SlideShare a Scribd company logo

System Admin Guide to Active Directory Backup and Recovery

M
Muhammad Iqbal
1 of 34
Download to read offline
System Admin Labs Sample 1 | P a g e B y : M U H A M M A D I Q B A L Types of Backup 1- System Backup Or Active Directory Backup 2- Additional Domain Controller (ADC) 3- Active Directory Recycle bin 1- Active Directory Backup & Recovery Requirements for Backup  Active Directory must exist  Need to install a feature “Windows backup feature”  Requires approximately 30-40min to take backup of an AD  Need dedicated Hard disk, or other media Why do we need AD / system backup? Let’s suppose, we have a lot of things in system AD like, 100 OU, and each OU as 1000 users plus each OU has 2000 policies. What happen if any disaster happens? To overcome this, off course we need a backup of either whole directory or partial backup from where we can restore in case of any disaster. Note: it is recommended that, you take backup on different HD or other system, not on the same drive. Advantages of AD backup  Recover deleted objects  Recover crashed system How to take AD backup There are two (2) ways to create a system backup GUI& CMD OR Either we use GUI or cmd,following window will open
System Admin Labs Sample 2 | P a g e B y : M U H A M M A D I Q B A L This means, we need to install one feature before we start back up. This feature name is “windows server backup”. How to install that feature on GUI and CMD Once you have installed this feature, you can see Here there are types of Backup under “windows server backup” on most right top bar. Types of Backup on GUI We learn only how to create, but we will do this same process via CMD
System Admin Labs Sample 3 | P a g e B y : M U H A M M A D I Q B A L Backup once option Next window will be Next will be to select right location where you want to save this backup
System Admin Labs Sample 4 | P a g e B y : M U H A M M A D I Q B A L On next option you can select the right location Once you press “Next” the error will generate This means, the backup drive is also in same system, which is not recommended that is why this message generates. Still you can back up on same drive. When you press YES . Next window will be the last option before backup starts
System Admin Labs Sample 5 | P a g e B y : M U H A M M A D I Q B A L After this backup will start But as I mentioned earlier- we only wanted to discuss and learn how to take the back up on GUI. That is very simple, so we try to learn backup on CMD. Backup schedule option Here we will set the time frame according to requirements
System Admin Labs Sample 6 | P a g e B y : M U H A M M A D I Q B A L Because we don’t have dedicated hard drive so we will select 2nd option
System Admin Labs Sample 7 | P a g e B y : M U H A M M A D I Q B A L When we add the destination This way we will create different types of backup using GUI. Create system state or AD backup using CMD Similarly, to create backup on cmd, we have to install “windows backup feature” which is already installed here.
System Admin Labs Sample 8 | P a g e B y : M U H A M M A D I Q B A L On server command line we write this command This command shows some more commands which can be use here. For backup we need “start systemstatebackup” command When we write this command, it will show you some errors or asking for target location; where you want this back up. Even it shows the exact syntax for this command(read the example – last line)
System Admin Labs Sample 9 | P a g e B y : M U H A M M A D I Q B A L When we press “yes” – the backup will start. It takes approximately 30-40min. Back up has been finished While, the backup is happening Real life Scenarios for Backup and Recovery Scenario#1: - to see the solution go to page#20 let’s suppose while the backup is in progress, we add something in AD  Add one OU (mkt)  And some users in that OU Now the scenario is that, we will check are these new things comes in this backup when we restore Let suppose, our system has crashed and we have this backup and we created some OU and users during the backup Now we learn how to restore this backup using GUI or CMD
System Admin Labs Sample 10 | P a g e B y : M U H A M M A D I Q B A L Restore the system from Backup Very important:To restore the backup “we need to go Active Directory SAFE MODE” During installation of Active Directory Domain Services (AD DS), you set the Administrator password for logging on to the server in DSRM. When you start Windows Server 2008R2 in DSRM, you must log on by using this DSRM password for the local Administrator account Following slide shows you- if we recall our memoryduring the installation of active directory This password is require before you go to “DSRM-Directory services Reset mode” Let suppose, we have forgot that password- Is this password is recoverable or not ? Yes it is recoverable– this password is inside “NTDS” folder, so we have to run “ntdsutil” on command prompt. Recover DSRM Password - On DC normal mode Now we will recover the password for DSRM. We can get some help by using “?”
System Admin Labs Sample 11 | P a g e B y : M U H A M M A D I Q B A L Here we use this option or command to recover DSRM password How to get help to use this option Now we use proper command “ reset password on server %s” as we can see that , it says ! “Use NUL for local machine” Note: DSRM pw goes in “null” folder or database” while users password goes to “SAM” database. Then we type null after the command It prompts for new password We have seen that password has been reset . And next prompt is again on “reset DSRM admin password”, we have to come out from this prompt. You can restart a domain controller in DSRM manually by pressing the F8 key during domain controller startup Here we can see, we can’t access Active directory.- we have to use that recovered password to access DSRM-Select DSRM (Directory Services Restore Mode)
System Admin Labs Sample 12 | P a g e B y : M U H A M M A D I Q B A L but we have to login without DC administrator, where we use recovered PW. We are now on “DSRM”- can recover DSRM (directory Services restore mode) Restore the Backup Before we start recovery of backed up AD, make sure this backup is available on “D-drive” This verifies that we are on safe mode- where we can’t access any service(s).
