1 Chapter Overview Backing Up Your Network Backing Up and Restoring Active Directory.

1

Chapter Overview

Backing Up Your Network Backing Up and Restoring Active

Directory

2

Backing Up Your Network Backups are copies of data, made regularly,

that let you restore data if a drive fails or is damaged.

Backups are the ultimate fault-tolerance measure.

A network backup strategy specifies what data is backed up, how often, and the type of media used to store the backups.

Backup decisions include hardware, software, and the type of backup to be performed.

3

Backup Hardware

The ideal storage device can store an entire backup job on a single tape or other storage unit.

When choosing a storage device for backups, consider The speed at which the drive writes data The cost of the device The cost of the media used by the device The cost per megabyte

4

Magnetic Tape Drives

Are the most common hardware device used for backups

Are well suited for backups: fast, can hold a large volume of data, can be archived indefinitely, and have a low cost per megabyte

Include many different types: Quarter-inch cartridge (QIC)

Digital audio tape (DAT)

8 mm

Digital linear tape (DLT)

Linear tape-open (LTO)

5

Autochangers You can use an autochanger to create an

automated backup solution that provides greater capacity than a single drive does.

Autochangers are sometimes called jukeboxes or tape libraries.

An autochanger contains one or more drives, a media array, and a robotic mechanism that swaps the media in and out of the drives.

An autochanger has a higher capacity than a single drive.

The cost of autochangers can be high.

6

Backup Software A specialized software product is required

to address the storage device and send data to it for storage.

Sometimes a backup program is included with an operating system, but it usually provides only basic functionality.

When selecting backup software, consider Target selection and

filtering Drive manipulation Scheduling Logging and

cataloging

Media rotation Restoring Disaster recovery Network backup

functions

7

Target Selection and Filtering A good backup program lets you easily select

what you want to back up (the target). Most programs use a tree display so you can

select entire computers, specific drives, or individual folders.

You might not need to back up all of the data on a computer every time you perform a backup.

A good backup program provides a variety of filters that let you select targets based on various attributes.

8

The Backup Dialog Box in Windows 2000 Backup

9

Full, Incremental, and Differential Backups The most basic type of backup job is a full

backup, which backs up the entire contents of a computer’s drives.

To save tape and shorten backup time, many administrators perform full backups only once a week or less frequently.

During a full backup, the backup software resets (that is, removes) the archive bit on all the files it copies to tape.

Between full backups administrators perform incremental and differential backups.

10

Full, Incremental, and Differential Backups (Cont.) An incremental backup backs up only the files

that have changed since the last backup. Resets the archive bit on all of the files it copies to

tape Uses the least amount of tape and time to back up Takes longer to restore data

A differential backup backs up only the files that have changed since the last full backup.

Does not reset the archive bit on the files it copies to tape

Uses more tape and time than incremental backups Restores data more easily than an incremental

backup does

11

Drive Manipulation

Backup software lets you select a backup device and prepare to run the job by configuring the drive and storage medium.

Backing up to a tape drive may include Formatting a tape Supplying a name for the tape Specifying whether to append the backed up

files to the tape or overwrite the tape Turning on the drive’s compression feature

12

Scheduling The key to automating backups is being able to

schedule jobs to execute unattended. Ideally, backups are run when the office is

closed and the network is idle, so all resources are available for backup.

Backup programs use different methods to automatically execute backup jobs, but the process of scheduling is similar among all products.

You specify whether to execute the job once or periodically at a specified time each day, week, or month.

13

The Schedule Job Dialog Box in Windows 2000 Backup

14

Logging and Cataloging Most backup products maintain a log of

the backup process. You can specify the level of detail for the log. You should periodically check the logs.

Backup programs catalog the files they back up. The catalog is a list of every file backed up

during each job. To restore files, you browse the catalog and

select the files, directories, or drives you want to restore.

