk) to the backup. If your logs are stored in a separate directory (recommended) then you should also add the folder containing the transaction logs to the Folders page also.
    [Show full text]
  • Primary Backup Objective Is Fast Server Recovery
    Primary Backup Entire System Data – Files, Emails, Databases, Documents Including Windows Installation Not Important Important Critical Ultra Critical Primary Backup – Drive Imaging Primary Backup objective is fast server recovery www.BackupAssist.com Drive Imaging – Server 2008 Highlights: Fast recovery – boot from CD to start restore VSS Aware Automatic disk management Fast differential images Built into the Operating System Lowlights: Technology limitations, poor usability, management and reporting www.BackupAssist.com Drive Imaging – Server 2008 How it works – first backup www.BackupAssist.com Drive Imaging – Server 2008 How it works – second backup www.BackupAssist.com Drive Imaging – Server 2008 How it works – third backup www.BackupAssist.com Drive Imaging – Server 2008 From our testing, it handles Hardware Independent Restores (HIR) Physical to physical (P2P) Intel Xeon Dual Processor Dual Core Server AMD Phenom Single Processor Quad Core Desktop Acer Laptop AMD Sempron Desktop Physical to virtual to physical (P2V, V2P) using VMWare Server AMD Phenom Quad Core VM on AMD Sempron Single Core Intel Xeon Dual Proc Dual Core Intel Xeon Dual Proc Dual Core VM on AMD Sempron Single Core AMD Phenom Quad Core Despite our best efforts, we couldn’t actually break it! www.BackupAssist.com Drive Imaging – Server 2008 Technological limitations / gotchas of the Windows Backup Engine: Backups are not copyable You must restore to a disk of the same size or bigger You are not guaranteed any level of backup history No tape drive support www.BackupAssist.com Drive Imaging – Server 2008 Wizard Limitations Wizards are built-into Server 2008 and SBS 2008 Unfortunately there are many limitations in the wizards that limit their usefulness Enter BackupAssist Just like we added scheduling, management and reporting features for NTBackup, so too we do it for Windows Server Backup, so it’s as reliable as other imaging products that cost thousands of dollars.
    [Show full text]
  • Snapmanager for Microsoft Exchange Server Administration Guide
    SnapManager® 7.2 for Microsoft® Exchange Server Administration Guide January 2019 | 215-10626_C0 [email protected] Table of Contents | 3 Contents Product overview .......................................................................................... 8 Backing up and verifying your databases ................................................ 10 SnapManager backup overview ................................................................................ 10 SnapManager naming conventions ............................................................................ 10 Defining a backup strategy ........................................................................................ 11 Backing up your databases for the first time ............................................................. 14 Verifying the initial backup set .................................................................................. 15 Scheduling recurring backups ................................................................................... 16 Scheduling frequent recovery point backups ............................................................ 17 Backup planning for databases in DAGs ................................................................... 17 Backing up using the Backup wizard ........................................................................ 19 Creating backups using the Backup and Verify window ........................................... 20 Using the remote additional copy backup feature ....................................................
    [Show full text]
  • Online Or Offline Backup? Volume Shadow Copy
    environment and when you had installed Exchange 2003 on this system, NTBACKUP is enhanced to allow backups of your Exchange Server databases. NTBACKUP features • Local and remote backup of data • Exchange Backup ready • Scheduled Backups • Volume Shadow Copy support • Integration with Removable Storgae from Windows 2003 How do you enhance NTBACKUP with the capability to Backup Exchange 2003 without installing Exchange Server? You must install the Exchange System Manager on the Backup Server to backup Exchange Server. It is possible to backup the Exchange Server without Exchange System Manager with the following trick: Copy ESEBCLI2.DLL from the Exchange 2003 CD into the EXCHSRVR\BIN folder Add the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BackupRestore\DLLPaths – REG_EXPAND_SZ - esebcli2 - c:\exchsrvr\bin\esebcli2.dll. After modifying the registry you can use NTBACKUP to backup the remote Exchange Server by clicking – Tools – Remote Store. Online or Offline Backup? It is possible to Backup Exchange Online or Offline. The recommended method is to Backup the Exchange Server Online. An online backup can backup the Exchange Server databases without the interruption of Exchange services. An offline backup is a simple copy of the Exchange database files. The Exchange Information store must be stopped before NTBACKUP can be used to Backup your Information store. Volume Shadow Copy Beginning with Exchange 2003 it is possible to do Exchange 2003 Volume Shadows Copy backups with 3rd party Backup applications, but not with the built-in Windows Server 2003 NTBACKUP utility. The Volume Shadow Copy service coordinates its communication between Requestors (backup applications), Writers (applications like Exchange Server 2003), and Providers (software or hardware components that create the shadow copies).