System Admin Labs Sample 13 | P a g e B y : M U H A M M A D I Q B A L On GUI we can see that Here we can see that backup is available now we can recover by using this utility. Here it will show the available backup and time when it happened
System Admin Labs Sample 14 | P a g e B y : M U H A M M A D I Q B A L We have to select which one we want (in case if multiple backups are available) Here we can select what we want “either whole drive” or “simple folders”
System Admin Labs Sample 15 | P a g e B y : M U H A M M A D I Q B A L Once we press recover, it restoration will start. Restore Backup using Command Prompt User the appropriate command Its mean we have to check the available version of backup.
System Admin Labs Sample 16 | P a g e B y : M U H A M M A D I Q B A L Here we used command “wbadmin get versions” to get available versions, as we can see that backup time and dates is showing. Create Additional Domain Controller Requirments to create ADC i. Install another Sever2008R2 ii. Create Active driectory or run Dcpromo–using Existing forest iii. Assign ADC IP and DNS IP of Main Server (DC)- to join with DC iv. Assign all DC FSMO roles to ADC – one by one Let’s suppose we have installaed server2008R2 on another system and have installed active direcory. After that iii-Assign IP and DNS (DC) IP on ADC iv-Rundcpromo on ADC Here try to understand this statement “add a domiain controller to an existing domain”- here add=additional. Which means system already has one domain, now we need another domain which would be addional domain
System Admin Labs Sample 17 | P a g e B y : M U H A M M A D I Q B A L Remmember: we already have a DC that is DC+forest, that is why DC has 5 roles and ADC will be existing forest on Here clearly asking, that write the name of forest where the installation will occur.When you press “Set” will ask Administration password
System Admin Labs Sample 18 | P a g e B y : M U H A M M A D I Q B A L Will show the main sever (DC) name
System Admin Labs Sample 19 | P a g e B y : M U H A M M A D I Q B A L There should be only one DNS server (which is server1) but we can create separate DNS for load balancing. Also there should be only one global catalog in a network
System Admin Labs Sample 20 | P a g e B y : M U H A M M A D I Q B A L
System Admin Labs Sample 21 | P a g e B y : M U H A M M A D I Q B A L Once this has done we can see on server 1 You will notice on startup
System Admin Labs Sample 22 | P a g e B y : M U H A M M A D I Q B A L It is showing that server2 is part of corvit.com Furthermore we can notice, now what ever we add on server1 it will add on server2 as well and vice versa We can also verify by pinging any user Server1 pinging successfully Server2 pinging successfully
System Admin Labs Sample 23 | P a g e B y : M U H A M M A D I Q B A L Additional Domain Controller is ready Now we will assign/transfer FSMO roles to ADC which is on main server (DC).First we verify who have these FSMO roles First we check on DC (main server) Here we can see that main server (DC) has those FSMO roles Now we check ADC
System Admin Labs Sample 24 | P a g e B y : M U H A M M A D I Q B A L Here we notice that FSMO roles are on DC, which proves that “these 5 roles assign to only one person in a forest How to check same things on GUI mode On DC We can see both servers have GC, it means both servers has global database. Time to transfer these FSMO roles from Sever (DC) to Server2 (ADC) Remember: we will do this step by step 1. Transfer three (3) Domain’s roles (RID,PDC and infrastructure) first 2. Transfer two (2) Forest roles (Domain naming master and Schema master) First we transfer Domain’s roles one by one, as shown in the picture
System Admin Labs Sample 25 | P a g e B y : M U H A M M A D I Q B A L We’ve transferred RID role, as you can read that, only one server on the domain performs this role Verify RID role has changed from server.corvit.com to server2.corvit.com Here we can see PDC still has server.corvit.com role
System Admin Labs Sample 26 | P a g e B y : M U H A M M A D I Q B A L After changing Now last one infrastructure Before changing
System Admin Labs Sample 27 | P a g e B y : M U H A M M A D I Q B A L After changing Up to here all domain roles have been transferred from server(DC) to ADC(server2) For verification we check FSMO On ADC On DC Schema master and Domain naming master roles are still on server(DC)
System Admin Labs Sample 28 | P a g e B y : M U H A M M A D I Q B A L Now we transfer other two (2) forest roles Again we will use ADC computer Note: as we notice, when we were changing “domain roles” we change under “corvit.com” domain. Now to change for forest will use “active directory domains and trust” On ADC (server2) When we pressed “changed button”- this message appears Read this: it say this role will be unique. Only one Active directory controller can perform this role. Additional domain controller name is automatically appears. Press Change
System Admin Labs Sample 29 | P a g e B y : M U H A M M A D I Q B A L After changing At last, we will transferred last role “Schema master” To transferred “schema role” we need to run a command “regsvr32 schmmgt.dll” On ADC As we can see there is no any item in this console
System Admin Labs Sample 30 | P a g e B y : M U H A M M A D I Q B A L By default “Schema Master” role is disabled – we have to activate by using above mentioned command Actually this command adds “schema master” then using MMC console we can see this Go to MMC Without regsvr32 command it won’t appear here, have to run this command first Add this role
System Admin Labs Sample 31 | P a g e B y : M U H A M M A D I Q B A L Now we can transfer this role from server (dc) to server2 (ADC)
System Admin Labs Sample 32 | P a g e B y : M U H A M M A D I Q B A L Showed error so first we remove this error
System Admin Labs Sample 33 | P a g e B y : M U H A M M A D I Q B A L This error comes because of DNS and firewall is not configured After removing both errors Error means alternate DNS server has Loop back IP- have to remove first
System Admin Labs Sample 34 | P a g e B y : M U H A M M A D I Q B A L Now we will verify that, all the roles have been transferred to Server2 (ADC) On ADC Here we can see all the roles have been transferred

