An online restore is authoritative meaning that Active Directory replication updates all domain controllers with the restored data. However, online restore includes some additional functions. This method is designed to overcome the limitations inherent in a normal authoritative restore performed using Windows tools. These limitations are as follows:
Domain controllers must be restarted in Directory Services Restore mode, and the entire Active Directory database must be restored.
When restoring an object, you must restore all attributes, which may overwrite valuable data stored in the object.
When restoring a container, you must restore the entire sub-tree rooted in that container. There is no ability to restore only child objects of certain types.
To restore an object’s linked attributes, you need to restore both the object, and all objects to which the linked attributes refer; for example, if you only restore a deleted user, the user’s group memberships are not restored.
It is not possible to select individual objects for restore based on changes that occurred in Active Directory since backup creation.
To overcome these limitations, the online restore method includes the following capabilities:
Selective restoration of objects without putting Active Directory offline, and without restoring the entire Active Directory database.
Selective restoration of attribute values in directory objects; this allows you to specify exactly what object data should be restored.
Selective restoration of child objects by object type. This allows you, for example, to restore only those users in a certain container and leave other child objects intact.
Unattended restoration of linked attributes, such as the Member Of attribute. For example, when you undelete a user with online restore, the user’s group memberships are also restored.
Comparison of a backup with Active Directory, or with another backup, to facilitate Active Directory change tracking and troubleshooting: this allows you to select precisely the objects that should be restored.
Recovery Manager for Active Directory provides two different methods of restoring objects online. A check box in the Online Restore Wizard allows you to specify which method to use. The agentless method uses Microsoft Tombstone Reanimation interface to undelete the object and then re-applies all attributes that are not stored in the object's tombstone from the backup using ADSI calls. This method requires that the target domain controller be running Windows Server 2008 R2 or later.
Aside from operating system support, there are some additional differences between the two methods. The agentless and agent-based methods require different permissions to run. For example, the agentless method supports delegated permissions as outlined in the User Guide. The agentless method may not restore some attributes, depending on the operating system and service pack level, namely user passwords and SIDHistory, as these attributes cannot be set using ADSI. In order to restore these attributes using the agentless method, you can configure the Active Directory schema to store these attributes in the object tombstone as described in the User Guide.
Yes, you can undelete mailbox-enabled users with the online restore function of Recovery Manager for Active Directory. When you undelete a mailbox-enabled user within the mailbox retention period, the user’s access to the mailbox is also restored.
After a user is deleted, the Exchange Server retains the user’s mailbox for a specified period, before permanently deleting the mailbox. If the mailbox retention period has expired, the mailbox access associated with the undeleted user is not recovered. Recovery Manager for Active Directory cannot restore mailboxes that have been permanently deleted.
If a link’s No Override option or Disabled option has been changed, Recovery Manager for Active Directory treats the link as having been deleted, and assumes that a new link was created with new options. This behavior is by design.
© ALL RIGHTS RESERVED. Conditions d’utilisation Confidentialité Cookie Preference Center