Directory data
- Windows Server 2003 Directory Service Repair Tools
Starting with Windows 2000, Microsoft introduces the activity directory technology, and the Active Directory allows companies to effectively share and manage information from network resources and users. In addition, it also plays a role of network security, so that the operating system is ready to verify the user's identity, and control the user's access to network resources. The activity directory is a combination point that integrates the system together and has played a role in consolidating management tasks.
The current Windows network environment is the main force in the network application, and the greatest feature of the Windows network is the domain environment. The ActivityDirectory, AD will greatly improve the domain management function. The latest Windows Server 2003 network is still managed by the activities of the fields in the domain. In this management mode, all resource information in the network is saved in the Domain Controller's Active Directory database. So the Active Directory database is critical to a network of a Windows domain environment. Once an active directory database is erroneous or an unexpected damage, such as during the system upgrade, the network will cause the network's major to access the domain resources. The fault, even the crash of the entire system.
Repair tool
In order to solve this problem, some ways to fix the active directory database in Windows Server 2003, the most commonly used two utilities are: NTDSUTIL.EXE and NTBACKUP.EXE.
The main difference between these two tools is that using NTBACKUP.EXE for system repair, it is necessary to use the active directory backup presented in advance, which means that only backed up information can be recovered; and ntdsutil.exe is the directory service of this unit. Information is copied to the directory service database on other domain controllers through the network, and use NTDSUTIL.EXE alone, it is not necessary to have backups in advance, but the price is due to no backup, so the system resource information it copies may not be complete and the latest. information.
Therefore, the difference between the two tools, Windows Server 2003 recommends the user's preferred NTBackup.exe tool, to develop the habit of the regular backup activity directory database, once in the system's directory service, you can fix it with NTBackup.exe. In some NTBACKUP.EXEs that cannot solve the problem, try to use the NTDSUTIL.EXE to fix the Active Directory database.
General restoration
To back up the Active Directory database in advance, NTBACKUP.EXE programs should be used on the domain controller, NTBackup.exe is the environment of the graphical interface, which can be run from the system tool of the Start menu. The "System Status" must be selected during the backup process so that you can back up the active directory.
There are two cases of system failure, one is that the system completely crashes can't start; the other is just a directory service failure and the operating system can also start. If the former, you must first repair the system, such as reinstalling Windows Server 2003, and then debugging the functionality of the network, and then performs the recovery of the active directory database.
Regardless of which tool to use, you must repair the directory service to complete the Directory Service Restore Mode of the Domain Controller, because it cannot be modified to it when the directory service is working. The method of entering the "directory service restore mode" is: Press the F8 function key when the Windows Server 2003 domain controller is started, then select "Directory Service Restore mode" in the menu. The system started in this mode, the directory service is turned off, so after entering the system, you can run the corresponding tool software NTDSUTIL.EXE or NTBACKUP.EXE to fix the active directory service database.
After running NTBackup.exe, you can complete the system's restore work in accordance with the Guidelines of the Restore Wizard, but don't forget, you must select "System Status" when you choose to restore projects, as shown in Figure 1, so that you can fix the included directory service. Some system information, otherwise only the general file content can be restored. "Authority" recovery
The way only NTBackup.exe repairs the Windows Server 2003 record service is "non-authoritative" recovery, mainly for small network environments for single area controllers, or only want to recover the structure of the Active Directory database without can't care about it. Happening. Because the various information of the directory service will automatically copy between the domain controllers, the update of information when copying is based on the version of the active directory database, that is, it is compared The version number of the Active Directory database determines which activity directory database is the latest. The activity directory database recovered with NTBackup.exe is generally the old version of the previously backed up, so after the directory service is restarted, the old information inside it will be covered by the current latest activity directory database information on other domain controllers. .
But at some time, the system needs to return to the previous directory service environment, such as due to system administrators' error configuration, resulting in some information of the current directory service to be modified or deleted, and "authoritative" recovery is used.
To perform "authority" recovery, use NTDSUTIL.EXE tools. The so-called "authoritative" is authorized to authoritatively active directory databases to authoritatively, forced the active directory database saved in other domain controllers in the network. Due to this characteristics, it is very careful when using NTDSUTIL.EXE, so as not to change the entire network directory service due to false operation.
Similar to NTBackup.exe, start the "Directory Service Restore Mode" of Windows Server 2003 when performing NTDSUTIL.EXE. If you are used in conjunction with NTBackup.exe, you can restart the system after running NTBackup.exe, and directly execute NTDSUTIL.EXE, authorize this unit as authority.
NTDSUTIL.EXE is a program for the character interface. You need to enter NTDSUTIL in the command line to run, this is different from NTBackup.exe, as shown in Figure 2, to get the help of the relevant command, you can enter the question mark (?) To query.
When performing "authority" recovery, first execute the "Authoritative Restore" command in the ntdsutil.exe environment, then execute the "RESTOREDATABASE" command, as shown in Figure 2, the system pops up the dialog window asking if the restore is confirmed, if confirmed, the system is Start fix the directory service, then you can exit the NTDSUTIL.EXE environment with the "quit" command.
The repair work will set this unit activity directory database to the authority. The method is to automatically add a large number of version numbers in the unit activity directory database, such as 10,000, which is played through the Internet. Active directory database on other domain controllers is subject to this high version of the Active Directory database. The version number of the Active Directory database is 10,000 is the default setting when the system is "authoritative". If you want to change this default value, you can follow the prompts in Figure 2 to set up new addending with the "RESTORE DATABASE VERINC" command. the amount. After "authoritative", restart WindowsServer 2003, information on all directory services in the network will be restored according to the information status of this unit.
It can be seen from the above discussion that the protection of directory services on the Windows Server 2003 is relatively complete. In various practical repair tools, NTBackup.exe is most common, it is not only able to recover file records, which can also fix system information such as damaged activities, so administrators should develop a valid daily backup plan for emergency. Time to use. If the method of backup restore cannot be satisfied with the method of the backup restore, the user can also choose to use the NTDSUTIL.EXE tool as a solution to avoid the network system paralysis. Ni
