Re: backup and recover of AD objects

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

no need to do a bare meta restore.

Just boot into DSRM and restore the SYSTEM STATE using WBADMIN.EXE (check the help of it how). This is the non-auth part. After the restore is finished DO NOT reboot the DC. From the command line start NTDSUTIL. Check the help for next steps. That will be the auth. restore part

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------

"Family" <shofmann@xxxxxxx> wrote in message news:880629A8-7FF3-4C84-92C3-291CC01AFC0A@xxxxxxxxxxxxxxxx
Thanks Paul for providing the link. Your process works for doing a bare metal restore of the DC, but can i also use this procedure to perform an authorative or non authorative restore of AD?

Also is the issue you are experiencing with NetBackup specific to Windows 2008 DC ?
"Paul Bergson [MVP-DS]" <pbbergs@xxxxxxxxxxxxxxx> wrote in message news:eN4GHBghJHA.4200@xxxxxxxxxxxxxxxxxxxxxxx
Here is the link:
http://blogs.dirteam.com/blogs/paulbergson/archive/2009/02/02/backup-and-recovery-of-a-windows-2008-server-with-wbadmin.aspx

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.


"Family" <shofmann@xxxxxxx> wrote in message news:A3C04195-5559-4607-8891-64F2AE038CBD@xxxxxxxxxxxxxxxx
Yes please that would be great.

Thanks again
"Paul Bergson [MVP-DS]" <pbbergs@xxxxxxxxxxxxxxx> wrote in message news:%23LP6CiThJHA.1168@xxxxxxxxxxxxxxxxxxxxxxx
We have been built info on W2K8 backups (It is mostly complete), we push it out to an external drive on our SAN. I would be willing to post the info if you are interested.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.


"Family" <shofmann@xxxxxxx> wrote in message news:CC82BBED-48C1-47B6-A146-8F364281DEFD@xxxxxxxxxxxxxxxx
Thanks guys for all the helpfull suggestions. I downloaded the DSCT tool http://lindstrom.nullsession.com/?cat=7 and i was able to restore a deleted object but i wasnt able to restore any of the attributes of the deleted object, the object that was deleted was a user account that had a mailbox on an exchange 2003 server, so not sure if this tool can restore msexchange attributes?

I want to install Windows server backup on all my 2008 DC, so i can take system state backups. All the DC have a raid 1 and a raid 5 array, the raid 5 has no data on it and the raid 1 is where the OS lives. I want to use the raid 5 E:\ as the target for the system state backups. My question is what type of backup must i do so i can do a system state restore or a bare metal restore? and if i boot the DC into DSRM in order to do an authorative restore of an object, can i point WBADMIN to the backup file ( is it a .vhd?) that is stored on the E:\ and then do the restore of the deleted object?

Many thanks
"Marcin" <marcin@xxxxxxxxxxxxxxxx> wrote in message news:uTfOqIpgJHA.1288@xxxxxxxxxxxxxxxxxxxxxxx
Most often snapshots are used to determine which backup could be used to authoritatively restore a deleted object (keep in mind that they are not a substitute for backups, which, incidentally, you can also mount using the same dsamain utility) - eliminating this way the need to actually perform a restore to make such determination.
As far as your question is concerned, you can actually undelete AD objects (assuming that you perform this operation before the tombstone lifetime interval passes) without resorting to restore (as described in painfully detailed fashion in http://support.microsoft.com/kb/840001), however, such objects retain only a handful of attributes (by default, only the mandatory ones). So, potentially, you can recover deleted objects by combining undeletion with populating missing attributes based on the info extracted from a snapshot. This does not require third party utilities (LDIFDE will do just fine - although you can also use any of AD admin utilities that allow you to target specific port). The process is not straightforward (since it essentially involves export/import) - so you might want to take advantage of 3rd party tools (e.g. Snapshot Recover Tool from http://www.one-identity.net/tools/snapshot/, Directory Service Comparison Tool from http://lindstrom.nullsession.com/?page_id=11, or Active Directory Explorer from Sysinternals at http://technet.microsoft.com/en-us/sysinternals/bb963907.aspx)...

hth
Marcin

"skip" <shofmann@xxxxxxx> wrote in message news:880F4446-37DD-43C7-BC9D-65DAAE85D3FA@xxxxxxxxxxxxxxxx
Hello all

I am running in a 2003 native mode AD forest. I have two DC that are running windows 2008 and three that are running Windows 2003. I know i can take a snap shot using ntdsutil of the AD database running on windows 2008 and mount the database. I can also connect to the snap shot with ADUC after running dsamain -dbpath -ldapport # Once I connect to the snapshot i can see any delted users that were deleted after the snapshot was taken. Now how in the heck can i restore this object? Am assuming i need a 3rd paryt tool for this?







.

Relevant Pages

  • Re: How to use Windows Backup?!!
    ... AD is only backed up as part of the system state, and as such, the system must be in the *same* state. ... With that said, if you are backing up system state *and* the "program files" directory and doing a bulk restore, you will usually be fine. ... Yes I restored without incident from a good SBS backup. ...
    (microsoft.public.windows.server.sbs)
  • Re: Domain Controller cannot boot up after restoring the system st
    ... Moving hardware, or changing hardware, or restoring to new hardware ... Just apply it once, and as long as you backup the whole C: drive, and a System State backup, any backup that you try to restore C: drive and the System State, you can restore it to something different and it should boot. ...
    (microsoft.public.windows.server.general)
  • Re: Windows wont start after AD restore
    ... backed up [Full backup] please restore C: drive and System State ... Documents folders. ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS2003 - Cannot restore GPO following Article 888943
    ... Q. If I do a system stae restore, do I overwrite the exchange data ... >system state, will I alter the exchange data to return to its ... >>The backup will restore the whole system state including the exchange ... DNS entries have be ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS two adapter setup with Netopia Router. Help Save my weeked
    ... >> When you click OK on this message, the server restarts. ... >> are not able to start the server or restore the system state from backup. ...
    (microsoft.public.windows.server.sbs)