Windows 2000 Server Disaster Recovery Guidelines
System administrators must protect their networks from both data loss and machine failure. After providing guidelines for developing a disaster prevention and recovery strategy, this paper provides guidelines for system disaster recovery of machines running Microsoft® Windows® 2000 Server.
The intended audience for this paper is an administrator with experience in backing up and restoring complex systems, who is also familiar with Windows 2000, its Active Directory™ service, and related features such as Active Directory replication, the system volume (Sysvol), and the File Replication Service (FRS).
© 2000 Microsoft Corporation. All rights reserved.
The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.
This white paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT.
Microsoft, Active Desktop, BackOffice, the BackOffice logo, MSN, Windows, and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
Other product and company names mentioned herein may be the trademarks of their respective owners.
Microsoft Corporation •
The quantity of data being stored on computer networks has increased exponentially over the last decade. This data explosion shows no signs of slowing down. In addition, the number of users supported continues to increase, as does the complexity of network systems. In this constantly growing and changing environment, the information technology community must maintain mission-critical applications, prevent excessive downtime, and manage increasing business dependence on computer systems.
System administrators must protect their networks from both data loss and machine failure. This effort encompasses both routine procedures performed on an on-going basis and non-routine steps taken to prevent or recover from unexpected disasters.
Some of the potential causes of failure include:
· Hard disk subsystem failure
· Power failure
· Systems software failure
· Accidental or malicious use of deletion or modification commands
· Destructive viruses
· Natural disasters (fire, flood, earthquake, and so on)
· Theft or sabotage
After outlining a strategy for developing a
disaster prevention and recovery procedures and listing new or enhanced
Windows 2000 file system, data storage, and
The intended audience for this paper is an administrator with experience in backing up and restoring complex systems, who is also familiar with Windows 2000, its Active Directory™ service, and related features such as Active Directory replication, the system volume (Sysvol), and the File Replication Service (FRS). For detailed technical information about these topics, see the section “For More Information” at the end of this paper.
You should develop and thoroughly test a backup and recovery plan before moving any operating system or application from a development or testing environment into a production environment. When testing, you should look for vulnerable areas by simulating as many possible failure scenarios as you can.
For each operating system and application you introduce to your environment, you should answer the following questions:
· What are the possible failure scenarios?
· What is the critical data?
· How often should you perform backups?
· When should you perform a full backup versus an incremental or differential backup?
· To what medium will you send the backup (tape, diskette, disk)?
· Will you perform backups online (while users are working) or offline?
· Will you do the backups manually or schedule them to be done automatically?
· If the backup is automated, how will you verify that it successfully occurred?
· How will you ensure that the backups are useable?
· How long will you save the backups before reusing the medium?
· Assuming failure, how much time will it take to restore from the most recent backup? Is that an acceptable amount of downtime?
· Where will you store the backups, and do the appropriate people have access to them?
· If the responsible system administrator is gone, is there someone else who knows the proper passwords and procedures to do backups and, if necessary, to restore the system?
You should answer these questions for each production environment you manage. However, this is not a complete list—you must determine other questions specific to your particular situation.
Here are some guidelines for developing an effective backup strategy. Again, you should adapt and expand these suggestions to suit your organization’s requirements and goals.
· Develop backup and restore strategies with appropriate resources and personnel, and test them. A good plan ensures that you can quickly recover your data if it is lost.
· Give the responsibilities of backup and restore to an administrator.
· Back up an entire volume to prepare for the unlikely event of a disk failure—this lets you restore the entire volume in one operation.
· Back up the directory services database (Active Directory) to prevent the loss of user account and security information. This must be done locally.
· Each time the Backup utility completes a back up, it creates a log of the backed-up files. Print this backup log each time you perform a backup. Keep a book of logs to make it easier to locate specific files. The backup log is helpful when restoring data; you can print it or read it from any text editor. In addition, if the tape containing the backup set catalog is corrupted, the printed log can help you locate a file.
· If, while a backup is taking place, a file is being used (opened exclusively) by another application, that file will not be backed up. Any file that is not backed up for this reason appears in the log. It is extremely important to understand which files are not being backed up and why—you use the logs to determine this.
· Keep three copies of the backup media. Keep at least one copy offsite in a properly controlled environment.
· Perform a trial restoration periodically to verify that your files were properly backed up. A trial restoration can uncover hardware problems that do not show up with software verifications.
