Re: Backing Up Active Directory
- From: "Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx>
- Date: Wed, 6 Dec 2006 20:36:22 -0000
Hi
You need to backup EVERY DC in your network seperatly.
- The System State data also backups important information regarding to the DC where the backup was made, that's why you CAN'T use one System State backup accross different DCs, or you'll end up with EQUAL BROKEN DCS .
- Active Directory uses multimaster replication, in which no one domain controller is the master domain controller. Instead, all domain controllers within a domain are peers, and each domain controller contains a copy of the directory database that can be written to. Domain controllers can hold different information for short periods of time until all domain controllers have synchronized changes to Active Directory.
- Although Active Directory supports multimaster replication, some changes are impractical to perform in multimaster fashion. One or more domain controllers can be assigned to perform single-master replication (operations not permitted to occur at different places in a network at the same time). Operations master roles are special roles assigned to one or more domain controllers in a domain to per-form single-master replication.
- The information stored in the directory (in the Ntds.dit file) is logically partitioned into four directory partitions. A directory partition is also referred to as a naming context. These directory partitions are the units of replication. The directory contains the following partitions:
- Schema partition: This partition defines the objects that can be created in the directory and the attributes those objects can have. This data is common to all domains in a forest and is replicated to all domain controllers in a forest.
- Configuration partition: This partition describes the logical structure of the deployment, including data such as domain structure or replication topology. This data is common to all domains in a forest and is replicated to all domain controllers in a forest.
- Domain partition: This partition describes all of the objects in a domain. This data is domain-specific and is not replicated to any other domains. However, the data is replicated to every domain controller in that domain.
- Application Directory partition: (Only available in Windows 2003) This partition stores dynamic application-specific data in Active Directory without significantly affecting network performance by enabling you to control the scope of replication and the placement of replicas. The application directory partition can contain any type of object except security principals (users, groups, and computers). Data can be explicitly rerouted to administrator-specified domain controllers within a forest in order to prevent unnecessary replication traffic, or it can be set to replicate everything to all domain controllers in the same fashion as the schema, configuration, and domain partitions.
Check:
How Backup Works
http://technet2.microsoft.com/WindowsServer/en/Library/9143ba85-587e-409d-b612-617e6617fece1033.mspx?mfr=true
Authoritative, primary, and normal restores
http://technet2.microsoft.com/WindowsServer/en/Library/18f89932-80ee-4b50-9a1f-698cada42ccc1033.mspx?mfr=true
Back up System State data
http://technet2.microsoft.com/WindowsServer/en/library/921f0ed5-523d-48ac-8825-e850b0e548841033.mspx?mfr=true
--
*************************************************
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA + Exchange + MSCE
*************************************************
"Net Admin" <NetAdmin@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:9F829500-5343-47FD-8138-CD2FC2C4FE74@xxxxxxxxxxxxxxxx
Thanks Paul.
One more question.....I have a parent and child domain setup. Correct me if
I'm wrong but there is only one Active Directory database for the entire
forest isn't there? If not, I will have to backup the System State on a
parent and child DC.
"Paul Bergson [MVP-DS]" wrote:
I would also backup the system and boot partitions in the event you have
hardware failure and you need to do a full restore.
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"Net Admin" <NetAdmin@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A98D3D0B-754E-4316-956C-377A40C7A74B@xxxxxxxxxxxxxxxx
> Thank you both. I feel a little more relieved now.
.
- References:
- Re: Backing Up Active Directory
- From: Jorge Silva
- Re: Backing Up Active Directory
- From: Paul Bergson [MVP-DS]
- Re: Backing Up Active Directory
- Prev by Date: Re: access granted after lock out
- Next by Date: Re: security accounts manager initialization failed
- Previous by thread: Re: Backing Up Active Directory
- Next by thread: Re: Backing Up Active Directory
- Index(es):
Relevant Pages
|
