Re: ADAM back up and restore

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: Bob Yuan (BobYuan_at_discussions.microsoft.com)
Date: 10/28/04

Next message: Dmitri Gavrilov [MSFT]: "Re: ADAM back up and restore"
Previous message: Lee Flight: "Re: ADAM replication error - 5 access is denied"
In reply to: Dmitri Gavrilov [MSFT]: "Re: ADAM back up and restore"
Next in thread: Dmitri Gavrilov [MSFT]: "Re: ADAM back up and restore"
Reply: Dmitri Gavrilov [MSFT]: "Re: ADAM back up and restore"
Messages sorted by: [ date ] [ thread ]

Date: Thu, 28 Oct 2004 10:29:01 -0700

Thanks for pointing out this.

We already have production server running using a Windows account other than
built-in\administrator. Actually I specify a group as ADAM administrator, and
the account is in the group. Can I just add built-in\admin to this group that
can make the built-in admin to access the ADAM, then back it up, restore to
another machine, and get it accessed by the built-in\admin account? (we are
running ADAM in a workgroup, not domain)

I already tried to add the Windows admin account to that group, but it
cannot access the ADAM via ADSIEdit.

By the way, in this situation (completely restore ADAM to another machine),
what is the right way or best practice (it is important for disaster
recovery)? Any resources that I can get?

Thanks.

Bob

"Dmitri Gavrilov [MSFT]" wrote:

> That won't work. The admin account is referenced by its SID, and the SID is
> different on your second machine. So, you have no admins in your restored
> instance. Basically, nobody has access.
>
> One way out is to designate builtin\admins as your adam admin. This group
> has a fixed SID that will work on any machine.
>
> --
> Dmitri Gavrilov
> SDE, Active Directory Core
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
> Use of included script samples are subject to the terms specified at
> http://www.microsoft.com/info/cpyright.htm
>
> "Bob Yuan" <BobYuan@discussions.microsoft.com> wrote in message
> news:669C9E5D-7F46-4A0F-A977-106166E69BA6@microsoft.com...
> > Hello,
> >
> > Here what I did:
> >
> > 1. Backup the ADAM instance on the production server using NTBACKUP;
> > 2. Install a new copy of ADAM on another server, use the same settings,
> such
> > as instance name, admin account name, etc. One account is for ADAM to run,
> I
> > used Network Service account; the other one is for ADAM administration, I
> > used a Windows account (local account). Both servers are in a workgroup,
> not
> > a domain.
> > 4. Create schema objects with LDIF file provided by developers;
> > 3. Use NTBACKUP to restore the backup to the new server, same location,
> > replace all files;
> > 4. Restore did not generate any error message, ADAM eventlog has no
> errors,
> > only information indicating that the host name and/or port number changed
> > from the backup media, and updated in the local database;
> > 5. When using ADSIEdit to connect to the directory, using the
> administration
> > account(local windows account), I got the message: Directory property
> cannot
> > be found in cache, and can't login.
> >
> > Thanks
> >
> > Bob
> >
> > "Lee Flight" wrote:
> >
> > > Hi
> > >
> > > could you clarify the bit below? After you did the restore what account
> were
> > > you trying to bind with, an windows domain account that is an ADAM
> > > administrator or a native ADAM user that exists inside the restored
> > > partition?
> > >
> > > Does the ADAM instance eventlog look clean for the restored instance?
> > >
> > > What happens if you open ADSIedit on the server with the restored
> instance
> > > and try to connect to the restored application partition as an ADAM
> > > administrator?
> > >
> > > Thanks
> > > Lee Flight
> > >
> > > "Bob Yuan" <BobYuan@discussions.microsoft.com> wrote in message
> > > news:03698C80-6173-40DA-8217-35EC5B8B6077@microsoft.com...
> > >
> > > > However,
> > > > when I try to connect to it using ADAM ASDIEdit, I cannot login using
> the
> > > > > previous created user account (the user was created during the new
> >ADAM
> > > > installation),
> > >
> > >
> > >
>
>
>

Next message: Dmitri Gavrilov [MSFT]: "Re: ADAM back up and restore"
Previous message: Lee Flight: "Re: ADAM replication error - 5 access is denied"
In reply to: Dmitri Gavrilov [MSFT]: "Re: ADAM back up and restore"
Next in thread: Dmitri Gavrilov [MSFT]: "Re: ADAM back up and restore"
Reply: Dmitri Gavrilov [MSFT]: "Re: ADAM back up and restore"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Access Rights to See DACLs in ADAM
... Granting access in ADAM DACL does not work ... as an ADAM administrator but with no Windows Admin privileges). ... account is not a local administrator account. ...
(microsoft.public.windows.server.active_directory)
Re: ADAM and Windows Address Book
... credentials instead of a fixed service account. ... it is a special LDAP control supported by AD and ADAM ... If I couldn't make it work for WAB, ... credentials in the WAB settings in order to authenticate. ...
(microsoft.public.windows.server.active_directory)
Re: ADAM SP1 on Win2K3 SP1
... To use a domain user account as the ADAM service account for SSL communication, I have to request server authentication certificate using that account. ...
(microsoft.public.windows.server.active_directory)
Re: ADAM and Windows Address Book
... If I couldn't make it work for WAB, ... I knew I had a good reason to move to the R2 ADAM. ... credentials in the WAB settings in order to authenticate. ... account, ...
(microsoft.public.windows.server.active_directory)
Re: ADAM and Windows Address Book
... If I couldn't make it work for WAB, ... each account - avoiding the incredibly difficult process described in the ... I knew I had a good reason to move to the R2 ADAM. ... the current thread's credentials OR using specific credentials, ...
(microsoft.public.windows.server.active_directory)