Recommended

Deploying IBM Sametime 9 on AIX 7.1
Deploying IBM Sametime 9 on AIX 7.1Deploying IBM Sametime 9 on AIX 7.1
Deploying IBM Sametime 9 on AIX 7.1jackdowning
 
Tsm ad restore
Tsm ad restoreTsm ad restore
Tsm ad restoresuwit
 
Drupal, Memcache and Solr on Windows
Drupal, Memcache and Solr on WindowsDrupal, Memcache and Solr on Windows
Drupal, Memcache and Solr on WindowsAlessandro Pilotti
 
systemd
systemdsystemd
systemdSusant Sahani
 
Kdump
KdumpKdump
KdumpLingfei Kong
 
Volume migration from one aggregate to other without impacting the applicatio...
Volume migration from one aggregate to other without impacting the applicatio...Volume migration from one aggregate to other without impacting the applicatio...
Volume migration from one aggregate to other without impacting the applicatio...Saroj Sahu
 
2 srs
2 srs2 srs
2 srshanmya
 
Systemd for administrators
Systemd for administratorsSystemd for administrators
Systemd for administratorsSusant Sahani
 

Recommended

Deploying IBM Sametime 9 on AIX 7.1
Deploying IBM Sametime 9 on AIX 7.1Deploying IBM Sametime 9 on AIX 7.1
Deploying IBM Sametime 9 on AIX 7.1jackdowning
 
Tsm ad restore
Tsm ad restoreTsm ad restore
Tsm ad restoresuwit
 
Drupal, Memcache and Solr on Windows
Drupal, Memcache and Solr on WindowsDrupal, Memcache and Solr on Windows
Drupal, Memcache and Solr on WindowsAlessandro Pilotti
 
systemd
systemdsystemd
systemdSusant Sahani
 
Kdump
KdumpKdump
KdumpLingfei Kong
 
Volume migration from one aggregate to other without impacting the applicatio...
Volume migration from one aggregate to other without impacting the applicatio...Volume migration from one aggregate to other without impacting the applicatio...
Volume migration from one aggregate to other without impacting the applicatio...Saroj Sahu
 
2 srs
2 srs2 srs
2 srshanmya
 
Systemd for administrators
Systemd for administratorsSystemd for administrators
Systemd for administratorsSusant Sahani
 
Using the tivoli storage manager hsm client for windows redp4126
Using the tivoli storage manager hsm client for windows redp4126Using the tivoli storage manager hsm client for windows redp4126
Using the tivoli storage manager hsm client for windows redp4126Banking at Ho Chi Minh city
 
Process Scheduler and Balancer in Linux Kernel
Process Scheduler and Balancer in Linux KernelProcess Scheduler and Balancer in Linux Kernel
Process Scheduler and Balancer in Linux KernelHaifeng Li
 
How to access the Netapp cluster mode 8.2 through CLI (command mode)
How to access the Netapp cluster mode 8.2 through CLI (command mode)How to access the Netapp cluster mode 8.2 through CLI (command mode)
How to access the Netapp cluster mode 8.2 through CLI (command mode)Saroj Sahu
 
IBM Lotus Domino Domain Monitoring (DDM)
IBM Lotus Domino Domain Monitoring (DDM)IBM Lotus Domino Domain Monitoring (DDM)
IBM Lotus Domino Domain Monitoring (DDM)Austin Chang
 
Tech X Virtualization Tips
Tech X Virtualization TipsTech X Virtualization Tips
Tech X Virtualization TipsYoussef EL HADJ
 
