Presentation is loading. Please wait.

Presentation is loading. Please wait.

Active Directory Disaster Recovery Paul Simmons Support Engineer Directory Services Microsoft Corporation.

Published byConstance Dickerson Modified over 9 years ago

Similar presentations

Presentation on theme: "Active Directory Disaster Recovery Paul Simmons Support Engineer Directory Services Microsoft Corporation."— Presentation transcript:

1 Active Directory Disaster Recovery Paul Simmons Support Engineer Directory Services Microsoft Corporation

2 Definition  Resolving problems on Microsoft ® Windows ® domain controllers that affect client, domain, or forest operation– In the least amount of time In the least amount of time With the least amount of pain With the least amount of pain With the best possible results With the best possible results

3 Preventive Maintenance  Use good hardware and test it regularly  Test deployments in a lab before deployment  Practice recovery scenarios in a lab  Remove single points of failure  Never have only one domain controller in a domain  Back up before and after every major state change

4 Recovery Options  Rebuild Winnt32, Dcpromo, and Re-replicate Winnt32, Dcpromo, and Re-replicate Known recovery time and results Known recovery time and results  Restore Windows Backup (Ntbackup.exe) to restore to a known good state Windows Backup (Ntbackup.exe) to restore to a known good state Re-replicate Re-replicate  Repair Esentutl repair of database is a last resort Esentutl repair of database is a last resort Use integrity check to see if database is damaged Use integrity check to see if database is damaged

5 Recovery Tools  Ntbackup – System State  Ntdsutil – Metadata Cleanup  Esentutl – Database Validation and Repair  Winnt32 – Rebuild  Dcpromo – Re-promote  Component level recovery FAZAM FAZAM Dfsutil.exe Dfsutil.exe

6 Ntbackup  Features: Backs up Active Directory ® in online mode Backs up Active Directory ® in online mode Scheduled backups Scheduled backups  What to back up System state: Active Directory, boot files, registry, and more System state: Active Directory, boot files, registry, and more  Resources: Q240363: “How to Back Up and Restore the System State” Q240363: “How to Back Up and Restore the System State” Q233427: “Files and Folders Not Backed Up Using the Ntbackup.exe Tool” Q233427: “Files and Folders Not Backed Up Using the Ntbackup.exe Tool”

7 Backup Limitations  Backup life = tombstonelifetime value Default = 60 days old Default = 60 days old Password change interval = 30 days Password change interval = 30 days Password history = 2 (current and previous) Password history = 2 (current and previous) Backup useful life = 60 days or two default password changes Backup useful life = 60 days or two default password changes Old backups can reintroduce tombstoned objects Old backups can reintroduce tombstoned objects  Schema rollback is not supported

8 Ntdsutil  Metadata cleanup Remove orphaned domain controllers or domains Remove orphaned domain controllers or domains  Integrity check and repair Wrapper around Esentutl Wrapper around Esentutl Tells you if database is damaged Tells you if database is damaged  Authoritative restore Mark selected objects on domain controller as authoritative Mark selected objects on domain controller as authoritative

9 Nonauthoritative Restore  What is it? Restore to known good point using Ntbackup Restore to known good point using Ntbackup Reboot into Active Directory mode to sync changes Reboot into Active Directory mode to sync changes  When to use Recover from hardware failure Recover from hardware failure Return to known good state on single domain controller Return to known good state on single domain controller  Options Rebuild server from scratch. Re-run Dcpromo. Rebuild server from scratch. Re-run Dcpromo. Restore machine to a known good point and sync deltas. Restore machine to a known good point and sync deltas.

10 Authoritative Restore  What is it? Restore to known good point using Ntbackup Restore to known good point using Ntbackup Make objects on reference domain controller as “master copy” for Active Directory Make objects on reference domain controller as “master copy” for Active Directory  When to use Accidental deletion or modification of objects or containers in the Active Directory Accidental deletion or modification of objects or containers in the Active Directory Corruption of objects/attributes in the directory Corruption of objects/attributes in the directory  Options Find a good domain controller that has the objects and make it authoritative Find a good domain controller that has the objects and make it authoritative Restore from a backup that contains the objects and make it authoritative Restore from a backup that contains the objects and make it authoritative

