Active directory refers to a directory service in a Windows 2000 network. It has two functions:
1. Directory service function.
Active Directory provides a set of directory service features that centralize organization management and access to network resources. Active directory makes network topologies and protocols transparent to users so that users on the network can access any resource, such as a printer, without knowing the location of the resource and how it is connected to the network. Active directory is divided into areas for management, which allows it to store a large number of objects. Based on this structure, Active directory can be expanded as the enterprise grows. From a http://www.aliyun.com/zixun/aggregation/9348.html "> Small enterprise that has only one server that stores hundreds of objects, expand to a large enterprise with thousands of servers that store millions of objects.
2. Centralized management.
Active Directory can also centrally manage access to network resources and allow users to access all resources on Active Directory only once. Active Directory stores information about objects on the network and makes this information available to users and network administrators for directory services. Active Directory allows network users to access resources at any location on the network through a single logon process. It provides network administrators with an intuitive view of the network hierarchy and a single point of management for all network objects. More importantly, the technology can also be used to ensure that only authorized users or applications can be allowed to implement access calls against related resources on the basis of security assurances.
Suppose a large enterprise's ad (Active directory, directory services) database has thousands of user data, one day the ad database was intentionally or unintentionally destroyed, resulting in the loss of user data, this time if the data recovery, then the workload will undoubtedly be staggering.
Therefore, experienced network management usually regular AD database backup, when the ad database problems, you can easily complete the AD database data restoration. Of course, there are a lot of network management for such an important backup operation does not understand or ignore.
Backing up the AD database
Backing up the ad database is not complicated because backup operations are done through the Backup wizard, so even novice network administrators can easily get started.
Click "start → program → attachment → system tools → backup", click "Next" button in the Open Backup or Restore Wizard dialog box to go to the Backup or Restore selection dialog box.
After you select the "Back Up files and Settings" Item, click the "Next" button to go to the "content to back up" dialog box, select the "Let me choose what to back Up" item and click the "Next" button. In the items to back Up dialog box, expand desktop → My computer, and then check the System state item.
In the next step, in the backup type, destination, and Name dialog box, select the storage path for the backup file as prompted, and set the name of the backup file, and click the Next button. Then click the "Finish" button in the Open dialog box.
At this point, break other actions on the computer system, because the backup operation of the AD database will begin after a short time.
Restoring the AD Database
Compared to the AD database backup operation, the AD database restore operation is slightly more complicated. Because in addition to being prompted by the Backup Wizard, additional actions are required to successfully complete the restore. The main reason is that AD database restore operations are not possible because the ad service is running properly.
Therefore, the restore operation of the ad database should be done in the following manner:
1. Access to Directory Services Restore Mode
Restart your computer before entering the initial screen of Windows Server 2003, press F8 to enter the Windows Advanced Options menu interface. You can select the Directory Services Restore Mode (Windows domain controllers only) item from the UP and DOWN ARROW keys on the keyboard.
After the carriage return confirmation, uses the account which has the Administrator privilege to log on the system, at this time can see the system is in the safe mode.
2. Using the Restore Wizard
After entering the Directory Service Restore mode, click "start → program → attachment → system tools → backup" and click "Next" button in the Open Backup or Restore Wizard dialog box to go to the Backup or Restore Selection dialog box and select "Restore Files and Settings". In the Restore Project dialog box, select the backup file, and then click the "Finish" button in the pop-up interface. Wait a moment, the system will pop up a warning box, click the "OK" button, confirm the database overwrite operation can start the AD database restore.
After the restore operation is complete, click on the "Close" button in the dialog box to finish. Finally, a "Backup Utility" prompt will pop up and click "Yes" to restart your computer.
Finally, to remind you that some friends will restore the ad database when you forget the original set of restore password (add ad service settings), this time can not enter the directory Restore mode.
In this case, please do not panic, because we can click "Start → run" in the pop-up run, enter the "Ntdsutil" command method, in the pop-up window into the directory Restore Mode password reset operation.
After you have successfully set the restore password, you will also need to restart your computer to enter directory Service Restore mode using the new restore password after reboot.