A full server recovery is more complex than a single mailbox recovery. Full server recovery is defined as restoring an original production Microsoft Exchange Server so that all Windows NT security and configuration information as well as Microsoft Exchange Server configuration information and other data is recovered. A full server recovery enables users to use their current passwords to log on to their mailboxes when the recovery server is deployed.
Although single-mailbox recovery requires that only the information store be restored, full server recovery requires that both the information store and directory service be restored. Microsoft Exchange Server relies on Windows NT security for providing access to mailbox data. Microsoft Exchange Server uses Windows NT account SID information in object properties within the Microsoft Exchange Server directory.
A full server recovery is a special case because Windows NT is reinstalled and a new registry is created. In this situation, a new Windows NT security identifier (SID) must be created for the recovery computer in the domain.
Note The Windows NT Registry can be restored to the same physical computer. This can be useful when you are replacing a hard drive on the same computer. In this case, if you restore the Windows NT Registry, the computer maintains its unique security identifier (SID), so you do not need to create a new SID.
In addition to performing a full restore of the Microsoft Exchange Server databases (information store and directory), it might also be necessary to restore the Windows NT security accounts manager (SAM) database. Microsoft Exchange Server automatically adds two accounts upon initial installation ¾ the Windows NT service account and the Windows NT account. Although both accounts receive special privileges during installation, to restore the Microsoft Exchange Server directory service, you need only the Windows NT account SID used during the original installation. The Microsoft Exchange Server directory service will not be accessible unless this SID exists in the Windows NT environment. If no domain controllers for the original domain are available, you must restore the Windows NT primary domain controller security accounts manager.
You need the following items to implement a full server recovery:
For a successful directory service recovery, two key conditions must be met:
A full server recovery usually involves three computers¾two computers in production and one nonproduction or non-essential computer (meaning that such a computer is in production performing some other task but is available at any time for recovery). One computer is a primary domain controller. The second computer, usually a Microsoft Exchange Server computer, has been configured as a backup domain controller. The third computer is designated as the recovery server.
Note It is not necessary to configure a backup domain controller as long as the primary domain controller is available to authenticate account and password information.
The requirement for a configuration that incorporates a primary domain controller, backup domain controller, and recovery server is because of the way in which Microsoft Exchange Server uses the Windows NT security accounts manager database to provide authentication to directory objects. Because full server recovery includes the information store and directory, it requires access to the security accounts manager from the domain in which the Microsoft Exchange Server computer was first installed. When the Microsoft Exchange Server directory is restored, it expects the security properties of all directory objects to match the Windows NT security accounts manager for the respective accounts.
As an example, suppose there is a dedicated primary domain controller, a production Microsoft Exchange Server computer that acts as a backup domain controller, and a recovery server. The production Microsoft Exchange Server computer (which is also a backup domain controller) fails. You can build a Windows NT domain controller from the recovery server with the same computer name as the Microsoft Exchange Server computer that failed. You can then connect this computer to the domain as a backup domain controller, which provides you with a copy of the security accounts manager from the domain in which the production Microsoft Exchange Server computer resided. To do this, use Server Manager. First delete the original computer name, the backup domain controller definition, from the primary domain controller. Then add it again during the backup domain controller installation. This procedure is necessary because each computer name receives a unique SID when it is added to the domain; you also must have a new SID for the recovery computer. After you have done this, install Microsoft Exchange Server using the same site and organization name. By default, the same server name is used because Microsoft Exchange Server uses the computer name to create the Microsoft Exchange Server name. If you are recovering a server and joining an existing site during this reinstallation, see Microsoft Exchange Server Operations.