11 Authoritative Restore  Boot into offline restore mode Press F8 during boot phase Press F8 during boot phase Log on with offline administrator account Log on with offline administrator account  Mark objects in Ntdsutil as authoritative Find machine with objects or restore them Find machine with objects or restore them Restore subtree or entire database (rare) Restore subtree or entire database (rare)  Best practice Use most specific distinguished name path needed for recovery Use most specific distinguished name path needed for recovery Restore Active Directory over Terminal Services–Q256588 Restore Active Directory over Terminal Services–Q256588

12 Winnt32 and Dcpromo  What is it? Reinstall of OS Reinstall of OS Run Dcpromo Run Dcpromo  When to use Known recovery time and end result Known recovery time and end result No applications or services to protect No applications or services to protect  Options Maintain standby server that can be shipped to remote site Maintain standby server that can be shipped to remote site

13 Scenarios  Hardware failure  Deleted objects in Active Directory  Flexible Single Master Operation (FSMO) recovery  Demo of authoritative restore

14 Hardware Failure  Scenario: Domain controller experiences catastrophic hardware failure Domain controller experiences catastrophic hardware failure  Goal: Replace bad hardware or entire server and resume operations Replace bad hardware or entire server and resume operations  Given: Valid backup Valid backup Identical hardware Identical hardware

15 Hardware Failure (2)  Process Replace server or hardware Replace server or hardware Restore from tape backup Restore from tape backup Re-replicate Re-replicate  Alternatives Winnt32 and Dcpromo Winnt32 and Dcpromo

16 Hardware Failure (3)  Restore to dissimilar hardware Q263532: “Disaster Recovery of Active Directory on Dissimilar Hardware” Q263532: “Disaster Recovery of Active Directory on Dissimilar Hardware”  Requirements Same number of drives and drive letters Same number of drives and drive letters Complete backup of system state and system drive Complete backup of system state and system drive Same NICS, video cards, HAL, kernel, and number of processors Same NICS, video cards, HAL, kernel, and number of processors Remove teaming network cards on target Remove teaming network cards on target Same disk drive controller and configuration Same disk drive controller and configuration

17 Deleted Objects in Active Directory  Scenario Critical objects have been deleted from Active Directory Critical objects have been deleted from Active Directory  Goal To recover the objects without re-creating them To recover the objects without re-creating them  Given A valid backup A valid backup

18 Deleted Objects in Active Directory (2)  Resolution; restore from tape and authoritative restore in Ntdsutil: Restore recent backup containing deleted objects Restore recent backup containing deleted objects Mark deleted objects as authoritative using Ntdsutil Mark deleted objects as authoritative using Ntdsutil Authoritative restore in Ntdsutil Authoritative restore in Ntdsutil  Alternative: Find replica domain controller that hasn’t received the deletions Find replica domain controller that hasn’t received the deletions Mark deleted distinguished name as authoritative (no restore required) Mark deleted distinguished name as authoritative (no restore required)

19 Deleted Objects in Active Directory (3)  Protection Set replication schedule once every four days on “backup domain controller” Set replication schedule once every four days on “backup domain controller” Mark objects as authoritative when deletion detected Mark objects as authoritative when deletion detected

20 FSMO Recovery  Flexible Single Master Operations (FSMO)  Q223787: “Flexible Single Master Operation Transfer and Seizure Process”  Transfer roles Preferred Preferred Graceful Graceful  Seizure of roles Last resort Last resort That server cannot come back online…EVER. That server cannot come back online…EVER.

21 Ntdsutil FSMO Transfer UI

22 Demo: User Objects Created

23 Demo: Repadmin /Showmeta

24 Demo: System State Backup

25 Demo: Deleted Objects

26 Demo: Restore System State

27 Demo: Advanced Options

28 Demo: Authoritative Restore

29 Demo: Authoritative Restore (2)

30 Demo: Repadmin /Showmeta with Incremented Version Numbers

31 Additional References:  Server recovery: http://www.microsoft.com/windows2000/techinfo/ad ministration/fileandprint/recovery.asp http://www.microsoft.com/windows2000/techinfo/ad ministration/fileandprint/recovery.asp http://www.microsoft.com/windows2000/techinfo/ad ministration/fileandprint/recovery.asp  Q241594: “HOW TO: Perform an Authoritative Restore to a Domain Controller in Windows 2000”  Microsoft Windows 2000 Server Distributed Systems Guide, Chapters 9 and 10

Download ppt "Active Directory Disaster Recovery Paul Simmons Support Engineer Directory Services Microsoft Corporation."