· Secure both the storage device and the backup media to prevent an administrator for another server from restoring stolen data onto your server.
Windows 2000 Server introduces a number of new or enhanced file system, data storage, and
Caution: It is important to understand that these features require the use of backup products that are aware of the new capabilities built into Windows 2000, such as those introduced with the updated NTFS 5.0 file system. Running third-party backup products designed for Windows NT 4.0 could cause loss of data. Check with your backup vendor to ensure that all backup products are Windows 2000 compliant.
· NTFS reparse points
· NTFS directory junctions
· NTFS volume mount points
· NTFS sparse files
· NTFS change journal
· Encrypting File System (EFS)
· Distributed link tracking and object ids
· Volume management
· Disk quotas
· Single Instance Store (SIS)
· System File Protection (SFP)
· Removable Storage
· Remote Storage
· Distributed File System (Dfs)
· Indexing Service
· System boot files
· COM+ Class Registration database
· Performance counters
· Certificate Services database
· System Volume (Sysvol) directory
· Active Directory
· Cluster database
· File Replication Service (FRS)
For detailed technical information about each of these features, see the section “For More Information” at the end of this paper.
Windows 2000 includes a completely rewritten backup utility. The new graphical user interface (GUI) calls this utility Backup, but to invoke it from the command line, you type ntbackup. Backup helps protect data from accidental loss due to hardware or storage media failure.
The updated Backup utility is integrated with the core Windows 2000
Server distributed services, which include Active Directory, File
Replication Service (FRS), and Certificate Services. Active Directory and FRS
can exist only on a Windows 2000 domain controller, not on a member server.
This integration means that—when run locally on a domain controller—Backup lets
you back up or restore these services by checking the
With Windows 2000, data can be backed up to a tape drive, a logical drive, a removable disk, or to an entire library of disks or tapes organized into a media pool and controlled by a robotic changer.
Backup’s new interface includes backup and restore wizards, property sheets for media pools, and direct access to My Network Places via Active Directory.
Backup lets you perform the following tasks:
· Back up selected user files and folders located on your hard disk.
Back up your computer's
Restore backed-up files and
folders to your hard disk or to any other disk you can access (with the
exception of some
· Schedule regular back ups to keep your backed-up data up-to-date.
· Make a copy of Remote Storage data and any data stored on mounted drives.
· Create an Emergency Repair Disk (ERD), which helps you repair system files if they become corrupted or are accidentally erased.
Windows 2000 Backup offers three wizards:
· Backup Wizard. Helps you create a backup of your programs and files to help prevent data loss and damage caused by disk failures, power outages, virus infections, and other potentially damaging events.
· Restore Wizard. Helps you restore your previously backed-up data in the event of a hardware failure, accidental erasure, or other data loss or damage.
· Emergency Repair Disk. Helps you create an Emergency Repair Disk (ERD) that you can use to repair and restart Windows if it is damaged. This option does not back up your files or programs, and it is not a replacement for regularly backing up your system.
To open Backup, click Start, click Programs, click Accessories, click System Tools, and then click Backup. You should see the screen shown in Figure 1.
Figure 1. Starting the Backup utility
Click the Backup Wizard button and follow the onscreen instructions.
On the Backup utility’s Welcome screen, the third choice (in addition to Backup Wizard and Restore Wizard) is Emergency Repair Disk. You can use Backup to create an Emergency Repair Disk (ERD) to help repair problems with your system files (if they are accidentally erased or become corrupt), your startup environment (if you have a dual-boot or multiple-boot system), or the partition boot sector on your boot volume.
Make sure you have a blank 1.44 MB floppy disk, and then start the ERD wizard and follow the prompts.
Important: When you create an ERD, information about your current system settings is saved in the systemroot\repair folder. Do not delete or change this folder, or you may not be able to repair problems with your system.
Know This Before You Start
This section provides information that you must understand before you use the Windows 2000 Backup utility.
As soon as you successfully install Windows 2000, back up the
Never delete Boot.ini, Ntldr, Bootsect.dos, Ntdetect.com, or Ntbootdd.sys (if Windows is installed on a SCSI disk) in the root directory of the system volume. If these hidden system files are deleted, Windows will not start.
When you choose to back up (or restore) the System State, all of
your computer’s System State data is backed up or restored together as a set.
