AD backup and standard Restoration

You have heard of database backup and restoration, such as SqlServer, El, and other databases. OK. We will discuss the backup and restoration of the ActiveDirectory database in this section. Active Directory database backup is a very important task in the enterprise application environment.

You have often heard of database backup and restoration, such as SQL Server and El. OK. We will discuss backup and restoration of the Active Directory database in this section. Active Directory database backup is a very important task in the enterprise application environment.

You have heardBackupAndRestoreFor exampleBackupAndRestore. OK. We will discussBackupAndRestore.

Active Directory DatabaseBackupIt is a very important task in the enterprise application environment, whether it is single-domain control, single-domain multi-domain control, or multi-domain control environment, active Directory DatabaseBackupAll work that needs to be done frequently.BackupBenefits:

1,DisasterRestore.For a single-domain, single-domain enterprise environment, if Active Directory is ill, such as misoperations, disks, and other reasons, if weBackupActive Directory database,RestoreIt is very easy. Of course, the same principle is true for single-domain multi-domain control environments and multi-domain control environments, and the steps are relatively cumbersome.

2,Transfer Data.If we want to build an extra-Domain Controller in the current domain, whether the new extra-Domain Controller is in the same geographical location as the primary domain controller or in different geographic locations. PassBackupIt is very time-effective to transfer data.

The experiment environment in this section, as shown in figure

650) this. width = 650; ">

I,BackupPreparations

Understand the working process of Active Directory

When we interact with the Active Directory, such as adding, updating, deleting, and removing objects in the Active Directory, we actually adopt a transaction mechanism in the business logic. Transactions that follow the ACID principle do not exist. Transactions are everywhere in relational databases, which are also common in enterprise application systems. All operations in a transaction are either successful or not done.

When you modify data in the Active Directory, the following process is completed:

650) this. width = 650; ">

The procedure is as follows:

1. We submit a write request to the Active Directory.

2. AD initializes a transaction based on the write request.

3. Then, the Active Directory caches the transaction in the memory,

4. At the same time, AD writes the transaction operation to the transaction log file edb. log.

5. Then, AD writes the transaction operation result to the database file ntds. dit on the disk.

6. Then, AD compares the database files and log files to ensure that the transaction is committed.

7. Finally, the AD updates the checkpoint file edb. chk.

Understand Active DirectoryFunctions of database files

650) this. width = 650; ">

1. The ntds. dit file is the legendary Active Directory database file. It stores all the AD object data in the DC. The extension dit indicates the directory information tree, which indicates the directory information tree.

2. edb. log is a transaction log file. It stores changes in Active Directory. That is to say, edb. log is a record of changes to Active Directory. The default transaction log name is edb. log, the file size of each transaction log is 10 MB, when the file edb. when the log is full, it is renamed as edbxxxx. log, re-create a change record file, and old record files that are not required will be automatically deleted. Xxxx indicates the file number, which increases progressively from 0001. When writing change data to the memory, the AD also writes the change data to the Change Record File (edb. log ). If the system is not properly shut down and data that has not been written to the Active Directory is lost, after the system is restarted, the system can run according to the checkpoint file edb. chk to know from the change record file edb. which data in the log starts to use the change record file edb. the change records in the log will continue to be written to the change records that have not been written to the Active Directory database before shutdown.

3. edb. chk is a "checkpoint" file. The deb. chk file is updated every time the Active Directory writes data to the Active Directory. In order to record the changes in the file edb. log relative to the memory which has been written to the Active ctor database. This file is used to maintain the Data Pointer between the memory and the Active Directory database on the disk. The pointer of this file indicates the starting point of the log file edb. log. If an error occurs, the information will be overwritten from this starting point.

4. res1.log and res2.log are two reserved transaction log files, each of which is 10 MB. When the disk space is insufficient or the disk space is exhausted, it becomes the application scenario of the two files.

We wantBackupWhat?

BackupActive Directory database, in fact, isBackupThe Active Directory database file and the SYSVOL folder, while the Active Directory database file and the SYSVOL folder both belong to the system state file.BackupSystem Status FileBackupActive Directory database.

II,BackupActive DirectoryDatabase

BackupFirst, create a Beijing Branch OU and two user accounts bob and terry under the Beijing Branch OU on the domain controller. At the same time, use the bob domains in client client1. For example

650) this. width = 650; ">

Then we startBackup:

Step 1: On Server 1, click Start> Run, enter ntbcakup, and press Enter. For example

650) this. width = 650; ">

Step 2:BackupAndRestoreIn the wizard dialog box, select "Advanced Mode" and click "Next. I personally like this mode. In fact, it is the same as the wizard mode. You can select it based on your own situation. For example

650) this. width = 650; ">

Step 3: Select"Backup"Tag, such

650) this. width = 650; ">

Step 4: Select System State and Click Browse to selectBackupFile Storage folder, where the ADbak folder is created by ourselves, and Backup. bkf isBackupThe default file name, of course, can also be renamed. Click StartBackup"Button, such.

650) this. width = 650; ">

Step 5: Select plan and advanced, depending on the situation of your enterprise. In fact, a plan is to create a scheduled job, but advanced jobs can choose normal, incremental, differential, copy, five types of dailyBackupType. Click StartBackup"Button, as shown in figure

650) this. width = 650; ">

Step 6: in progressBackupSystem State ). For example

650) this. width = 650; ">

Step 7:BackupFinished. SomeBackupInformation. Click the close button, as shown in figure

650) this. width = 650; ">

Step 8: Switch toRestoreAnd manage media.BackupSystem State. The method is copyBackup, Such

650) this. width = 650; ">

Iii. Active DirectoryDatabaseRestore

We useStandardRestoreComeRestoreActive Directory database.StandardRestore(Normal restore) is also called unforcedRestore(Nonauthoritative restore), also known as non-verificationRestore. There are many names. J!StandardRestoreJust remove the Active Directory database fromBackupMediumRestore,StandardRestoreIt is often used in small and medium-sized enterprises with single-domain control. In addition, we often useStandardRestoreMatching is mandatoryRestoreCome to disasterRestoreSo here we will first demonstrateStandardRestore. MandatoryRestoreAnd mainRestoreSubsequent articles and talks.

To demonstrateStandardRestoreFirst, we will delete the Beijing Branch ou in the contoso.com domain. Two user accounts bob and terry under the OU are also deleted. Then we useStandardRestoreFind them. Let's get started.

Step 1: restart the domain controller server1 and press F8 to go to the "Windows Advanced Options Menu". Then, select "directory service ".RestoreMode (for Windows Domain Controller only )".

650) this. width = 650; ">

Step 2: select the operating system, as shown in figure

650) this. width = 650; ">

Step 3: Enter the Directory ServiceRestoreThe account and password in the mode, and the directory service we set when installing the Active DirectoryRestoreMode account password? Yes, that is.

650) this. width = 650; ">

Step 4: start running-> enter ntbackup-> select "Advanced Mode"-> switchRestoreAnd manage media-> select System State. Click StartRestore", Such.

650) this. width = 650; ">

Step 5: click OK. For example

650) this. width = 650; ">

Step 6: Click OK. Of course, you can switch to advanced to see and create offline.BackupFile timeRestoreWhat is the difference between the advanced level. The second item is selected by default. The two secondary diagrams below

650) this. width = 650; ">

650) this. width = 650; ">

Step 7: in progressRestore, Such.RestoreARestoreComplete Report Dialog Box.

650) this. width = 650; ">

Finally, we restart the domain controller server1 and find that the deleted Beijing Branch OU and bob and terry user accounts under it have beenRestore.

Li Tao's technical Column