    [Show full text]
  • Restoring Exchange Server 2003 with Ntbackup Version 1.00
    3:20:39 PM 20/05/2005 TM Restoring Exchange Server 2003 with NTBackup Need to Know Version 1.00 Exchange server holds all the email messages for network users. NTBackup software can backup the Exchange data for recovery. There are two ways that you can recover Exchange email data. You can firstly restore the complete Information Store. This will over write any existing email information. Alternatively, you can restore a recovery mail store and then merge or copy the email data into the active Exchange information store. The procedures below out line how to complete both of these options when using NTBackup software to restore your Exchange information. To Restore the complete Exchange Information Store 1. Ensure that Exchange services are running. You can do this from Services in the Administration Tools. 2. Open the Exchange System Manager via Start | All Programs | Microsoft Exchange | System Manager. 3. In Exchange System Manager navigate to Servers | <Servername> | First Storage Group. Underneath this folder you should see Mailbox store (SERVER) and Public Folder Store (SERVER) © Computer Information Agency 2005 http://www.ciaops.com 3:20:39 PM 20/05/2005 4. Dismount both stores. Right mouse click on Mailbox store (SERVER) and select “Dismount store”. Repeat the process with the Public Folder Store (SERVER). You can tell whether the mail store is dismounted by the fact it has a small red icon over the picture for the store name. © Computer Information Agency 2005 http://www.ciaops.com 3:20:39 PM 20/05/2005 5. Right mouse click on the Mailbox store (SERVER) again and select “Properties”.
    [Show full text]
  • Backup and Restore
    CIST2414 Microsoft Server Administrator Module 8 – Disaster Recovery and Availability This module discusses how to protect the server from disaster through backup and recovery, Group Policy strategies, network load balancing, and failover clustering. Section 8.1: Backup and Restore Summary This section discusses using Windows Server Backup to perform backup and recovery. Details include: • Types of backups that can be performed using Windows Server Backup: o Automatic Backup o Manual Backup o System State Backup • Methods to perform a recovery using Windows Server Backup: o Files and folders o Volumes o Applications o Backup catalog o Operating system or full server o System state o Backup created with Ntbackup • The role of Volume Shadow Copy Service (VSS) Students will learn how to: • Install Windows Server Backup. • Create a backup schedule. • Perform a Backup Once operation. Windows Server 2008 Server Administrator • 503. Plan for backup and recovery. Video/Demo Time 8.1.1 Windows Server Backup 3:26 8.1.2 Using Windows Server Backup 7:22 8.1.3 Using Volume Shadow Copies 3:38 8.1.6 Recovery 5:16 8.1.7 Performing a Bare Metal Restore 5:42 CIST2414 Microsoft Server Administrator Total 24:24 Lab/Activity • Back Up a Server Number of Exam Questions: 7 questions Total Time: About 40 minutes Section 8.2: Active Directory Recovery Summary This section provides the following details about recovering Active Directory data: • Methods to restore lost Active Directory data: o Nonauthoritative restore o Authoritative restore o Active Directory
    [Show full text]
  • Granular Recovery of Active Directory Objects
    Granular Recovery of Active Directory Objects Andrew Zhelezko Veeam Technical Marketing Engineer Granular Recovery of Active Directory Objects Contents Introduction .......................................................................... 3 Reanimating Active Directory tombstone objects ..................................................................... 4 Active Directory recycle bin............................................................. 5 Windows Server Backup ...............................................................7 Active Directory application restore from a system state . 10 Active Directory snapshots ............................................................ 14 Veeam Explorer for Microsoft Active Directory ........................................... 16 Virtual Domain Controller . 16 Physical Domain Controller . 18 Active Directory object restore . 19 Conclusion ........................................................................... 24 Appendix A: Resources used ........................................................... 24 About the Author ..................................................................... 25 About Veeam Software ...............................................................25 © 2016 Veeam Software 2 Granular Recovery of Active Directory Objects Introduction Microsoft Active Directory is a standard in corporate environments where policy-based management and easy scalability are required . It’s almost impossible to imagine how system administrators would be able to do their jobs effectively
    [Show full text]