Chat now with support
Chat with Support

NetVault Plug-in for FileSystem 13.1 - User Guide

Supported restore methods for Active Directory

Microsoft supports the following methods for restoring the Active Directory on a Domain Controller:

Non-Authoritative Restore: During non-authoritative restore, the distributed services on a Domain Controller are restored from the backup media, and the restored data is then updated through normal replication. Non-authoritative restore is typically performed when a Domain Controller has completely failed due to hardware or software problems.
Authoritative Restore: During authoritative restore, an entire directory, a subtree, or individual objects can be designated to take precedence over any other instances of those objects on the Domain Controllers. Through normal replication, the restored Domain Controller becomes authoritative in relation to its replication partners. Authoritative restore is typically used to restore a system to a previously known state, for example, if one or more Active Directory objects were erroneously deleted.
Primary Restore: Primary restore is used when the server you are trying to restore is the only running server of a replicated data set (for example, the SYSVOL and FRS).

The NetVault supports only the Non-Authoritative restore method. When you restore the Active Directory using the plug-in, the objects are restored with their original update sequence number. The Active Directory replication system uses this number to detect and propagate Active Directory changes among the other servers. The data that is restored non-authoritatively appears as old data and does not get replicated to the other servers. The Active Directory replication system updates the restored data with the newer data available on the other servers.

To perform an authoritative restore of the Active Directory data, you must run the “ntdsutil” utility after you have restored the System State data, but before you restart the server. The ntdsutil utility lets you mark Active Directory objects for authoritative restore. When an object is marked for authoritative restore, its update sequence number is changed so that it is higher than any other update sequence number in the Active Directory replication system. This change ensures that any replicated or distributed data that you restore is properly replicated or distributed to all servers. For more information about ntdsutil, see the relevant Microsoft documentation.

Supported restore methods for SYSVOL Directory

SYSVOL (System Volume) is a collection of folders and reparse points in the file systems that exist on each Domain Controller in a Domain. SYSVOL provides a standard location to store important elements of Group Policy objects (GPOs) and scripts so that the File Replication Service (FRS) can distribute them to other Domain Controllers within that Domain. FRS monitors SYSVOL, and if a change occurs to any file stored on SYSVOL, FRS automatically replicates the changed file to the SYSVOL folders on the other Domain Controllers in the Domain.

The NetVault supports the following restore methods for the SYSVOL directory:

Primary Restore: Use this restore type only when restoring SYSVOL on a standalone Domain Controller, or on the first of several Domain Controllers. Typically, a primary restore is only required when all the Domain Controllers in the Domain are lost, and you are trying to rebuild the Domain from backup. Select Primary only for the first server. Do not use this restore type if you have already restored SYSVOL on one or more servers.
Authoritative Restore: Use this restore type when you have more than one Domain Controller to roll back the SYSVOL changes, and replicate the restored data to all other servers.
Non-Authoritative Restore: Use this restore type when you want to restore the data on a single Domain Controller in a replicated environment without replicating the restored data to the other servers.

Prerequisites

Before you start the restore procedure, ensure that the following requirements are met:

If the destination server is a Windows Domain Controller, start it in the Directory Services Restore Mode. To start the server in this mode, press F8 during boot, and select Directory Services Restore Mode in the list of boot methods.

Restoring System State data

1
3
On the Create Selection Set page, select the data that you want to restore:
IMPORTANT: On Domain Controllers, you must always include C Drive in System State backups and restores. When you include the C Drive, all information about the Group Policy Objects (GPOs) is included during backups and restores.

If you back up or restore only the System State data, you cannot edit the GPOs that are restored from the backups. When you try to edit the restored GPO, the following error message is displayed:

“Failed to open the Group Policy Object. You may not have appropriate rights.”

4
On the Create Selection Set page, click Edit Plugin Options.
6
Under System State, ensure that the Live Restore option is selected.
NOTE: To create a copy of the System State data without affecting the active system, select the Restore to a File option, and type the full file path to the alternate location where you want to restore the data. This option is intended for advanced users. Quest offers no support or instructions on how to use the data restored in this manner.
Primary SYSVOL Restore: Select this check box only when you are rebuilding the Domain. You can use this option to restore a standalone Domain Controller, or to restore the first of several Domain Controllers.
Authoritative SYSVOL Restore: Select this check box to restore the system to a previously known state, and replicate the restored data to all the other servers.
Non-Authoritative SYSVOL Restore: Select this check box to restore a single Domain Controller and update the restored data through normal replication process.
8
Click Save to save the settings, and then click Next.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating