Active Directory Backup and Restore |
This section describes how to back up Active Directory using the Microsoft Windows 2000 backup and restore tool, Backup. Backup is a system tools accessory in the GUI. You can also access Backup at the command prompt by typing Ntbackup. This tool is used to back up and restore Active Directory (as well as other services) so that you can restore data or system components in the event of some unforeseen or inadvertent failure. Specifically, the Backup tool allows you to back up and restore the following:
As mentioned earlier in this chapter, the System State data includes Active Directory and all other system components and services on which Active Directory is dependent. On a Windows 2000 domain controller, the System State data encompasses the system startup files, system registry, COM+ class registration database, File Replication service (the SYSVOL directory), Certificate Services database (if it is installed), Domain Name System (if it is installed), Cluster service (if it is installed) and Active Directory. The DNS data includes DNS zone information that is Active Directory–integrated. The Cluster service data includes any registry checkpoints and the quorum log, which contains the most recent cluster database information. Active Directory includes the following files:
Note
By default, Active Directory is located in the directory Winnt\Ntds. However, you can designate a different location when you promote a server to a domain controller.
The Backup tool has a Backup wizard that guides you through the backup process, or you can use the GUI to manually complete the process. Procedures for backing up the System State data are described below.
To back up System State data using the Backup Wizard
You can also set advanced backup options using the Backup Wizard by clicking Advanced on the final wizard screen. This allows you to set or configure several parameters, including: data verification, hardware compression, media labels, whether you want the backup job appended to a previous job, and whether you want to schedule the backup to run unattended at another time. Data verification is particularly useful. If you choose this option, Backup checks to see whether there are differences between the files it backed up from the domain controller and those copied to the backup media. The results of the verification are reported in the Event Viewer. If there are differences in the files, the event type is "Error." Otherwise, the event type is "Information." For more information about errors that might be encountered while creating a backup, see Microsoft Platform SDK link on the Web Resources page at http://windows.microsoft.com/windows2000/reskit/webresources. For more information about how to use the Backup tool, including information about backup options, see the Windows 2000 Server Help.
Important
For full disaster recovery, back up all of the drives and the System State data. You can do this by running the Backup tool and choosing Back up everything on my computer on the What to Back Up screen from Backup Wizard.
To back up System State data manually by using the GUI
Note the following when using the Backup tool to back up System State data and other files:
Important
Because the Backup tool only supports local backups of Active Directory, you must perform a backup on every domain controller in the enterprise to entirely back up Active Directory. (Active Directory cannot be backed up on a remote computer.) This is a limitation of the Windows 2000 Backup tool; many third-party backup programs remotely back up and restore Active Directory.
For more information about resolving problems encountered during backup and about using Event Viewer, see "Active Directory Diagnostics, Troubleshooting, and Recovery" in this book.