Simplify and run your development environments with Vagrant on OpenStack
Simplify and run your development environments with Vagrant on OpenStackSimplify and run your development environments with Vagrant on OpenStack
Simplify and run your development environments with Vagrant on OpenStackB1 Systems GmbH
 
Cluster aware updating v1.0
Cluster aware updating v1.0Cluster aware updating v1.0
Cluster aware updating v1.0hypervnu
 
Guide to clone_sles_instances
Guide to clone_sles_instancesGuide to clone_sles_instances
Guide to clone_sles_instancesSatheesh Thomas
 
6048618 cloning-procedure-of-r12-single-tier
6048618 cloning-procedure-of-r12-single-tier6048618 cloning-procedure-of-r12-single-tier
6048618 cloning-procedure-of-r12-single-tierbalaji29
 
10215 A 10
10215 A 1010215 A 10
10215 A 10Juanchi_43
 
Howto Pxeboot
Howto PxebootHowto Pxeboot
Howto PxebootRogério Sampaio
 
DB2UDB_the_Basics Day 5
DB2UDB_the_Basics Day 5DB2UDB_the_Basics Day 5
DB2UDB_the_Basics Day 5Pranav Prakash
 
3 processes
3 processes3 processes
3 processesBaliThorat1
 
KB Article 1-FINAL
KB Article 1-FINALKB Article 1-FINAL
KB Article 1-FINALJohn McKnight
 
Users guide
Users guideUsers guide
Users guideHorlarthunji Azeez
 
GUIDE - Migrating AWS EBS backed AMI's between Regions
GUIDE - Migrating AWS EBS backed AMI's between RegionsGUIDE - Migrating AWS EBS backed AMI's between Regions
GUIDE - Migrating AWS EBS backed AMI's between RegionsRob Linton
 
Server-410_RatanMohapatra
Server-410_RatanMohapatraServer-410_RatanMohapatra
Server-410_RatanMohapatraRatan Mohapatra
 
Step by step enabling automatic dhcp server backup
Step by step enabling automatic dhcp server backupStep by step enabling automatic dhcp server backup
Step by step enabling automatic dhcp server backuplaonap166
 
Where to start with power cli
Where to start with power cliWhere to start with power cli
Where to start with power cliChris Halverson
 
How to Transfer Magento Project from One Server to another Server
How to Transfer Magento Project from One Server to another ServerHow to Transfer Magento Project from One Server to another Server
How to Transfer Magento Project from One Server to another ServerKaushal Mewar
 
system state backup restore
system state backup restoresystem state backup restore
system state backup restoressuser1eca7d
 
patchVantage Cloud Starter Pack
patchVantage Cloud Starter Pack patchVantage Cloud Starter Pack
patchVantage Cloud Starter Pack David McNish
 

More Related Content

What's hot

Using the tivoli storage manager hsm client for windows redp4126
Using the tivoli storage manager hsm client for windows redp4126Using the tivoli storage manager hsm client for windows redp4126
Using the tivoli storage manager hsm client for windows redp4126Banking at Ho Chi Minh city
 
Process Scheduler and Balancer in Linux Kernel
Process Scheduler and Balancer in Linux KernelProcess Scheduler and Balancer in Linux Kernel
Process Scheduler and Balancer in Linux KernelHaifeng Li
 
How to access the Netapp cluster mode 8.2 through CLI (command mode)
How to access the Netapp cluster mode 8.2 through CLI (command mode)How to access the Netapp cluster mode 8.2 through CLI (command mode)
How to access the Netapp cluster mode 8.2 through CLI (command mode)Saroj Sahu
 
IBM Lotus Domino Domain Monitoring (DDM)
IBM Lotus Domino Domain Monitoring (DDM)IBM Lotus Domino Domain Monitoring (DDM)
IBM Lotus Domino Domain Monitoring (DDM)Austin Chang
 
Tech X Virtualization Tips
Tech X Virtualization TipsTech X Virtualization Tips
Tech X Virtualization TipsYoussef EL HADJ
 
Simplify and run your development environments with Vagrant on OpenStack
Simplify and run your development environments with Vagrant on OpenStackSimplify and run your development environments with Vagrant on OpenStack
Simplify and run your development environments with Vagrant on OpenStackB1 Systems GmbH
 
Cluster aware updating v1.0
Cluster aware updating v1.0Cluster aware updating v1.0
Cluster aware updating v1.0hypervnu
 
Guide to clone_sles_instances
Guide to clone_sles_instancesGuide to clone_sles_instances
Guide to clone_sles_instancesSatheesh Thomas
 
6048618 cloning-procedure-of-r12-single-tier
6048618 cloning-procedure-of-r12-single-tier6048618 cloning-procedure-of-r12-single-tier
6048618 cloning-procedure-of-r12-single-tierbalaji29
 