You cannot choose to back up (or restore) individual components of the
When restoring System State, your recovery plan should take into account the fact that the age of the backup tape should not exceed the Active Directory Tombstone Lifetime (this is the length of time that deleted objects are maintained in Active Directory before the system permanently removes them; the default is 60 days). If a tape older than the tombstone is restored, the restore APIs will reject all of the data as out of date. Backups must be done on a regular basis
Backup and restore operations are performed by the following types of users:
· Data. Members of the Backup Operators group can back up and restore data. The Backup Operators group is one of the built-in groups provided by Windows 2000. Any domain user or group granted the user rights Back up files and directories and Restore files and directories can also back up and restore data. To grant a user (or, more typically, a group) these backup and restore rights, use the Group Policy snap-in, which is accessed through the Active Directory Users and Computers tool.
By default, backup files have the extension .bkf. However, you can use any extension you like.
You can use Backup to back up and restore data on either FAT or NTFS volumes. If you back up data from an NTFS 5 (Windows 2000 NTFS) volume, you should in most cases restore the data to an NTFS 5 volume. If you restore the data to a FAT or Windows NT 4.0 or earlier NTFS volume, you will lose certain file and folder features and you could lose data as well. For example, file permissions, EFS settings, disk quota information, mounted drive information, and Remote Storage information will be lost.
Note: File permissions should be restored only if the files are restored to a computer in the same domain as that of the original owner’s account.
Administrators and backup operators can back up (and restore) encrypted files and folders without decrypting them.
There are three different ways to restore replicated data:
· Non-authoritative restore (default). A non-authoritative restore results in the restored data (which may be out-of-date) becoming synchronized with the data on other domain controllers through replication. That is, data from non-failed domain controllers is replicated to the newly restored domain controller. Most restores are non-authoritative. This type of restore is used to provide a start point (the point of time at which backup was taken) for data replication to minimize the replication traffic on the network—only changed data (rather than the entire directory) is replicated. In the absence of this start point, all data would be replicated from other servers.
· Authoritative restore. In contrast, an authoritative restore causes the restored domain controller’s replicated data to be authoritative in relation to its replication partners. Such a restore is unusual, but, when used, has the effect of rolling back the entire network to the point in time of the backup. This action may be used to restore erroneously deleted information of a replicated set of data.
· Primary restore. Use this type of restore when the server you are trying to restore is the only working server of a replicated data set (the Sysvol, for example, is a replicated data set). Typically, perform a primary restore only when all the domain controllers in the domain are lost, and you are trying to rebuild the domain from backup. Select primary restore for the first domain controller and non-authoritative restore for all the other domain controllers.
Table 1 shows which type of restore applies to which type of replicated data:
Table 1. Use the appropriate restore method for each type of replicated data.
Type of Replicated Data
Replicated Data Sets (e.g., Sysvol)
Use the ‘Advanced restore’ option in Ntbackup.
Note 1: To accomplish this, use the Ntdsutil utility after performing the restore process (where to find Ntdsutil and how to do this procedure are described later in this paper).
Note 2: To accomplish this, restore the data to an alternative directory and manually copy the data back to the original directory. The copy will then be the latest source, and it will be propagated to all replicas.
Note 3: To accomplish this, use the Clusrest utility (found in the Windows 2000 Server Resource Kit). This will copy the restored quorum data to the quorum disk.
The non-authoritative, authoritative, and primary methods for restoring replicated data are described in detail below in the section “Restoring and Reconciling Server Services.”
Important. It is critical to practice restoration to ensure the process works in the case of a real emergency.
The restore procedure can be time consuming, depending on the type of media and drive you use. A number of fault tolerant options are available to help avoid machine failure. Consider implementing one or more of these options, especially on a server providing critical service. For example, you can implement a mirrored volume for the boot volume or a RAID-5 volume for data volumes. For more information about mirrored volumes, RAID-5, and other fault tolerant options, see “For More Information.”
During the course of the restoration process, you may be asked for several pieces of information, depending on the configuration of the hardware, the product you are running on the computer, and the services you have running. Because the computer is down at this point, you have no way to reconstruct this information, so it is important to have it written down or printed out before a disaster occurs. Table 2 lists the required information.
Table 2. Required information to perform a successful restore.
Collect This Information Before a Disaster Occurs
Using the Disk Management system utility, record the volumes and
sizes of the disks in your system. You use this information to recreate the
disk configuration in the case of a complete disk failure. All disk
configurations must be restored prior to restoring
Record the computer name. You use this to restore a machine of the same name and avoid changing many different client configuration settings.
