Windows system >> Windows Server System Tutorial >> Windows Server Tutorial

Windows 2000 backup and recovery Active Directory

  

Backing up and restoring Active Directory is a very important task in Windows 2000. In NT, all information about user and enterprise configuration is stored in the registry, so we only need to back up the registry. But in Windows 2000, all security information is stored in Active Directory, and its backup method is completely different from that in NT.

You cannot back up Active Directory separately, and Windows 2000 backs up Active Directory as part of the system state data. System status data includes the registry, system startup files, class registration database, certificate service data, file copy service, cluster service, domain name service and Active Directory 8 parts, usually only the first 3 parts. These 8 parts cannot be backed up separately and must be backed up as part of the system status data.

1. Backing up Active Directory data

If there is more than one DC in a domain, backing up Active Directory is not necessary when reinstalling one of the DCs. You only need to put it in. When a DC is removed from the domain, reinstalled, and brought back to the domain, the other DC will naturally copy the data to this DC.

If the last DC is left in a domain, it is necessary to back up Active Directory. The detailed process is as follows:

1."Start"Menu->"Run", enter "ntbackup", start the win2000 backup tool.

2. Use "Backup Wizard" in the "Welcome" tab, select "back up system state data" in the Backup Contents page of the Backup Wizard dialog box, next.

3. Enter the name of the file where the backup data is stored in the "Backup saved location" page, such as "d:bakAD0322. Bkf", next step, complete the backup wizard. If you want to make some settings, such as verifying data after the backup is complete, use the "Advanced" option to configure.

4. Select "Complete" to start the backup. Depending on the amount of data, it may take a few minutes to ten minutes or even longer. The backup report will be generated after the backup is completed.

5. Suggestion: Usually the files to be backed up are relatively large. I have backed up a few times between 250-300M, so I need to find a large-capacity space to store. Because the backup contains very sensitive account information, etc., the backup data should be properly saved.

II. Active Directory Recovery

There are two ways to recover Active Directory.

The first is to recover data from other DCs in the domain, provided that there is still one DC available in the domain. When the damaged DC is reinstalled and added to its original domain, DC Data replication is automatically performed and Active Directory is restored.

Another way is to recover from backup media. Usually, for most small companies, there is only one domain for the entire company, and there is only one DC due to various restrictions on funds, so recovering Active Directory from media is a common problem.

1. Authentication and non-authentication methods

There are two ways to perform Active Directory recovery from backup media: authoritative restore and nonauthoritative restore.

Normally, Windows 2000 uses non-authenticated recovery: After Active Directory is restored from backup media, other DCs in the domain will overwrite the old recovered old data with new data during the replication process. For example, let's say that today is Friday, you used a Wednesday backup to restore Active Directory, then the data that has changed since Wednesday will be copied to the DC where you are restoring Active Directory, that is, new data will overwrite you. Use the backup to recover the data.

The authentication mode is completely different. It will forcibly copy the data recovered from the backup media to all DCs in the domain, regardless of whether the data has changed since the backup. Also take the above example, when you use the backup of Wednesday to restore Active Directory on Friday, the recovered data will be copied to all DCs in the domain, forcibly overwriting all the data changed after the backup, the data in the domain It is restored to the state at the time of backup. Authentication mode recovery Active Directory is usually used in this situation: Active Directory has a serious error on a DC in the domain, and this error is spread to other DCs in the domain through replication, then it needs to be used on a DC. The authentication method restores Active Directory and forces the domain to return to its original good state. It should be said that this method is used in a more efficient way to restore Active Directory.

2. Non-Authenticated Recovery Active Directory

To achieve non-authenticated recovery, the directory service must be offline (the directory service does not have to be offline when backing up Active Directory). In order to recover Active Directory, you must use the server in "directory service recovery mode". To do this, you need to restart the server. When the screen prompts you to select the operating system, press F8 to start the system startup advanced menu and select "Directory Service Recovery Mode".