15

Media Rotation Backup tapes are typically reused to save money. Use a media rotation scheme so you do not

inadvertently overwrite a tape you will need later. There are several common media rotation

schemes. One of the most common is Grandfather-Father-

Son, in which Backup jobs are run monthly, weekly, and daily You have one set of tapes for daily jobs (reused every

week), a set of weekly tapes (reused every month), and a set of monthly tapes (reused every year)

16

Restoring The ease of locating and restoring files is an

important feature of any backup software product. You must perform periodic test restores from your

backup tapes to ensure that your backups are valid. A backup program with a database that lets you

search for a file makes the job of restoring much easier.

To perform a restore:1. Select the desired files, directories, or drives, usually from a tree display.2. Specify the location where the selected elements should be restored.

17

The Restore Dialog Box in Windows 2000 Backup

18

Disaster Recovery If the drive in the computer hosting the

backup program fails, you may have to completely reinstall the operating system and the backup software before you can restore data.

Many backup programs provide a feature that lets you create a boot disk to use for disaster recovery.

The disaster recovery feature loads just enough of the operating system and backup program to let you perform a restore.

19

Network Backup Functions Choose a backup program designed for

network use, not stand-alone, so you can back up other computers on the network.

Fully functional network backup products can back up important operating system components, such as the Windows registry and directory service databases.

Some network products have add-ons that let you back up live databases or computers running other operating systems.

20

Lesson Summary Magnetic tape is the most popular storage medium

for backups because it is fast, inexpensive, and holds a lot of data.

An incremental backup Backs up only the files that have changed since the last

backup Resets the archive bit on copied files

A differential backup Backs up only the files that have changed since the last full

backup Does not reset the archive bit on copied files

Network backup software is preferable to programs designed for stand-alone systems because it lets you back up data on other computers.

21

Backing Up and Restoring Active Directory

You back up Active Directory data by using the Backup Wizard in the Microsoft Windows 2000 Backup program.

You must know The difference between a nonauthoritative

and authoritative restore How to use the Restore Wizard in the

Windows 2000 Backup program to perform both of these types of restores

22

Performing Preliminary Tasks Before you perform a backup, ensure that

the files you want to back up are closed, because Windows Backup does not back up files that are locked open by applications.

If you use a removable media device, ensure that The backup device is properly installed on the

computer running Windows Backup The media device is listed on the Windows

2000 Hardware Compatibility List (HCL) The media is loaded in the device

23

Using the Backup Wizard

After completing the preliminary tasks, back up Active Directory service by using the Backup Wizard in Windows Backup.

To start the Backup Wizard: 1. Log on as Administrator.

2. Click Start, point to Programs, point to Accessories, point to System Tools, and

then click Backup. 3. In the Backup dialog box, click Backup Wizard.

24

The What To Back Up Page in the Backup Wizard

25

The What To Back Up Page in the Backup Wizard (Cont.) To back up Active Directory, select the Only

Back Up The System State Data option. For Microsoft Windows 2000 Server, System

State data includes the registry, COM+ Class Registration database, system boot files, and Certificate Services database.

If the computer is a domain controller, System State data also includes Active Directory and the SYSVOL directory.

When using Windows 2000 Backup, you can only back up System State data on the local computer.

26

The Where To Store The Backup Page in the Backup Wizard

In this page, specify Backup Media Type: the target medium to

use, such as tape or file Backup Media Or File Name: the name of

the tape or the path to a file Next, specify whether to

Start the backup now by clicking Finish, or Specify advanced backup options

27

The Where To Store The Backup Page in the Backup Wizard (Cont.)

28

Specifying Advanced Backup Settings When you specify advanced backup settings,

you change the default settings for the current backup job only.

