Synchronizing Active Directory with Exchange Server Directory Service |
Before you establish the first connection agreement, it is important that you develop a plan for backing out of the directory synchronization operation and for backup and recovery of data. Work with the network administrators in your organization to create the backup and recovery plan for directory synchronization, which will become a part of the master backup and recovery plan.
This section describes how to back out of a synchronization operation, whether data originates from Exchange Server 5.5 directory service or Active Directory. Additionally, you will find some suggestions on when to back up the directories, and the tools that will help you perform the backup.
Circumstances could occur where you will need to stop the directory synchronization operation in mid-session and cancel all changes made by the ADC. In all cases, you should delete the connection agreement or disable it before you begin the recovery process. The method for recovering the Active Directory to the original state differs depending on how the ADC connection agreement is configured to synchronize the data.
In every instance, you should backup each domain controller that the ADC connects to (or is being written to) using the appropriate Windows 2000 Server backup tools. Of course, you should also back up the Exchange Server 5.5 directory or directories that the ADC is connected to. The backup tools you use must support authoritative restore in order for the documented recovery methods to work. An authoritative restore brings a domain or a container back to the state it was at the time of backup and overwrites all changes made since the backup.
For more information about authoritative restore see the chapter "Active Directory Backup and Restore" in the Microsoft® Windows® 2000 Server Resource Kit Distributed Systems Guide.
Two situations which might require you to back out of a synchronization in progress are as follows:
The connection agreement is configured to populate new objects (Contacts and Distribution Groups) in the Active Directory. In this particular case, you would create a dedicated OU where you place only the objects created by the ADC. The recovery method would be to delete the OUs specified in the connection agreement. This removes all the objects created by the connection agreement in the OU. If any other Active Directory objects were placed in this OU (such as Users or Printers) they are also deleted when the OU is deleted. The Users and Printers objects have to be moved before deleting the OU to prevent loss of data.
The ADC is configured to populate the fields of existing objects with information stored in the Exchange Server directory. You can spread the objects across different containers on the domain controller. Canceling the changes made by the ADC requires an authoritative restore in this situation. This cancels the changes made by the ADC but it may cause loss of data. Additionally, all other changes since the last backup in the selected domain or container are also lost.
You could run an authoritative restore against individual containers. First you would determine which containers have been affected and then perform an authoritative restore against these containers.
For more information about disaster recovery, see the chapter "Determining Windows 2000 Storage Management Strategies"in this book, or see the chapters "Backup" and "Repair, Recovery, and Restore" in the Microsoft® Windows® 2000® Server Resource Kit Server Operations Guide.