DB2UDB_the_Basics Day 5
DB2UDB_the_Basics Day 5DB2UDB_the_Basics Day 5
DB2UDB_the_Basics Day 5Pranav Prakash
 

What's hot (14)

Using the tivoli storage manager hsm client for windows redp4126
Using the tivoli storage manager hsm client for windows redp4126Using the tivoli storage manager hsm client for windows redp4126
Using the tivoli storage manager hsm client for windows redp4126
 
Process Scheduler and Balancer in Linux Kernel
Process Scheduler and Balancer in Linux KernelProcess Scheduler and Balancer in Linux Kernel
Process Scheduler and Balancer in Linux Kernel
 
How to access the Netapp cluster mode 8.2 through CLI (command mode)
How to access the Netapp cluster mode 8.2 through CLI (command mode)How to access the Netapp cluster mode 8.2 through CLI (command mode)
How to access the Netapp cluster mode 8.2 through CLI (command mode)
 
IBM Lotus Domino Domain Monitoring (DDM)
IBM Lotus Domino Domain Monitoring (DDM)IBM Lotus Domino Domain Monitoring (DDM)
IBM Lotus Domino Domain Monitoring (DDM)
 
Tech X Virtualization Tips
Tech X Virtualization TipsTech X Virtualization Tips
Tech X Virtualization Tips
 
Simplify and run your development environments with Vagrant on OpenStack
Simplify and run your development environments with Vagrant on OpenStackSimplify and run your development environments with Vagrant on OpenStack
Simplify and run your development environments with Vagrant on OpenStack
 
Cluster aware updating v1.0
Cluster aware updating v1.0Cluster aware updating v1.0
Cluster aware updating v1.0
 
Guide to clone_sles_instances
Guide to clone_sles_instancesGuide to clone_sles_instances
Guide to clone_sles_instances
 
6048618 cloning-procedure-of-r12-single-tier
6048618 cloning-procedure-of-r12-single-tier6048618 cloning-procedure-of-r12-single-tier
6048618 cloning-procedure-of-r12-single-tier
 
10215 A 10
10215 A 1010215 A 10
10215 A 10
 
Howto Pxeboot
Howto PxebootHowto Pxeboot
Howto Pxeboot
 
DB2UDB_the_Basics Day 5
DB2UDB_the_Basics Day 5DB2UDB_the_Basics Day 5
DB2UDB_the_Basics Day 5
 
3 processes
3 processes3 processes
3 processes
 
KB Article 1-FINAL
KB Article 1-FINALKB Article 1-FINAL
KB Article 1-FINAL
 

Similar to System Admin Guide to Active Directory Backup and Recovery

GUIDE - Migrating AWS EBS backed AMI's between Regions
GUIDE - Migrating AWS EBS backed AMI's between RegionsGUIDE - Migrating AWS EBS backed AMI's between Regions
GUIDE - Migrating AWS EBS backed AMI's between RegionsRob Linton
 
Server-410_RatanMohapatra
Server-410_RatanMohapatraServer-410_RatanMohapatra
Server-410_RatanMohapatraRatan Mohapatra
 
Step by step enabling automatic dhcp server backup
Step by step enabling automatic dhcp server backupStep by step enabling automatic dhcp server backup
Step by step enabling automatic dhcp server backuplaonap166
 
Where to start with power cli
Where to start with power cliWhere to start with power cli
Where to start with power cliChris Halverson
 
How to Transfer Magento Project from One Server to another Server
How to Transfer Magento Project from One Server to another ServerHow to Transfer Magento Project from One Server to another Server
How to Transfer Magento Project from One Server to another ServerKaushal Mewar
 
system state backup restore
system state backup restoresystem state backup restore
system state backup restoressuser1eca7d
 
patchVantage Cloud Starter Pack
patchVantage Cloud Starter Pack patchVantage Cloud Starter Pack
patchVantage Cloud Starter Pack David McNish
 
Windows command d - m
Windows command d - mWindows command d - m
Windows command d - mSummit Bisht
 
Privileges Escalation by Exploiting Client-Side Vulnerabilities Using Metasploit
Privileges Escalation by Exploiting Client-Side Vulnerabilities Using MetasploitPrivileges Escalation by Exploiting Client-Side Vulnerabilities Using Metasploit
Privileges Escalation by Exploiting Client-Side Vulnerabilities Using MetasploitVishal Kumar
 
Automating Active Directory mgmt in PowerShell
Automating Active Directory mgmt in PowerShellAutomating Active Directory mgmt in PowerShell
Automating Active Directory mgmt in PowerShellConcentrated Technology
 
RMAN in 12c: The Next Generation (WP)
RMAN in 12c: The Next Generation (WP)RMAN in 12c: The Next Generation (WP)
RMAN in 12c: The Next Generation (WP)Gustavo Rene Antunez
 
Aggregate persistence wizard
Aggregate persistence wizardAggregate persistence wizard
Aggregate persistence wizardreturnasap
 
