Re: ADAM back up and restore

From: Dmitri Gavrilov [MSFT] (dmitrig_at_online.microsoft.com)
Date: 10/28/04 

Date: Thu, 28 Oct 2004 12:06:01 -0600

Yes, you have to go to your original instance and do the mod there (add a
windows group with a fixed sid, such as BA). Then, you can take the DIT to
another machine.

The most complete ADAM doc is the ADAM Technical Reference draft, which is
available on ms downloads site. 

-- 
Dmitri Gavrilov
SDE, Active Directory Core
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"Bob Yuan" <BobYuan@discussions.microsoft.com> wrote in message
news:57648E1E-5375-46B6-BFE0-238A027A108E@microsoft.com...
> Thanks for pointing out this.
>
> We already have production server running using a Windows account other
than
> built-in\administrator. Actually I specify a group as ADAM administrator,
and
> the account is in the group. Can I just add built-in\admin to this group
that
> can make the built-in admin to access the ADAM, then back it up, restore
to
> another machine, and get it accessed by the built-in\admin account? (we
are
> running ADAM in a workgroup, not domain)
>
> I already tried to add the Windows admin account to that group, but it
> cannot access the ADAM via ADSIEdit.
>
> By the way, in this situation (completely restore ADAM to another
machine),
> what is the right way or best practice (it is important for disaster
> recovery)? Any resources that I can get?
>
> Thanks.
>
> Bob
>
>
> "Dmitri Gavrilov [MSFT]" wrote:
>
> > That won't work. The admin account is referenced by its SID, and the SID
is
> > different on your second machine. So, you have no admins in your
restored
> > instance. Basically, nobody has access.
> >
> > One way out is to designate builtin\admins as your adam admin. This
group
> > has a fixed SID that will work on any machine.
> >
> > -- 
> > Dmitri Gavrilov
> > SDE, Active Directory Core
> >
> > This posting is provided "AS IS" with no warranties, and confers no
rights.
> > Use of included script samples are subject to the terms specified at
> > http://www.microsoft.com/info/cpyright.htm
> >
> > "Bob Yuan" <BobYuan@discussions.microsoft.com> wrote in message
> > news:669C9E5D-7F46-4A0F-A977-106166E69BA6@microsoft.com...
> > > Hello,
> > >
> > > Here what I did:
> > >
> > > 1. Backup the ADAM instance on the production server using NTBACKUP;
> > > 2. Install a new copy of ADAM on another server, use the same
settings,
> > such
> > > as instance name, admin account name, etc. One account is for ADAM to
run,
> > I
> > > used Network Service account; the other one is for ADAM
administration, I
> > > used a Windows account (local account). Both servers are in a
workgroup,
> > not
> > > a domain.
> > > 4. Create schema objects with LDIF file provided by developers;
> > > 3. Use NTBACKUP to restore the backup to the new server, same
location,
> > > replace all files;
> > > 4. Restore did not generate any error message, ADAM eventlog has no
> > errors,
> > > only information indicating that the host name and/or port number
changed
> > > from the backup media, and updated in the local database;
> > > 5. When using ADSIEdit to connect to the directory, using the
> > administration
> > > account(local windows account), I got the message: Directory property
> > cannot
> > > be found in cache, and can't login.
> > >
> > > Thanks
> > >
> > > Bob
> > >
> > > "Lee Flight" wrote:
> > >
> > > > Hi
> > > >
> > > > could you clarify the bit below? After you did the restore what
account
> > were
> > > > you trying to bind with, an windows domain account that is an ADAM
> > > > administrator or a native ADAM user that exists inside the restored
> > > > partition?
> > > >
> > > > Does the ADAM instance eventlog look clean for the restored
instance?
> > > >
> > > > What happens if you open ADSIedit on the server with the restored
> > instance
> > > > and try to connect to the restored application partition as an ADAM
> > > > administrator?
> > > >
> > > > Thanks
> > > > Lee Flight
> > > >
> > > > "Bob Yuan" <BobYuan@discussions.microsoft.com> wrote in message
> > > > news:03698C80-6173-40DA-8217-35EC5B8B6077@microsoft.com...
> > > >
> > > > > However,
> > > > > when I try to connect to it using ADAM ASDIEdit, I cannot login
using
> > the
> > > > >  > previous created user account (the user was created during the
new
> > >ADAM
> > > > > installation),
> > > >
> > > >
> > > >
> >
> >
> >