Tony, Some clarification: the restore of the Active Directory has two distinct pieces. The backup product puts the files (db, logs, etc.) back into the proper location and then the system, upon reboot, replays the logs and synchronizes the AD with the organization. This synchronization is by default "non-authoritative", i.e., what is restored gets synchronized by "catching-up" to the rest of the organization.
Some of the cases that you list imply an "authoritative restore", i.e., the rest of the organization needs to synch-up to what has been restored. Microsoft does not give backup vendors the ability to mark the AD restore as authoritative. To do this, you will need to use the tool "ntdsutil.exe" which is shipped with Windows 2000 servers. This allows you to mark an object, container, section or entire AD as authoritative. Generally, the procedure is: 1. restore the system following the procedures in the Redbook (see my previous post) 2. reboot into Directory Services Restore Mode 3. use ntdsutil.exe to mark the restore as authoritative 4. reboot again. Since ntdsutil.exe is Microsoft's tool, you might need to have MS support stand by TSM support until any issues are resolved. Thanks, Jim Smith TSM b-a client development Given the Examples of backup reasons below: Has any one every had a AD corruption that that used TSM to recover from after the GC's have already replicated that corrupted data out? If so, did TSM support stand by them all the way until the issue was resolved?? We are sort of leery about using TSM so the simple reason that they always say "We do not support BMR" and on a DC with AD this is critical..... Any help would be great **************************************************** "1.) Botched Schema update 2.) Accidental deletion of OU (or any other object) 3.) Database corruption **** (AD Corruption) 4.) System State. 5.) Accidentally deletion of a DNS zone 6.) Some DC's are also File/Print servers, DHCP, etc. *** Some of these scenarios would require an authoritative restore or a complete rebuild of the Active Directory, as some changes are replicated immediately." **************************************************** -----Original Message----- From: Jon Adams [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 11, 2002 1:09 AM To: [EMAIL PROTECTED] Subject: Re: Backup a W2K Domain Controller? Thank you Jim. I will add this to the followong reasons I just learned a few moments ago: "Botched" Schema update Accidental deletion of OU (or any other object) Database corruption System State Accidentally deletion of a DNS zone Some DC's are also File/Print servers, DHCP, etc. Some of these scenarios would require an authoritative restore or a complete rebuild of the Active Directory, as some changes are replicated immediately. ...and as you mentioned Jim, time to synch. verses restore. -----Original Message----- From: Jim Smith [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 10, 2002 5:57 PM To: [EMAIL PROTECTED] Subject: Re: Backup a W2K Domain Controller? Jon, I'm sure there are a number of pros and cons and I'll let others chime in ... one advantage of having a backup of the Active Directory on a given DC is time to recovery. While you can bring an active directory back by simply installing it and letting it synchronize to "catch-up" to the rest of the organization, this synchronization can take quite a long time depending on the size of the directory. In this case, a backup product can give you a point-in-time copy of the active directory such that the synchronization process only has to "catch-up" from a time in the recent past. The time to restore from a tape can be much quicker then doing a synchronization from ground-zero. - Jim J.P. (Jim) Smith TSM Client Development Here's an interesting question: why would you want to backup a DC, especially where you have a DC (W2K) or two in every remote site of the WAN? Why/what would you ever restore that you wouldn't get from the other domain controllers if one or even a few are down? I ask this because my theory is "when in doubt, backup it up". At a couple hundred dollars a license it seems a reasonable assurance policy (depending on the budget, of course). Another theory applies here as well, "backup everything, exclude only as needed, even if that client options set gets pretty big". ____________________________________________ Jon R. Adams IT IPS BST Infrastructure Premera Blue Cross Mountlake Terrace, WA 425-670-5770 [EMAIL PROTECTED]