If the machine has a static IP address, record it so you can set it up upon restore.
Video mode settings
If the resolution and color depth are important on this particular machine, record these.
Know what domain this machine belongs to and be prepared to set up a new machine account for it. Even if the machine name does not change, it may be necessary to re-establish a new account.
Local administrative password
You must know the local machine’s administrative password used
when the backup was created. If you do not have this information, you
will not be able to log on to the machine once it is restored to establish a
domain account for the machine. If you are not part of the domain, you will
not be able to use a domain account. This applies even if you are domain
administrator. Moreover, the local administrator's password is also required
to restore the
This section provides a flowchart that shows the steps you perform in the event of a hard disk failure, when you must restore the machine from the ground up. You use the restore wizard provided by the Backup tool to restore the system to an operational state.
Note: Using the restore procedure for copying a system from one machine to another is not recommended. To perform an upgrade, use the distribution media.
The flowchart in Figure 2 outlines the steps for restoring a system from a state of complete failure to a known point in time. The flowchart outlines the system restore process at a general level. The details of the processes and applications involved are discussed in the following sections.
Figure 2. Steps to restore a system from a state of complete failure to a known point in time.
If you have to perform a restore, several server services require special attention to make them operational. Table 3 lists the services that require additional effort. The subsections that follow the table provide additional information about restoring each service. The final subsection tells you how to verify the successful restoration of distributed services.
Table 3. How to handle server services when performing a restore
The WINS database is restored to the state it was in at the time of the backup. This may not represent the current state. (See WINS subsection below.)
DHCP leases are restored to the state at the time of the backup. You must perform several steps to reconcile the state of this database to the current state of the network. (See DHCP subsection below.)
During a restore operation, the Remote Storage database is recalled from tape media upon restarting the service—but only if the tapes are available. (See Remote Storage subsection below.)
Certificate Services server
After a restore operation, the Certificate Services server may have outstanding certificates that are now unknown. You can revoke and reissue these certificates or leave the old certificates orphaned. (See Certificate Services Server subsection below.)
Windows Media Services server
After a restore operation, you may have to reinstall the Windows Media Services server because the database containing setup information may be lost. (See Windows Media Services Server subsection below.)
Internet Information Services server (IIS)
If you perform a complete restore, no problems with IIS should arise. If you perform a partial restore, you must follow the backup/restore procedures specific to the IIS service. (See IIS subsection below.)
In a network with more than one domain controller, the default restore method (non-authoritative) is generally the preferred method to restore a failed server. Use the authoritative restore process outlined later in this paper only if you want to get the system back to the state at the time the backup was made(which you would want to do in the case when you erroneously deleted Active Directory objects from the database and you would find it difficult to re-create them). (See Active Directory subsection below.)
If the machine being restored is the only domain controller on the network, you must select a primary restore under the advanced restore options in Backup. Otherwise, use the default (non-authoritative) restore. (See Sysvol subsection below.)
On a TCP/IP network, the Windows Internet Naming Service (WINS) dynamically maps IP addresses to computer names (NetBIOS names). Because of this, WINS lets users access resources by name, instead of requiring them to use IP addresses that are difficult to recognize and remember. WINS servers support clients running Windows NT 4.0 and earlier versions of Microsoft operating systems.
When a server receives a request from a client machine asking for a mapping from a friendly name to an IP address, WINS responds. When a restore is completed, the WINS database is restored, but this database may be out-of-date because the information on the network is dynamic. The database updates itself over time and within a day or two should be consistent. During this time, some name requests may go unanswered or contain incorrect mappings. If the WINS database is replicated among several WINS servers (the recommended procedure), you should initiate replication, which synchronizes the database with the up-to-date server. If no other server is available, it is best to let the database synchronize on its own.
The Dynamic Host Configuration Protocol (DHCP) is a networking protocol that offers dynamic configuration of Internet Protocol (IP) addresses for computers. DHCP ensures that address conflicts do not occur and helps conserve the use of IP addresses through centralized management of address allocation.
The DHCP server allocates IP addresses and other network configuration information to DHCP-aware network clients. Using DHCP is the most common way to distribute IP addresses in a modern network. The DHCP database is restored by the recovery process. However, the database will be out of date back to the date the backup was performed, and this can result in the issuing of duplicate IP addresses. Having duplicate addresses causes those machines to cease all network operations. To avoid this, DHCP has a “safe mode of operations.” In this mode, DHCP broadcasts on the network to verify that the IP address it is about to issue is not already in use. After a restore, the database should be reconciled and safe mode should be entered for a period of one-half of the IP lease duration. Because this mode significantly reduces network and server performance and because entering safe mode for this period of time is sufficient to ensure that DHCP functions properly, Microsoft recommends that you quit this mode as soon as the one-half lease duration is met.
