According to the episode 1 about "Maintain the continuity of Active Directory service," you know what is Windows Server Backup, how to perform a backup, the relation between System state backup and Active Directory OU objects.
We are simulating an accidental deletion of an AD OU called IT, by taking advantages of WSB; we can restore it from an AD DS database instance easily!
This restoration process is not recommended for newbies, though its steps with CLI tools, DSRM mode may seem complex, as well as an account with high privileges (a member of the Administrators/Backup Operators group) to use Windows Server Backup.
[00:16] System State Backup/Restore for Windows 2008/2012" – storegrid.vembu.com
We are involving with Active Directory object, so it is required to use this command from an Administrator CMD to boot Windows Server into DSRM safe mode for starting the recovery process.
> bcdedit /set safeboot dsrepair
[00:31] Restart the Domain Controller in Directory Services Restore Mode Locally" – technet.microsoft.com
[00:44] What is Directory Services Restore Mode (DSRM)" – searchwindowsserver.techtarget.com
[00:50] Prepare the backup medium: removable hard drives, a network share, etc.
[01:11] Do a reboot with a clear reason in the Comment section of Shut Down Windows dialog so that we can keep track on it later.
During the installation of Active Directory Domain Services (AD DS), you set the Administrator password for logging on to the server in DSRM. When you start Windows Server 2008 in DSRM, you must log on by using this DSRM password for the local Administrator account.
Although we can use WSB in the form of an MMC snap-in, I would like to perform this restoration in the CLI mode because:
– this job can be done locally so we need no remote capacity of MMC.
– CLI experiences can speed up the job dramatically.
– Scripting capacities with BAT, or even more with PowerShell cmdlets are endless.
[02:21] Backup with PowerShell" – p0w3rsh3ll.wordpress.com
[02:35] Get the Version identifier is associated with our previous backup.
> wbadmin get versions -backuptarget:E: -machine:SnoOpy-Server
[03:04] Backup Version and Space Management in Windows Server Backup" – blogs.technet.microsoft.com
[03:22] Make sure you point to the correct drive letter in that -backuptarget switch.
Write down: Backup time, Backup target, Version identifier, Can recover: Volumes, Files, Application, System State (though we made a System state backup previously) and Snapshot ID for further referencing.
Snapshot ID in the above output is new since Windows Server 2008 R2. Snapshot ID is the same as Shadow Copy ID. It corresponds to a specific backup version and can be used to delete that backup version.
[03:50] Wbadmin start systemstaterecovery" – searchwindowsserver.techtarget.com
Be carelessly in version selecting without date-time references and the results are likely to be tragical indeed.
(Fortunately, in our case, we don't have a multiple layers backup)
Now, let's fire up this command with the version identifier and the backup medium letter taken place.
> wbadmin start systemstaterecovery -version:dd/mm/yyyy-hh:mm -backuptarget:E: -machine:SnoOpy-Server
Specifies the name of the computer that you want to recover. This parameter is useful when multiple computers have been backed up to the same location.
It's not actually the remote restoration ability.
[04:25] Answer Y against "Do you want to start the system state recovery operation?" prompt.
Remember that: The recovery operation will cause all replicated content (replicated using DFSR or FRS) on the local computer to re-synchronize after recovery.
The rise in network traffic due to re-synchronization may cause potential latency or outage issues.
System state recovery cannot be paused or canceled once it has started.
It will need a restart of the server to complete the recovery operation.
Answer Y against "Do you want to start the system state recovery operation?" prompt.
wbadmin then verify and process files so that Registry/WMI/DFS Replication/Performance Counters/IIS Config/… Writers can request their desired files.
You can also see the Overall progress percentage, the successful status, log file as well as important notes.
Please wait while the system state recovery attempts to recover system files. This might take several minutes to complete, depending on how many files are getting replaced and the server restarts needed during the process. Do not interrupt this process."
[05:04] A computer restart is required to complete the system state recovery.
Press [Y] to restart the computer now.
[05:14] Log in with local Administrator again to do the rest part.
In addition to that, make sure the master DC is online to do further domain logon as well as the authoritative restore.
[05:26] wbadmin will inform that "The system state recovery operation that started at d/mm/yyyy HH:MM A/PM has successfully completed."
There are 2 kinds of restoration about Active Directory DCs, authoritative and non-authoritative.
In our case, we did the mistake ourselves, so we must "authorize" this recovery to bring back the OU from hell explicitly so that AD database on the master DC and other ADCs will be updated likely.
[05:36] Authoritative vs. Non-Authoritative Restoration of Active Directory" – windowsnetworking.com
[05:40] As always, we use the ntdsutil command to do domain tasks, included: restore OU/subtree IT in the authoritative mode to indicate this OU was accidental deleted and need to be restored.
[05:43] A closer look at the Ntdsutil command-line tools for Active Directory" – searchwindowsserver.techtarget.com
[05:50] > ntdsutil
>> activate instance ntds
>> authoritative restore
>>> restore subtree "OU=IT,DC=SnoOpy,DC=com"
Confirm about the LDAP name of the OU, then enter [Yes] in the warning "Are you sure you want to perform this Authoritative Restore?" of the Authoritative Restore Confirmation Dialog.
It then opens the DIT database, counts records that need updating, logs a list of authoritatively restored objects in a text file."
In our case, "None of the specified objects have back-links in this domain. No link restore file has been created"; and the AR is simply completed successfully.
[06:43] Quit the ntdsutil prompt with
The set the default Windows Server boot back rather than the current DSRM mode.
> bcdedit /deletevalue safeboot
[06:58] You must reboot the DC to boot into the domain network.
Optionally, use this command:
> shutdown -t 0 -r
[07:11] Windows Server Backup Overview" – technet.microsoft.com
[07:25] Wait for the AD synchronization finished, then open up Active Directory Users and Computers consoles to see this OU has been recovered and replicated among DCs.
Well done, you see functions of WSB and its backups through a real-life demonstration. There are intensive steps to follow: create a system backup, boot to the DSRM, ntdsutil, authoritative restore, force replications, etc.
However, WSB should meet daily usage of almost admins, if you need more functions, presets of backup scenarios, solid sources to store backups: Cloud, FTP, network mounts, etc., a convenient GUI to manipulate, forget schedules/backup models, etc. then Acronis is the best tool you must invest in.
In fact, with a real AD domain network, with scale at the enterprise level, you must take care of schedules, backup model: full, incremental, etc.
rather than a small game hit-and-run like my as-is demonstration.
[08:00] Invest some available built-in specialized functions like AD Recycle Bin, snapshots, etc. so that some object deletions would not force you to dig into huge backup files.
[08:00] The AD Recycle Bin: Understanding, Implementing, Best Practices, and Troubleshooting" – blogs.technet.microsoft.com
[08:06] And don't worry so much, just follow documents, best practices, notes, step-by-step guides, etc. that I introduced, and moreover, follow my YOUTUBE channel for more valuable materials.