Similar presentations

Copyright line. Maintaining an Active Directory Environment Exam Objectives Backup and Recovery Backup and Recovery Offline Maintenance Offline Maintenance.

Copyright line. Maintaining an Active Directory Environment Exam Objectives Backup and Recovery Backup and Recovery Offline Maintenance Offline Maintenance.
Course 6425A Module 9: Implementing an Active Directory Domain Services Maintenance Plan Presentation: 55 minutes Lab: 75 minutes This module helps students.

Course 6425A Module 9: Implementing an Active Directory Domain Services Maintenance Plan Presentation: 55 minutes Lab: 75 minutes This module helps students.
Presented by Peter Gubarevich Optimal Solutions, Ltd Conference Microsoft IT Pro Tallinn, December 01, 2011 Something About Restoring Your Server.

Presented by Peter Gubarevich Optimal Solutions, Ltd Conference Microsoft IT Pro Tallinn, December 01, 2011 Something About Restoring Your Server.
Module 13: Maintaining the Active Directory Database

Module 13: Maintaining the Active Directory Database
VMware Data Recovery Presented by Kroll Ontrack at WI Area VMware User’s Group Presented by Kroll Ontrack at WI Area VMware User’s Group.

VMware Data Recovery Presented by Kroll Ontrack at WI Area VMware User’s Group Presented by Kroll Ontrack at WI Area VMware User’s Group.
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 13: Server Management and Monitoring.

MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 13: Server Management and Monitoring.
8.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

8.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Chapter 12 - Backup and Disaster Recovery1 Ch. 12 – Backups and Disaster Recovery MIS 431 – Created Spring 2006.

Chapter 12 - Backup and Disaster Recovery1 Ch. 12 – Backups and Disaster Recovery MIS 431 – Created Spring 2006.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
A+ Guide to Software, 4e Chapter 4 Supporting Windows 2000/XP Users and Their Data.

A+ Guide to Software, 4e Chapter 4 Supporting Windows 2000/XP Users and Their Data.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.
A+ Guide to Software, 4e Chapter 5 Troubleshooting Windows 2000/XP Startup.

A+ Guide to Software, 4e Chapter 5 Troubleshooting Windows 2000/XP Startup.
Ntdsutil.exe and the Microsoft Active Directory Curtis Clay III Charleta McKoy Windows 2000 Directory Services Team Microsoft Corporation.

Ntdsutil.exe and the Microsoft Active Directory Curtis Clay III Charleta McKoy Windows 2000 Directory Services Team Microsoft Corporation.
Module 8 Implementing Backup and Recovery. Module Overview Planning Backup and Recovery Backing Up Exchange Server 2010 Restoring Exchange Server 2010.

Module 8 Implementing Backup and Recovery. Module Overview Planning Backup and Recovery Backing Up Exchange Server 2010 Restoring Exchange Server 2010.
Module 12: Planning for and Recovering from Disasters.

Module 12: Planning for and Recovering from Disasters.
1. Preventing Disasters Chapter 11 covers the processes to take to prevent a disaster. The most prudent actions include Implement redundant hardware Implement.

1. Preventing Disasters Chapter 11 covers the processes to take to prevent a disaster. The most prudent actions include Implement redundant hardware Implement.
1 Module 2 Installing Windows NT. 2  Overview Preparing for Installation Installing Windows NT Performing a Server-based Installation Troubleshooting.

1 Module 2 Installing Windows NT. 2  Overview Preparing for Installation Installing Windows NT Performing a Server-based Installation Troubleshooting.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 12: Managing and Implementing Backups and Disaster Recovery.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 12: Managing and Implementing Backups and Disaster Recovery.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 14: Problem Recovery.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 14: Problem Recovery.
1 Objectives Discuss the Windows Printer Model and how it is implemented in Windows Server 2008 Install the Print Services components of Windows Server.

1 Objectives Discuss the Windows Printer Model and how it is implemented in Windows Server 2008 Install the Print Services components of Windows Server.

Similar presentations

Ads by Google