To reconcile the DHCP database, choose the Action menu from the DHCP snap-in and select Reconcile while the scope is highlighted. Then, choose Conflict Detection in the scope properties under Advanced and set the number of attempts to 1.
The Remote Storage service (the Windows 2000 version of Hierarchical Storage Management) frees up disk space by moving data from the local hard disk to a remote storage device (such as tape) from which it can be recalled whenever needed. Users still see and access the data without knowing that it has been archived.
The Remote Storage service cannot recall its database from the Remote Storage tape during the restore operation unless the Remote Storage tape is in the correct drive, that is, the drive configured to be the Remote Storage device or in the robotic library. If any issues with the service exist, the tapes will restore by using the database copy that it stores on the tape. This is an automatic process that requires no user intervention.
Certificate Services is the Windows 2000 service that issues certificates for a particular Certificate Authority. It provides customizable services for issuing and managing certificates for the enterprise.
After performing a restore operation, you do not have to take any special steps for the Certificate Server service. However, on the network, certificates may exist that were issued prior to the restore operation. Although the Certificate Server service is now unaware of these certificates, they are valid and will continue to function.
Internet Information Services (IIS) is a set of software services that support Web site creation, configuration, and management, along with other Internet functions.
If you perform a complete system restore, you do not need to take additional steps to restore IIS. If you perform a partial restore of a file only, you may need to use the IIS MMC snap-in to restore the IIS database. You can find instructions about how to do this in the IIS help pages.
The two methods to restore Active Directory are a non-authoritative restore (the default) and an authoritative restore. The authoritative restore can be done only following a regular (non-authoritative) restore and you must use the Ntdsutil utility to accomplish it. Therefore, the default (non-authoritative) restore process is the only option that Ntbackup provides for restore.
Note. In order to restore Active Directory while in Directory Services Restore Mode (described next), you must have Local Administrator credentials.
Use these steps to perform a non-authoritative restore of Active Directory:
1. Boot into Directory Services Restore Mode. This ensures that the directory is offline. In order to do this, during the normal boot menu (Please select the operating system to start) while restarting the computer, notice the message at the bottom of the screen: For troubleshooting and advanced startup options for Windows 2000, press F8. Do so, and then select Directory Services Restore Mode from the Safe Mode and Other Startup Options list.
2. Select the Windows 2000 operating system and logon with the standalone server's local administrator account.
3. When a dialog box warns you that you are in Safe Mode, click OK.
4. When the computer starts (you should see "Safe Mode" on all four corners of the desktop), start the Backup utility (click Start, then Programs, Accessories, System Tools, and Backup).
5. Click the Restore Wizard button to start the restoration process. Click Next.
6. At the Restore Wizard screen, called "What to Restore," expand File, expand the appropriate Media created <date> at <time> entry (probably the most recent one), and then checkmark the System State entry (if you had backed up individual files or folders at the same time you backed up System State, you should also check the drive those files are on). Click Next.
7. Click the Advanced button and select any other options you wish.
8. Click Finish.
9. When you are prompted to re-start the computer, click No if you wish to perform an Authoritative Restore of Active Directory objects (see next subsection.)
10. Close the Backup utility.
To authoritatively restore Active Directory data, you need to run
the Ntdsutil utility after you have
non-authoritatively restored the
You can find help for how to use the Ntdsutil utility by typing ntdsutil /? at the command prompt. For additional information about Ntdsutil, refer to Windows 2000 online Help.
When reading the steps described in the example below, assume that
the administrator has inadvertently deleted an organizational unit (OU) called
Marketing in a domain called Antipodes.com. Both “
When restoring a domain controller's System State in Safe (Active Directory Restore) Mode in the last subsection, the last step was to click No (if you want to perform an Authoritative Restore) when prompted to re-start the computer. Continuing from that point, here are the steps to authoritatively restore Active Directory objects:
1. From the Start menu, point to Programs, point to Accessories, and click Command Prompt.
2. At the command prompt, type ntdsutil.
3. At the NTDSUTIL prompt, type authoritative restore.
At the authoritative restore prompt, type restore subtree OU=Marketing,DC=
Figure 3. Performing an Authoritative Restore.
