
	Home > Windows Server Tips > Active Directory Administration > Creating Active Directory replicas from backup tapes

Windows Server Tips:

EMAIL THIS

TIPS & NEWSLETTERS TOPICS

ACTIVE DIRECTORY ADMINISTRATION

Creating Active Directory replicas from backup tapes

James Michael Stewart, Contributor
03.29.2005
Rating: -3.25- (out of 5)

Digg This!

StumbleUpon

Del.icio.us

There are two generally recognized methods to restore the Active Directory database onto a domain controller. The traditional method is to bring a new system up as a domain controller and allow the normal replication process to populate the new system with the Active Directory data. The other method uses a saved or backed up copy of the Active Directory database to jumpstart the new domain controller. This second option is usually faster, but it only restores the AD database back to the saved state of the backup. This could mean the restored system is hours, days or weeks out of sync with the other domain controllers within the domain.

When restoring Active Directory data from backup, you must consider whether to make a nonauthoritative restore or an authoritative restore. A nonauthoritative restore allows the restored domain controller to be brought fully up to date during the next replication process. An authoritative restore forces the data items on the restored domain controller to take precedence and be pushed out to all other domain controllers.

The native backup tool can be used to back up and restore the AD database, but it can only be used to perform a nonauthoritative restore, and in order to restore the AD database, Active Directory must be offline. To restore the AD database and perform a nonauthoritative restore, boot the domain controller into Directory Services Restore Mode (using the F8 boot menu) and log on as the local administrator. Then, using the backup tool, restore the System State data to its original location to perform the nonauthoritative AD restore.

There are only a handful of reasons to perform authoritative restores. Accidentally deleting an object is one of them. If you mistakenly delete an object, then you'll need to do an authoritative restore. To perform an authoritative restore, first perform the actions for the nonauthoritative restore, and then indicate which portions of the AD database will be assigned precedence over other new objects in the domain. The NTDSUTIL tool accomplishes the latter activity.

For more information on restoring AD from backup and using the NTDSUTIL tool, please visit the Resource Kits information section at the Microsoft Web site.

James Michael Stewart has co-authored numerous books on Microsoft, security certification and administration and is a regular speaker at Networld+Interop. Michael holds the following certifications: MCSE, MCT, CTT+, CISSP, TICSA, CIW SA, CCNA, MCSE NT & W2K and iNet+. He can be reached at michael@impactonline.com.

Rate this Tip
To rate tips, you must be a member of SearchWindowsServer.com. Register now to start rating these tips. Log in if you are already a member.
Submit a Tip

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Microsoft Active Directory Backup and Restore
	Utilizing Active Directory snapshots in Windows Server 2008
	The Windows Report -- Will AD have your back in Windows 2008 R2?
	How to build redundancy in Active Directory replication
	An alternate strategy for DNS server backup
	Diamonds are forever, but not Active Directory backups
	How do I add a backup domain controller in Windows NT?
	Tools for quick recovery of deleted Active Directory objects
	Active Directory disaster recovery: Protecting the enterprise from the administrator
	How to use Install from Media to restore a domain controller
	Chapter of the Week: Active Directory Cookbook for Windows Server 2003 and Windows 2000 -- Chapter 16, 'Backup, recovery, DIT maintenance and deleted objects'

Active Directory Administration

Utilizing Active Directory snapshots in Windows Server 2008

Creating Windows taskpad views for Active Directory management

When to add new domains to your Windows environment

Debugging Windows client logon delays: Narrowing the scope

Using Active Directory to manage Macs in a Windows environment

Troubleshooting poor Windows logon performance in Active Directory environments

Common Active Directory security oversights

Scripting domain controller installations: A must for Server Core

Taming the LSASS.exe process for Active Directory performance and security

Troubleshooting Active Directory database errors

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

Server Room Design - Planning, Cooling, Maintenance

SEARCH

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2004 - 2009, TechTarget \| Read our Privacy Policy