Dark Developments Where Knowledge Meets Power


D#B Backup&Recovery Notes [PART1]: Active Directory

Active Directory


With Windows Server 2003 you can make a backup with NTBackup and the corresponding GUI. With this tool it's possible to make a backup from the System State of the machine. System State holds every setting, registry entries, Active Directory and other important system files that can recover a crashed server. In Windows Server 2008 R2 NTBackup this tool isn't available anymore and has been replaced with the Windows Server Backup role. Before you can perform a backup with Windows Server Backup, you have to install the feature, using either Server Manager, or the SERVERMANAGERCMD command-line utility.

servermanagercmd -install Backup-Features

If you are installing Windows Server Backup on a Windows Server 2008 Server Core installation, use the OCSETUP command (it's important to note that the OCSETUP command is case-sensitive):

ocsetup WindowsServerBackup

System state backups, which include only select files and some application databases (rather than entire volumes) is handy and often essential. But early builds of Windows Server 2008 didn't support system state backups and restores. Instead, the backup tool just backed up critical system volumes (meaning any volumes necessary for recovering and rebooting the OS and key applications). These critical system volumes were the volume-oriented equivalent of a system state backup. You can only perform a system state backup using the WBADMIN.EXE command-line program—the MMC snap-in doesn't provide this option. To perform a system state backup, you use this command:

wbadmin start systemstatebackup -backuptarget:<destination>

With this created image you can do a System State recovery. However if you want to be safe and be able to preform a bare metal recovery you'll have to use the allcritical option when running a System State backup.

wbadmin start backup -allcritical -backuptarget:<destination>

Recovery of System State

If you need to recover from some sort of Active Directory-related problem—such as recovering a deleted OU from backup—you should restore the Active Directory Domain Services (ADDS) database to an earlier state, rather than restore the entire system. Even though you can stop ADDS like a service in Windows Server 2008, you still need to boot the server into Directory Services Restore Mode (DSRM) to perform a system state restore on a domain controller. You can boot in Recovery Mode using the BCEDIT-command.

bcdedit /set safeboot dsrepair

Before you use WBADMIN to start a system state restore, you must identify the backup from which you want to restore. WBADMIN can perform a system state restore from either a full system backup, a backup that contains just the critical system volumes, or a system state backup. In any of these cases, you have to specify the version of the backup you want to use.

wbadmin get versions

wbadmin 1.0 - Backup command-line tool

(C) Copyright 2004 Microsoft Corp.
Backup time: 22/2/2007 5:58 PM
Backup target: Fixed Disk labeled Backup(E:)
Version identifier: 12/03/2007-00:58
Can Recover: Volume(s), File(s), Application(s), Bare Metal Recovery, System State

After selecting the backup for you System State backup we'll start the process.

wbadmin start systemstaterecovery -version:12/03/2007-00:58

When the backup is done don't forget to remove the Recovery Flag that we set in the beginning.

bcdedit /deletevalue safeboot

Bare Metal Recovery

When preforming a Bare Metal recovery you will have to boot form the CD-ROM. But instead of clicking on Install Now, you'll have to select the Repair My Computer option, can be found in the lower left corner of the window. When you are asked to select a recovery mode, you'll have to pick Windows Complete Restore.






Followed by this you will have to select the correct backup image from which you will restore the system. It is also possible to select a network share, USB-drive,.. by using the Restore a different backup option and selecting the Advanced button. You can set additional parameters for the recovery: format all drives, restart after recovery, setup drivers,... in the next screen of the wizard.







After that just browse through the wizard and select Finish. You'll system will start the recovery process.


Print Friendly
Comments (0) Trackbacks (0)

No comments yet.

Leave a comment

No trackbacks yet.