Sap basis made_easy321761331053730
Sap basis made_easy321761331053730Sap basis made_easy321761331053730
Sap basis made_easy321761331053730K Hari Shankar
 
New sap installation post installation
New sap installation post installationNew sap installation post installation
New sap installation post installationdkeerthan
 
Handson1 6 federp
Handson1 6 federpHandson1 6 federp
Handson1 6 federpfederpmatc
 
Windows command a to c
Windows command a to cWindows command a to c
Windows command a to cSummit Bisht
 

Similar to System Admin Guide to Active Directory Backup and Recovery (20)

Users guide
Users guideUsers guide
Users guide
 
GUIDE - Migrating AWS EBS backed AMI's between Regions
GUIDE - Migrating AWS EBS backed AMI's between RegionsGUIDE - Migrating AWS EBS backed AMI's between Regions
GUIDE - Migrating AWS EBS backed AMI's between Regions
 
Server-410_RatanMohapatra
Server-410_RatanMohapatraServer-410_RatanMohapatra
Server-410_RatanMohapatra
 
Step by step enabling automatic dhcp server backup
Step by step enabling automatic dhcp server backupStep by step enabling automatic dhcp server backup
Step by step enabling automatic dhcp server backup
 
Where to start with power cli
Where to start with power cliWhere to start with power cli
Where to start with power cli
 
How to Transfer Magento Project from One Server to another Server
How to Transfer Magento Project from One Server to another ServerHow to Transfer Magento Project from One Server to another Server
How to Transfer Magento Project from One Server to another Server
 
system state backup restore
system state backup restoresystem state backup restore
system state backup restore
 
patchVantage Cloud Starter Pack
patchVantage Cloud Starter Pack patchVantage Cloud Starter Pack
patchVantage Cloud Starter Pack
 
Windows command d - m
Windows command d - mWindows command d - m
Windows command d - m
 
Windows command D -M
Windows command D -M Windows command D -M
Windows command D -M
 
Privileges Escalation by Exploiting Client-Side Vulnerabilities Using Metasploit
Privileges Escalation by Exploiting Client-Side Vulnerabilities Using MetasploitPrivileges Escalation by Exploiting Client-Side Vulnerabilities Using Metasploit
Privileges Escalation by Exploiting Client-Side Vulnerabilities Using Metasploit
 
Automating Active Directory mgmt in PowerShell
Automating Active Directory mgmt in PowerShellAutomating Active Directory mgmt in PowerShell
Automating Active Directory mgmt in PowerShell
 
Samba
SambaSamba
Samba
 
RMAN in 12c: The Next Generation (WP)
RMAN in 12c: The Next Generation (WP)RMAN in 12c: The Next Generation (WP)
RMAN in 12c: The Next Generation (WP)
 
Aggregate persistence wizard
Aggregate persistence wizardAggregate persistence wizard
Aggregate persistence wizard
 
Sap basis made_easy321761331053730
Sap basis made_easy321761331053730Sap basis made_easy321761331053730
Sap basis made_easy321761331053730
 
New sap installation post installation
New sap installation post installationNew sap installation post installation
New sap installation post installation
 
Handson1 6 federp
Handson1 6 federpHandson1 6 federp
Handson1 6 federp
 
000 235
000 235000 235
000 235
 
Windows command a to c
Windows command a to cWindows command a to c
Windows command a to c
 

