In Windows 2000, the letter of security in the backup user and the enterprise configuration, all security is different. With recovery Active Directory is a message stored in the registry, so we are stored in Active Directory.
Very important job. In NT, all have only a backup registration table. But in the middle, its backup method is complete in NT.
You cannot back up part of the AC according to part of the AC. System, file copy service, cluster service, separate backup, must be used as TIVE Directory, Windows2000 includes status data, system start domain name service, and active directory 8, and normal state data. Active Directory is a system status file, class registration database, and only the top 3 in the case of certificate service data. These 8 parts cannot be
I. Backup Active Directory data If there is a domain exist, you only need to copy it naturally to this DC, which is re-installed, and the DC is deleted from the domain. on. Backup Active Directory when a DC is connected, and returns to the domain, then additional DC
If the last DC remains in a domain, the process is as follows: That is very necessary to back up Active Directory. detailed
1. "Start" menu -> "Run", enter "NTBackup", start the Win2000 backup tool.
2. Use the "Backup To Backup System Status Data" in the Welcome tag, the next step. Guide, select "Select the backup content page" in the Backup Wizard dialog box. "
3. On "Next, complete the backup wizard. If the backup wizard is configured. Location" page, enter the storage backup data, such as backup completion.
The file name, such as "D: Akad0322.bkf", then verify the data, please use the "Advanced" option
4. Select "Complete" Start Backup, depending on time. Backup is complete, the system generates a backup report. According to how much, it may take a few minutes to ten minutes or even longer.
5. Recommendation: Normally back up large capacity space storage. Because it is stored. The file is relatively large, I have backed up several aspects including very sensitive accounts.
Between 250-300m, therefore need to find a message, so the backup data should be properly guaranteed.
II. There are two ways to restore the active Directory to restore Active Directory. The first is to reinstall and add it to it will be restored from its bad DC. It recovered data on its DC, provided that the DC will be automatically performed when there will be the original domain in the domain.
There is also a DC is available, at this time, when the data is copied, Active Directory follows.
Another method is that only one domain is only one domain, because the funds are often encountered. Backup media recovery. Usually, there are only one DC, because
For most small companies, the entire public will restore Active Directory from the media.
1. Verification methods and non-authentication methods Active Directo (Authoritative Restore) and non-authentication methods are available (RY recovery) from backup media (RY recovery can be selected). Normally, the Windows2000 uses non-later, other DCs within the domain will use assumptions during the replication process Today is Friday. You use the data you have changed on Wednesday that you are recovering to recover. Verification mode Recovery: Active Directory recovers new data from the backup media to overwrite the old recovery old data. For example, the part is restored to the Active Directory, then from the Active Directory DC, the new data will overwrite on Wednesday.
The verification mode is completely different. After the data is completed from the backup, all data overrides all data overwritten, the domain is usually used in this case: Active replication diffuses to other DC enforcement in the domain to restore to the original good The way. It will change the number of recovered from backup media. Also take the above example, these recovered data will be copied to the domain data to restore the status when the backup is restored to the backup, there is a certain DC on a DC in the domain. At this time, it is necessary to use the status on a certain DC. It should be said that this approach is forced to copy to all DCs in the domain, and it is forcibly the backup of the backup on Friday's backups on Wednesday. Verify mode Recovery Active Directory's serious error, and this error is restored by the verification method to restore Active Directory, more recovery Active Directory
2. Non-validation recovery Active Directory
To achieve non-verification recovery, it is necessary to be offline). To restore A, you need to restart S. Select the "Directory Service Recovery Mode" directory service must be offline (you must use Seerver, when the screen prompts you choose the operation system. Directory service Not RVER is in the "Directory Service Recovery Mode". When the quadrant, press F8, start the system launch advanced menu
The accounts and denses of the administrators in the user log in to Active Directory appear in Windows2000. You only use the stored in the Security Account Manager, you can enter the local administrator account and password when you recover Active Direct port (note, not at the code, because the Active Directory is offline, not available It is logged in for administrator accounts and passwords in SAM). Log in to the Ory operation. (1) Start the backup program comes with the Windows2000: "Start" -> "Run", enter "NTBackup";
(2) Backup set in Welcome tags. Select "Restore Wizard", skip the welcome screen,
Backup programs will display available for data recovery
(3) Select the appropriate backup file to complete the data recovery. Restart the machine. (4) Note: Normally, Windows2000 TomBstone Li will be moved well. ---- Sea), except, you can't restore Afetime for 60 days (you can understand for the time of life, not you have set. CTIVE Directory data, this is because of the impossible translation of its meaning, only
3. Verification mode Recovery Active Directory Recovery to implement verification mode, you must first order the tool to implement the recovery of the Directory data of the DIRECTIVE DIRECTORY. Recovery in a non-verified manner first, then you can use ntdsutil to be restored. Verify recovery can achieve all or part of Active
(1) Restoring the Active Directory using non-verified manner and restart the machine. (2) Use the "Directory Service Recovery Mode" to activate the Windows2000 and log in as an administrator. (3) "Start" -> "Run", enter "NTDSUTIL", start the command line tool.
(4) Restore the entire Active Directory database, use the following command: Authoritative Restore Restore Database Restores section Active Directory data, use the following command: Authoritative Restore Restore Subtree OU = Brien, DC = Files, DC = COM red part should be in accordance with the second line command It should be: RESTORE S is sometimes used to recover the important OU important OU to delete, today you OU is deleted before the backup. The situation is determined, for example, your domain name is Mubtree Ou = myou, DC = Mydom, DC = N, such as two administrators in a certain domain, you and A, you can use verification restoration to use this Ouydom. NET, the OU to be restored is the MYOU, and the ET is pushed. The party A of the restore part of the data is a bit of vegetables :), last night, accidentally returned one, the premise is that you have this
Finally, use the quit command to exit and restart the machine.
