NetBackup for ad granularity recovery

As an ad administrator, routine backup and recovery is an important task, but in most cases, administrators may need to face recovery of ad objects that are not restored to an entire domain controller, but some accidentally deleted, in a Windows Server AD domain, which can be authorized to restore from an ad backup, However, it must be done in Directory Services Restore Mode (DSRM), the domain controller remains offline during the restore process, the service is not available, and the ad Recycle Bin feature is introduced in Windows Server R2 to minimize the downtime of the directory service and facilitate the recovery of the ad object. However, to use the ad Recycle Bin feature requires the forest functional level of ad for Windows Server R2, this article describes granular backup and recovery of AD using NetBackup.

test Environment Introduction :

1. NetBackup Server

NetBackup version: 7.6.0.1

Host Name: Nbusrv

Operating system: Windows server R2

NetBackup role: Master server, Media server

2. Domain Controller

Host Name: SVR01

Operating system: Windows server R2

Test steps:

1. NFS Service with NetBackup Media server enabled

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/37/FA/wKiom1OyE2SB87BUAAHZUlM3jSU871.jpg "title=" 1.png " alt= "Wkiom1oye2sb87buaahzulm3jsu871.jpg"/>

2. Change the Client for NFS service startup type of NetBackup Media server to Disabled

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/38/19/wKiom1OytCuB8OdMAADn8NnH9WY059.jpg "title=" 2.png " alt= "Wkiom1oytcub8odmaadn8nnh9wy059.jpg"/>

3. Change the Server for NFS service startup type of NetBackup Media server to Disabled

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/38/19/wKioL1OytEmAGyLSAAFRrGt1-qk570.jpg "style=" float: none; "title=" 3.png "alt=" Wkiol1oytemagylsaafrrgt1-qk570.jpg "/>

4. Add the Altnames folder under the <install path>\veritas\netbackup\db path of the NetBackup server and create a new file under this folder No.restrictions, note with a file extension of restrictions

If you do not have this step, the ad backup will appear with error code 1

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/38/19/wKiom1OytHihfPC8AAEZTVDZiN0613.jpg "style=" float: none; "title=" 4.png "alt=" Wkiom1oythihfpc8aaeztvdzin0613.jpg "/>

5, modify the service startup type, run sc config portmap start= auto

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/38/19/wKioL1OytErAjOo7AACIMWHa19A930.jpg "style=" float: none; "title=" 5.png "alt=" Wkiol1oyterajoo7aacimwha19a930.jpg "/>

6. Configure the NFS service on the domain controller SVR01

The NFS service is installed by default on the installed domain controller

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/38/19/wKiom1OytHqQeBrEAAKCsHT2_9g113.jpg "style=" float: none; "title=" 6.png "alt=" Wkiom1oythqqebreaakcsht2_9g113.jpg "/>

7. Change the Server for NFS service startup type of the domain controller to Disabled

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/38/19/wKiom1OytwmTNm6yAAD1BhtS4fc012.jpg "style=" float: none; "title=" 7.png "alt=" Wkiom1oytwmtnm6yaad1bhts4fc012.jpg "/>

8, modify the NetBackup Client service running account, the account must have domain administrator rights, modify and restart the service to take effect

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/38/19/wKioL1OyttvxWM83AAGnPofzC2k595.jpg "style=" float: none; "title=" 8.png "alt=" Wkiol1oyttvxwm83aagnpofzc2k595.jpg "/>

9. Create a new ad backup policy to enable granular recovery

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/38/19/wKiom1OyuOKgUWgUAAP89p9Q6Lo688.jpg "title=" 9.png " alt= "Wkiom1oyuokguwguaap89p9q6lo688.jpg"/>10, new backup plan, select the backup frequency and retention period according to the actual situation, here test environment, only for demonstration

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/38/19/wKioL1OyuBaStvNeAALN7IXYrOk950.jpg "style=" float: none; "title=" 10.png "alt=" Wkiol1oyubastvneaaln7ixyrok950.jpg "/>

11. Select the backup client as the domain control SVR01

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/38/19/wKiom1OyuEXxFv0TAAGR4ZImiO8889.jpg "style=" float: none; "title=" 11.png "alt=" Wkiom1oyuexxfv0taagr4zimio8889.jpg "/>