When the Windows 2000 user login window appears, enter the local administrator account and password (note that the administrator's account and password are not in Active Directory, because Active Directory is offline and unavailable. You Only use the administrator account and password stored in the Security Account Manager, sometimes called SAM. Once the login is successful, you can resume Active Directory operations.

(1) Start the backup program that comes with Windows 2000: "Start"->"Run", enter "ntbackup";

(2) in the welcome tag Select "Restore Wizard" to skip the welcome screen and the backup program will display a backup set that can be used for data recovery.

(3) Select the appropriate backup file to complete the data recovery. Restart the machine.

(4) Note: Under normal circumstances, you can not restore the Active Directory data backed up 60 days ago, because it is affected by Windows2000 tombstone lifetime (can be understood as the survival time, because it can not accurately translate its meaning) I had to copy it.----Bohai), unless you set it up.

3.Recovering Active Directory Recovery

To implement authentication mode recovery, you must first implement non-authenticated recovery, and then you can use the NTDSUTIL command line tool to implement authenticated Active Directory recovery. Verification recovery enables recovery of all or part of Active Directory data.

(1) Restore Active Directory using non-authentication and restart the machine.

(2) Use "Directory Service Recovery Mode" again to start Windows2000 and log in as an administrator.

(3)"Start"->"Run", enter "ntdsutil", start the command line tool.

(4) To restore the entire Active Directory database, use the following command:

authoritative restore

restore database

To recover some Active Directory data, use the following command :

authoritative restore

restore subtree ou=Brien,dc=files,dc=COM

The red part should be determined according to the actual situation, for example, your domain name is mydom. Net, the OU to be restored is myou, the second line command should be: restore subtree ou=myou, dc=mydom, dc=net, and so on. The way to recover some data is sometimes used to recover deleted OUs. For example, there are two administrators in a domain. You and A, A have a little dish :), accidentally deleted an important OU last night, you can Use Authenticated Recovery to restore this OU, the premise is that you have a backup before the OU was deleted.

Finally, use the quit command to exit and restart the machine.

Windows Server Tutorial
Windows system
Win 2008 Precision Password Policy and Account Lockout Strategy

In the Active Directory domain of Windows 2000 and Windows 2003, we can only apply a password policy
Let Windows 2003 also use the system to restore

Users who have used Windows XP know that there is a very intimate and practical function in Windows

In-depth transformation of Win2000 "location bar"

Compared with the previous Windows, Win2K/XP user interface has made many improvements, greatly faci
Windows 2003 server security configuration ultimate flexible technology

A lot of online security about the windows server 2003 system configuration, but careful analysis fo
Prevent problems before they happen. Easy to do Windows 2000 security policy

Introduce some commonly used setting methods to set the security policy for Windows 2000 system to p
Win2K "secret weapon" file comparison tool (1)

First, although it is first sight, it seems to have known each other WinDiff is a tool for comparing
  • Windows Server FAQ
  • Server 2000
  • Server 2003
  • Server 2008
  • Windows Server Tutorial

    • How to install dual system

    Win10 official version of the image or open to the user's computer in advance

    U disk installation linux (ubuntu)

    Suggestions for the rational use of hard drives

    Win10 mouse right click menu on the left how to set to the right?

    The little-known Documents and settings folder

    After Win10 update KB3124200, how to recover Office 2016 settings?

    Windows 7 joint search function interpretation

    Win10 closes the U disk display of the left navigation bar of the resource manager.

    XP super practical burning skills two

  • Windows XP System Tutorial
  • Windows 7 System Tutorial
  • Windows 8 System Tutorial
  • Windows 10 System Tutorial
  • Windows 2003 System Tutorial
  • Windows 2008 System Tutorial
  • Windows Vista System Tutorial
  • Windows tutorial synthesis
  • Windows Server System Tutorial
  • Linux system Tutorial
  • Computer software Tutorial
  • Windows NT Tutorial
    • Copyright © Windows knowledge All Rights Reserved