Advanced backup settings include Type of Backup: Normal, Copy, Incremental,

Differential, or Daily How To Backup: with or without verify or hardware

compression Media Options: append to tape or overwrite tape Backup Label: name and description for the job When To Back Up: now or later; job name and start

date; set the backup schedule

29

Scheduling Active Directory Backup Jobs You can schedule an Active Directory

backup job to occur Unattended when users are not at work and

files are closed At regular intervals

Windows 2000 Backup is integrated with the Task Scheduler service to enable scheduling backups.

To schedule a backup, click Later in the When To Back Up page in the Backup Wizard.

30

Preparing to Restore Active Directory

Like the backup process, when you restore Active Directory, you restore all of the System State data—you cannot restore individual components.

When restoring the System State data on a domain controller, you must choose a nonauthoritative restore or an authoritative restore.

The default is nonauthoritative.

31

Nonauthoritative Restore

In Nonauthoritative mode, any component of the System State data that is replicated with another domain controller is brought up to date, by replication, after the restore is performed.

The Active Directory replication system updates the restored data with newer data from other domain controllers.

32

Authoritative Restore If you do not want to replicate the changes

made since the last backup operation, perform an authoritative restore.

Authoritative restores are commonly used when users, groups, or organizational units (OUs) have been inadvertently deleted.

To authoritatively restore Active Directory data:

1. Nonauthoritatively restore the System State data. 2. Run Ntdsutil.exe to mark certain objects as authoritative before you restart the server.

33

Performing a Nonauthoritative Restore To restore System State data on a domain

controller, start the computer in Directory Services Restore Mode.

You can restore System State data only on a local computer.

When restoring System State data, if you do not designate an alternate location for the restored data, Backup Erases the System State data that is currently on

the computer Replaces it with the System State data you are

restoring

34

Using the Restore Wizard To nonauthoritatively restore Active Directory:

1. Restart the computer and then press F8 during startup.2. Select Directory Services Restore Mode from the Windows

2000 Advanced Options menu, and then press Enter.3. Select Microsoft Windows 2000 Server, and then press

Enter.4. Log on as Administrator, using the password you provided

when you promoted the computer to a domain controller.5. Click OK in the Desktop message box.6. From the desktop, click Start, point to Programs, point to

Accessories, point to System Tools, and then click Backup. 7. In the Backup dialog box, click Restore Wizard.

35

The What To Restore Page in the Restore Wizard

36

Specifying Advanced Restore Settings

Option Function

Restore Files To

Specifies the target location Choices include Original Location, Alternate Location, and Single Folder.

When Restoring Files That Already Exist

Specifies whether to overwrite existing files

Select The Special Restore Options You Want To Use

Specifies whether to restore security or special system filesChoices include Restore Security, Restore Removable Storage Database, and Restore Junction Points, Not The Folders And File Data They Reference.

37

Performing an Authoritative Restore To perform an authoritative restore:

1.Perform a nonauthoritative restore.2.Run Ntdsutil.exe from a command prompt to

designate objects to be recognized as authoritative with respect to other domain controllers configured for replication.

3.Restart the domain controller in normal mode. Replication will

Bring the restored domain controller up to date with any changes that the authoritative restore did not override

Propagate the authoritatively restored objects to other domain controllers

38

Additional Tasks for Authoritatively Restoring the Entire Active Directory Database When you authoritatively restore the entire

Active Directory database, you must copy the SYSVOL directory from the alternate location over the existing one after the SYSVOL share is published.

When you authoritatively restore a portion of the Active Directory database, you must copy the policy folders corresponding to the restored Policy objects from the alternate location over the existing ones after the SYSVOL share is published.

39

Lesson Summary To back up Active Directory service, back up System

State data. You can only back up and restore System State data as a

whole. When restoring System State data in Nonauthoritative

mode, any component that is replicated with another domain controller is brought up to date by replication after you restore the data.

If you do not want to replicate changes made since the last backup, perform an authoritative restore.

To perform an authoritative restore:1. Perform a nonauthoritative restore. 2. Run Ntdsutil.exe to mark objects as authoritative.3. Restart the computer.