5. You should see the message "Authoritative Restore completed successfully."
6. To exit the authoritative restore prompt, type quit. To exit the Ntdsutil prompt, type quit. To exit the command prompt, type exit.
If you wish to perform advanced Active Directory verification, you must remain in Safe Mode while you do so (see the section called “Performing Advanced Verification (Optional),” later in this document, for instructions). However, typically you would just reboot and logon normally at this point.
Note: While authoritatively restoring an object using Ntdsutil, the leaf objects are also authoritatively restored.
Caution: Many applications depend on Active Directory as a source of data, such as user account information and distributed file system (Dfs) references. If the database is rolled back, it can result in loss of this data. Some of this data, such as user accounts, cannot be restored once lost. Therefore, an authoritative restore should be performed only by an experienced administrator.
The Sysvol is a replicated data set that contains the policies and scripts that are used by Active Directory. Sysvol uses Windows 2000 file replication for distribution throughout the network. The three options for Sysvol restore are identical to the options for file replication: the primary, non-authoritative (the default), and authoritative restores.
Note. Although typically you restore Sysvol and Active Directory together, this paper explains them separately in order to clarify the issues involved for each process.
Perform a primary restore when all domain controllers in the domain are lost and you want to rebuild the domain from backup (do not perform a primary restore if any other working domain controller in this domain is available). Use primary restore for the first domain controller, and then, later, select non-authoritative restore (described next) for all other domain controllers.
A primary restore builds a new FRS database by loading the data present under Sysvol onto the local domain controller.
To perform a primary restore, use the Backup utility to restore the System State (described above), select the Advanced option to access the Advanced Restore Options dialog box, and then select the checkbox When restoring replicated data sets, mark the restored data as the primary data for all replicas, as shown in Figure 4.
Figure 4. Select this option to select Sysvol primary restore mode.
Important: If this domain controller is a member of FRS replica sets other than the Sysvol replica set, those other replica sets will also be restored as primary. If you want to restore only the Sysvol replica set, select the option as shown in Figure 4, and then, after the restore is complete, delete the other replica sets.
Perform a non-authoritative (normal) restore when at least one other domain controller in the domain is available and working (do not perform a non-authoritative restore when this domain controller is the only domain controller in the domain). You use a non-authoritative restore when you want this domain controller to receive the Sysvol data from a non-failed domain controller.
A non-authoritative restore ignores all the Sysvol data that is restored locally. After reboot, FRS receives all the Sysvol data from its inbound partner domain controllers. After the non-authoritative restore completes, the Sysvol tree on the local machine is the mirror image of the Sysvol tree on the inbound partners.
To perform a non-authoritative restore, use the Backup utility to
Perform an authoritative restore when you have accidentally deleted critical Sysvol data from the local domain controller and the delete has propagated out to other domain controllers (do not perform an authoritative restore if the local domain controller is not a working domain controller or if it is the only domain controller in the domain). You can perform an authoritative restore of Sysvol only on a working domain controller (that is, changes to Sysvol are replicating from this domain controller to other domain controllers).
An authoritative restore replicates any changes made to the current Sysvol tree to its outbound replication partners.
Use these steps to perform an authoritative restore of the Sysvol:
1. Use Ntbackup to restore the
2. Use Ntdsutil to authoritatively restore Active Directory (described earlier). This step is required because it is always advisable to restore Active Directory along with Sysvol, so that they are not out of sync.
3. Reboot the system to normal mode and allow the Sysvol to be published (this may take several minutes).
4. Copy the old Sysvol (from the alternative location) over the existing one.
Important: You should always authoritatively restore the Sysvol whenever you authoritatively restore Active Directory, and vice-versa. This ensures that the Sysvol and Active Directory are in sync.
Two methods to verify Active Directory restoration exist, called basic verification and advanced verification. Basic verification also includes verifying that FRS and Certificate Service restoration completed successfully. Advanced verification is optional and can usually be omitted. However, if you wish to perform advanced verification, you must do it first.
Advanced verification is not usually required for normal recovery operations. Incorrect usage of the utility described in this subsection may corrupt the Active Directory database, which means you will have to restore the database from backup again.
Whether you did or did not perform an authoritative restore, follow these steps to perform an advanced verification:
Note: Before you perform these steps, ensure that you are in Directory Services Restore Mode.