System Admin Guide to Active Directory Backup and Recovery

  • 1. System Admin Labs Sample 1 | P a g e B y : M U H A M M A D I Q B A L Types of Backup 1- System Backup Or Active Directory Backup 2- Additional Domain Controller (ADC) 3- Active Directory Recycle bin 1- Active Directory Backup & Recovery Requirements for Backup  Active Directory must exist  Need to install a feature “Windows backup feature”  Requires approximately 30-40min to take backup of an AD  Need dedicated Hard disk, or other media Why do we need AD / system backup? Let’s suppose, we have a lot of things in system AD like, 100 OU, and each OU as 1000 users plus each OU has 2000 policies. What happen if any disaster happens? To overcome this, off course we need a backup of either whole directory or partial backup from where we can restore in case of any disaster. Note: it is recommended that, you take backup on different HD or other system, not on the same drive. Advantages of AD backup  Recover deleted objects  Recover crashed system How to take AD backup There are two (2) ways to create a system backup GUI& CMD OR Either we use GUI or cmd,following window will open
  • 2. System Admin Labs Sample 2 | P a g e B y : M U H A M M A D I Q B A L This means, we need to install one feature before we start back up. This feature name is “windows server backup”. How to install that feature on GUI and CMD Once you have installed this feature, you can see Here there are types of Backup under “windows server backup” on most right top bar. Types of Backup on GUI We learn only how to create, but we will do this same process via CMD
  • 3. System Admin Labs Sample 3 | P a g e B y : M U H A M M A D I Q B A L Backup once option Next window will be Next will be to select right location where you want to save this backup
  • 4. System Admin Labs Sample 4 | P a g e B y : M U H A M M A D I Q B A L On next option you can select the right location Once you press “Next” the error will generate This means, the backup drive is also in same system, which is not recommended that is why this message generates. Still you can back up on same drive. When you press YES . Next window will be the last option before backup starts
  • 5. System Admin Labs Sample 5 | P a g e B y : M U H A M M A D I Q B A L After this backup will start But as I mentioned earlier- we only wanted to discuss and learn how to take the back up on GUI. That is very simple, so we try to learn backup on CMD. Backup schedule option Here we will set the time frame according to requirements
  • 6. System Admin Labs Sample 6 | P a g e B y : M U H A M M A D I Q B A L Because we don’t have dedicated hard drive so we will select 2nd option
  • 7. System Admin Labs Sample 7 | P a g e B y : M U H A M M A D I Q B A L When we add the destination This way we will create different types of backup using GUI. Create system state or AD backup using CMD Similarly, to create backup on cmd, we have to install “windows backup feature” which is already installed here.
  • 8. System Admin Labs Sample 8 | P a g e B y : M U H A M M A D I Q B A L On server command line we write this command This command shows some more commands which can be use here. For backup we need “start systemstatebackup” command When we write this command, it will show you some errors or asking for target location; where you want this back up. Even it shows the exact syntax for this command(read the example – last line)
  • 9. System Admin Labs Sample 9 | P a g e B y : M U H A M M A D I Q B A L When we press “yes” – the backup will start. It takes approximately 30-40min. Back up has been finished While, the backup is happening Real life Scenarios for Backup and Recovery Scenario#1: - to see the solution go to page#20 let’s suppose while the backup is in progress, we add something in AD  Add one OU (mkt)  And some users in that OU Now the scenario is that, we will check are these new things comes in this backup when we restore Let suppose, our system has crashed and we have this backup and we created some OU and users during the backup Now we learn how to restore this backup using GUI or CMD
  • 10. System Admin Labs Sample 10 | P a g e B y : M U H A M M A D I Q B A L Restore the system from Backup Very important:To restore the backup “we need to go Active Directory SAFE MODE” During installation of Active Directory Domain Services (AD DS), you set the Administrator password for logging on to the server in DSRM. When you start Windows Server 2008R2 in DSRM, you must log on by using this DSRM password for the local Administrator account Following slide shows you- if we recall our memoryduring the installation of active directory This password is require before you go to “DSRM-Directory services Reset mode” Let suppose, we have forgot that password- Is this password is recoverable or not ? Yes it is recoverable– this password is inside “NTDS” folder, so we have to run “ntdsutil” on command prompt. Recover DSRM Password - On DC normal mode Now we will recover the password for DSRM. We can get some help by using “?”
  • 11. System Admin Labs Sample 11 | P a g e B y : M U H A M M A D I Q B A L Here we use this option or command to recover DSRM password How to get help to use this option Now we use proper command “ reset password on server %s” as we can see that , it says ! “Use NUL for local machine” Note: DSRM pw goes in “null” folder or database” while users password goes to “SAM” database. Then we type null after the command It prompts for new password We have seen that password has been reset . And next prompt is again on “reset DSRM admin password”, we have to come out from this prompt. You can restart a domain controller in DSRM manually by pressing the F8 key during domain controller startup Here we can see, we can’t access Active directory.- we have to use that recovered password to access DSRM-Select DSRM (Directory Services Restore Mode)
  • 12. System Admin Labs Sample 12 | P a g e B y : M U H A M M A D I Q B A L but we have to login without DC administrator, where we use recovered PW. We are now on “DSRM”- can recover DSRM (directory Services restore mode) Restore the Backup Before we start recovery of backed up AD, make sure this backup is available on “D-drive” This verifies that we are on safe mode- where we can’t access any service(s).
