How to back up and restore an active directory

xiaoxiao2021-03-06  40

Windows 2000 Active Directory Migration Tool http://www.microsoft.com/china/windows2000/downloads/deployment/admt/default.htm

Backup and Recovery Active Directory with Windows Backup Tools

In Windows2000, backup and recovery Active Directory is a very important job. In NT, all information about users and enterprise configurations are stored in the registry, so we only need to back up the registry. But in Windows2000, all security information is stored in Active Directory, and its backup method is completely different from NT.

You cannot separately back up Active Directory, and Windows2000 is backed up by using Active Directory as part of the system status data. System status data includes registry, system launch file, class registration database, certificate service data, file replication service, cluster service, domain name service, and active directory 8, usually only the top 3 parts. This 8 parts cannot be backed up separately, and must be backed up as part of the system status data.

I. Back up Active Directory data

If there is more than one DC in one domain, backup Active Directory is not required when reinstalling a DC, you only need to remove one of the DCs from the domain, reinstall, and make it back to the domain So additional DCs will naturally copy data to this DC.

If the last DC remains in a domain, it is necessary to back up Active Directory. The detailed process is as follows:

1. "Start" menu -> "Run", enter "NTBackup", start the Win2000 backup tool.

2. Use the Backup Wizard in the Welcome tab, select "Backup System Status Data" in the Backup Wizard dialog box, select "Only Backup System Status Data", the next step.

3. Enter the file name that stores backup data in the "Backup Save" page, such as "D: Akad0322.bkf", the next step, complete the backup wizard. If you want to make some settings, if the data is authenticated after the backup is complete, use the Advanced option to configure.

4. Select "Complete" Start Backup, depending on the data, you may take a few minutes to ten minutes or even longer. Backup is complete, the system generates a backup report.

5. Recommendation: Usually the files of the backup are relatively large, I have backed up several times between 250-300m, so you need to find a large capacity space. Because the backup contains information such as a very sensitive account, the backup data should be properly saved.

Second. Cactive Directory

There are two ways to restore Active Directory.

The first is to recover data from other DCs of the domain. Prerequisites that there must be a DC in the domain that is available. At this time, data replication is automatically performed when the damaged DC is reinstalled and added to its original domain. Active Directory will recover.

Another method is to recover from the backup medium. Normally, for most small companies, only one domain of the entire company, only one DC is also available due to funds, so Active Directory is often encountered.

1. Verification mode and non-verification method

There are two ways from backup media to restore: Authoritative Restore and Nonauthoritative Restore.

Typically, Windows2000 recovers using non-authentication mode: Active Directory is restored from the backup media, and other DCs within the domain use new data to cover old recovered old data during replication. For example, it is assumed that Today is Friday, you have recovered Active Directory on Wednesday, then the data that has been changed from Wednesday, which will be copied to the DC you are restoring Active Directory, that is, new data will overwrite you. Use the data restored to restore.

The verification mode is completely different. It will force the data recovered from the backup media to all DCs in the domain, regardless of whether the data has changed from the backup. Also taking the above example, when you recover Active Directory on Wednesday's backup on Wednesday, these recovered data will be copied to all DCs in the domain to overwrite all the data that changes after the backup, the domain data The state is restored to the backup. Verify mode Recovery Active Directory is usually used in this case: Active Directory has a serious error on a certain DC in the domain, and this error is diffused to other DCs in the domain by copying, and it is necessary to use on a certain DC. Verify how Active Directory is restored to enforce the domain to its original. It should be said that this approach is a more way to restore Active Directory. 2. Non-validation recovery Active Directory

To achieve non-verification recovery, the directory service must be offline (back up Active Directory when the directory service is not necessarily offline). To restore Active Directory, you must use Server in "Directory Service Recovery Mode". To do this, you need to restart Server. When the screen prompts you to select an operating system, press F8, start the system to start the advanced menu, select Directory Service Recovery Mode.

When the user login window appears in Windows2000, enter the local administrator account and password (note that the account number and password in the Active Directory, because the Active Directory is offline, not available. You only use the store in the security account Manager, sometimes called the administrator account and password in SAM to log in). After logging in, you can restore the Active Directory operation.

(1) Start the backup program comes with the Windows2000: "Start" -> "Run", enter "NTBackup";

(2) Select "Restore Wizard" in the Welcome Tag, skip the welcome screen, and the backup program will display the backup set that can be used for data recovery.

(3) Select the appropriate backup file to complete the data recovery. Restart the machine.

(4) Note: Usually, you can't recover Active Directory data for 60 days, because it is affected by Windows2000 TomBstone Lifetime (you can understand for the time of life, because you can't translate its meaning, you have to move. ---- Sea) unless you have set it.

3. Verification mode Recovery Active Directory

To achieve verification mode, you must first realize non-verification mode recovery, then you can use the NTDSUTIL command line tool to implement verification Active Directory recovery. Verify recovery can be restored by all or part of Active Directory data.

(1) Restoring the Active Directory using non-verified manner and restart the machine.

(2) Use the "Directory Service Recovery Mode" to activate the Windows2000 and log in as an administrator.

(3) "Start" -> "Run", enter "NTDSUTIL", start the command line tool.

(4) Restore the entire Active Directory database, use the following command:

Authoritative Restore

RESTORE DATABASE

Restore some of the Active Directory data, use the following command:

Authoritative Restore

RESTORE SUBTREE OU = Brien, DC = Files, DC = COM

Also determined according to the actual situation, such as your domain name is Mydom. NET, the OU to recover is myou, the second line command should be: restore subtree ou = myou, dc = mydom, dc = net, so on. The way to restore some data is sometimes used to restore the deleted OU, such as two administrators in a certain domain, you and A, a a bit of vegetables :), accidentally accidentally put an important OU to delete, today you can Use verification restoration to restore this OU, premise is that you have this OU before being deleted.

Finally, use the quit command to exit and restart the machine.

转载请注明原文地址:https://www.9cbs.com/read-61985.html

New Post(0)