1. Click Start, click Run, type regedit, and then click OK.
2. Select the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS. Check that there is a subkey called Restore In Progress. This key, automatically generated by Backup, indicates to Active Directory that the database files have been restored and that it should perform a consistency check and re-index the next time the directory is started. This key is automatically removed upon completion of this check—DO NOT ADD or DELETE this key manually.
3. Close regedit.
4. To check for the recovered Active Directory database files using the utility Ntdsutil, click Start, then click Programs, and then click Command Prompt. At the command prompt, type ntdsutil.
At the Ntdsutil prompt, type files. At the file maintenance prompt, type info. If the Active Directory files have been recovered successfully, you should see information similar to that shown in Figure 5 below. DO NOT SELECT ANY OTHER OPTIONS.
Figure 5. Performing advanced verification.
6. To exit the file maintenance prompt, type quit. To exit the Ntdsutil prompt, type quit. To exit the DOS prompt, type exit.
7. Restart the server in normal mode and logon to the system normally and perform basic verification (described next).
Basic verification consists of initiating automatic steps by rebooting and logging on normally and then confirming that the restored distributed services are in a state consistent with a successful restoration:
1. Restart the computer. After you complete the restore operation and restart the computer normally, Active Directory will automatically detect that it has been recovered from a backup, will perform an integrity check, and will re-index its database. Both Active Directory and FRS will be brought up-to-date from their replication partners using the standard replication protocols for each of those services.
2. Confirm distributed services successfully restored. You should be able to browse the directory and confirm that all the user and group objects that were present in the directory prior to backup were restored. Similarly, confirm that files that were members of an FRS replica set and certificates that were issued by the Certificate Service are present.
In recent years, many networks have expanded both in terms of the number of machines included in the network and the amount of data stored on network computers. One major task of administrators is to protect data from accidental loss due to hardware or storage media failure.
After providing guidelines for developing a disaster prevention and
recovery strategy and listing new or enhanced Windows 2000 file system, data
For the latest information on Windows 2000 Server, check out our Web site at http://www.microsoft.com/windows/server, and the Windows NT Server Forum on MSN™ at http://computingcentral.msn.com/topics/windowsnt.
In addition, you can look at the following sources for more information:
File and Print Services Technical Overview white paper—for information about new or enhanced NTFS and storage-related features, including the File Replication System (FRS).
Enterprise Class Storage in Windows 2000 white paper—for an in-depth description of key enhancements to the Windows 2000 storage architecture.
Development Considerations for Storage Applications in Windows 2000—for information about how new Windows 2000 features and enhancements affect storage applications, including how storage application developers can support and exploit storage-related features in the applications they design.
Active Directory Architecture white paper—for information about Active Directory, including Active Directory replication, LDAP distinguished names, and more.
“Active Directory Replication” chapter in the Windows 2000 Server Resource Kit (scheduled to be published by Microsoft Press in the first half of the year 2000; also located on the Windows 2000 Server, Advanced Server CDs as part of Support Tools)—for in-depth information about Active Directory replication.
“Active Directory Backup and Restore” chapter in the Windows 2000 Server Resource Kit (scheduled to be published by Microsoft Press in the first half of the year 2000; also located on the Windows 2000 Server, Advanced Server CDs as part of Support Tools)—for in-depth information about restoring Active Directory, including non-authoritative and authoritative restores.
"Planning a Fault-Tolerant Disk Configuration" section in the chapter “Planning a Reliable Configuration" in the Windows 2000 Server Resource Kit (scheduled to be published by Microsoft Press in the first half of the year 2000; also located on the Windows 2000 Server, Advanced Server CDs as part of Support Tools)—for information about mirrors, RAID-5 and other fault tolerance strategies.
“Backup” and “Repair, Recovery, and Restore” chapters in the Windows 2000 Server Resource Kit (scheduled to be published by Microsoft Press in the first half of the year 2000; also located on the Windows 2000 Server, Advanced Server CDs as part of Support Tools)—for additional information about Windows 2000 backup and recovery procedures, including recovering Remote Storage data.
 Active Directory naming conventions for LDAP distinguished names utilize the abbreviation OU for organizational unit, which refers to the organizationalUnit (OU) object class; and the abbreviation DC for domain component, which refers to the domainDns object class. If you are not familiar with Active Directory object classes and distinguished names, see the link to the “Active Directory Architecture” white paper in “For More Information.”)