12. Select Backup System Status

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/38/19/wKiom1OyuEbxVeWUAAFc6lJZ_Jw260.jpg "style=" float: none; "title=" 12.png "alt=" Wkiom1oyuebxvewuaafc6ljz_jw260.jpg "/>

13. Perform backup

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/38/19/wKioL1OyuCbx2PrVAAS_ODsq7ac564.jpg "style=" float: none; "title=" 13.jpg "alt=" Wkiol1oyucbx2prvaas_odsq7ac564.jpg "/>

14, delete user oraadmin, this user belongs to Oracle Admin

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/38/19/wKioL1Oywj7T5jHmAAI8VSM_dnE515.jpg "style=" float: none; "title=" 14.jpg "alt=" Wkiol1oywj7t5jhmaai8vsm_dne515.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/38/19/wKioL1OyxpuDsbMkAAHK4LFgGpU598.jpg "title=" 17.jpg "alt=" Wkiol1oyxpudsbmkaahk4lfggpu598.jpg "/>

15. Remove the server Admin global group, which has a member group Oracle Admin

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/38/1A/wKiom1OywnSQFlNBAAJ9qeUg2O0909.jpg "style=" float: none; "title=" 15.jpg "alt=" Wkiom1oywnsqflnbaaj9qeug2o0909.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/38/19/wKioL1OyxtPj16CfAAH0DPG-ooU138.jpg "title=" 18.jpg "alt=" Wkiol1oyxtpj16cfaah0dpg-oou138.jpg "/>

16. Delete HR organizational unit

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/38/1A/wKiom1OyxxuyYHZVAAGwUCm8dog414.jpg "title=" 19.jpg "alt=" Wkiom1oyxxuyyhzvaagwucm8dog414.jpg "/>

17, perform the recovery operation, select the Ad object to recover-"restore from Normal Backup"-"Start restore of Marked Files"

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/38/1A/wKioL1OyzDTDiyyEAAOzQ_3F-nY779.jpg "title=" 20.jpg "alt=" Wkiol1oyzdtdiyyeaaozq_3f-ny779.jpg "/>

18. Restore option remains the default

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/38/1A/wKioL1OyzQXxMEsaAAGMTI64nHo046.jpg "style=" float: none; "title=" 24.jpg "alt=" Wkiol1oyzqxxmesaaagmti64nho046.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/38/1A/wKioL1OyzQ_SKEUeAAL83SJsvyo950.jpg "style=" float: none; "title=" 25.jpg "alt=" Wkiol1oyzq_skeueaal83sjsvyo950.jpg "/>

19. NetBackup Recovery Success

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/38/1A/wKiom1Oyx5nimQbNAAWFzc-Ts64938.jpg "style=" float: none; "title=" 21.jpg "alt=" Wkiom1oyx5nimqbnaawfzc-ts64938.jpg "/>

20, check the recovery of the account Oraadmin, account status is disabled, group membership relationship is also restored

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/38/1A/wKioL1Oyx3Tg_pFEAAL3mhokilI110.jpg "style=" float: none; "title=" 22.jpg "alt=" Wkiol1oyx3tg_pfeaal3mhokili110.jpg "/>

21, Global group Server Admin restore success, team member relationship also restored

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/38/1A/wKiom1Oyx6mR-seMAAJKfOTQjNo889.jpg "style=" float: none; "title=" 23.jpg "alt=" Wkiom1oyx6mr-semaajkfotqjno889.jpg "/>

21. Successful recovery of organizational unit HR

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/38/1B/wKiom1OyzrfQl2QIAAEr6e0FXYI543.jpg "title=" 26.jpg "alt=" Wkiom1oyzrfql2qiaaer6e0fxyi543.jpg "/>

At this point, the granular backup and recovery of AD has been completed successfully, including the Configuration of NFS, the whole process is relatively simple, does not require complex operations and PowerShell commands, the Ad object recovery also will be the object's link properties (such as the user's group membership) recovery, no additional action is required, The time it takes to recover depends on how many ad objects you want to recover, in general it can be done in minutes, small friends, and have an environment to try it out.

This article is from the "Kick Old Man" blog, please make sure to keep this source http://winlinux.blog.51cto.com/849329/1433317