  • 13. System Admin Labs Sample 13 | P a g e B y : M U H A M M A D I Q B A L On GUI we can see that Here we can see that backup is available now we can recover by using this utility. Here it will show the available backup and time when it happened
  • 14. System Admin Labs Sample 14 | P a g e B y : M U H A M M A D I Q B A L We have to select which one we want (in case if multiple backups are available) Here we can select what we want “either whole drive” or “simple folders”
  • 15. System Admin Labs Sample 15 | P a g e B y : M U H A M M A D I Q B A L Once we press recover, it restoration will start. Restore Backup using Command Prompt User the appropriate command Its mean we have to check the available version of backup.
  • 16. System Admin Labs Sample 16 | P a g e B y : M U H A M M A D I Q B A L Here we used command “wbadmin get versions” to get available versions, as we can see that backup time and dates is showing. Create Additional Domain Controller Requirments to create ADC i. Install another Sever2008R2 ii. Create Active driectory or run Dcpromo–using Existing forest iii. Assign ADC IP and DNS IP of Main Server (DC)- to join with DC iv. Assign all DC FSMO roles to ADC – one by one Let’s suppose we have installaed server2008R2 on another system and have installed active direcory. After that iii-Assign IP and DNS (DC) IP on ADC iv-Rundcpromo on ADC Here try to understand this statement “add a domiain controller to an existing domain”- here add=additional. Which means system already has one domain, now we need another domain which would be addional domain
  • 17. System Admin Labs Sample 17 | P a g e B y : M U H A M M A D I Q B A L Remmember: we already have a DC that is DC+forest, that is why DC has 5 roles and ADC will be existing forest on Here clearly asking, that write the name of forest where the installation will occur.When you press “Set” will ask Administration password
  • 18. System Admin Labs Sample 18 | P a g e B y : M U H A M M A D I Q B A L Will show the main sever (DC) name
  • 19. System Admin Labs Sample 19 | P a g e B y : M U H A M M A D I Q B A L There should be only one DNS server (which is server1) but we can create separate DNS for load balancing. Also there should be only one global catalog in a network
  • 20. System Admin Labs Sample 20 | P a g e B y : M U H A M M A D I Q B A L
  • 21. System Admin Labs Sample 21 | P a g e B y : M U H A M M A D I Q B A L Once this has done we can see on server 1 You will notice on startup
  • 22. System Admin Labs Sample 22 | P a g e B y : M U H A M M A D I Q B A L It is showing that server2 is part of corvit.com Furthermore we can notice, now what ever we add on server1 it will add on server2 as well and vice versa We can also verify by pinging any user Server1 pinging successfully Server2 pinging successfully
  • 23. System Admin Labs Sample 23 | P a g e B y : M U H A M M A D I Q B A L Additional Domain Controller is ready Now we will assign/transfer FSMO roles to ADC which is on main server (DC).First we verify who have these FSMO roles First we check on DC (main server) Here we can see that main server (DC) has those FSMO roles Now we check ADC
  • 24. System Admin Labs Sample 24 | P a g e B y : M U H A M M A D I Q B A L Here we notice that FSMO roles are on DC, which proves that “these 5 roles assign to only one person in a forest How to check same things on GUI mode On DC We can see both servers have GC, it means both servers has global database. Time to transfer these FSMO roles from Sever (DC) to Server2 (ADC) Remember: we will do this step by step 1. Transfer three (3) Domain’s roles (RID,PDC and infrastructure) first 2. Transfer two (2) Forest roles (Domain naming master and Schema master) First we transfer Domain’s roles one by one, as shown in the picture
  • 25. System Admin Labs Sample 25 | P a g e B y : M U H A M M A D I Q B A L We’ve transferred RID role, as you can read that, only one server on the domain performs this role Verify RID role has changed from server.corvit.com to server2.corvit.com Here we can see PDC still has server.corvit.com role
  • 26. System Admin Labs Sample 26 | P a g e B y : M U H A M M A D I Q B A L After changing Now last one infrastructure Before changing
  • 27. System Admin Labs Sample 27 | P a g e B y : M U H A M M A D I Q B A L After changing Up to here all domain roles have been transferred from server(DC) to ADC(server2) For verification we check FSMO On ADC On DC Schema master and Domain naming master roles are still on server(DC)
  • 28. System Admin Labs Sample 28 | P a g e B y : M U H A M M A D I Q B A L Now we transfer other two (2) forest roles Again we will use ADC computer Note: as we notice, when we were changing “domain roles” we change under “corvit.com” domain. Now to change for forest will use “active directory domains and trust” On ADC (server2) When we pressed “changed button”- this message appears Read this: it say this role will be unique. Only one Active directory controller can perform this role. Additional domain controller name is automatically appears. Press Change
  • 29. System Admin Labs Sample 29 | P a g e B y : M U H A M M A D I Q B A L After changing At last, we will transferred last role “Schema master” To transferred “schema role” we need to run a command “regsvr32 schmmgt.dll” On ADC As we can see there is no any item in this console
  • 30. System Admin Labs Sample 30 | P a g e B y : M U H A M M A D I Q B A L By default “Schema Master” role is disabled – we have to activate by using above mentioned command Actually this command adds “schema master” then using MMC console we can see this Go to MMC Without regsvr32 command it won’t appear here, have to run this command first Add this role
  • 31. System Admin Labs Sample 31 | P a g e B y : M U H A M M A D I Q B A L Now we can transfer this role from server (dc) to server2 (ADC)
  • 32. System Admin Labs Sample 32 | P a g e B y : M U H A M M A D I Q B A L Showed error so first we remove this error
  • 33. System Admin Labs Sample 33 | P a g e B y : M U H A M M A D I Q B A L This error comes because of DNS and firewall is not configured After removing both errors Error means alternate DNS server has Loop back IP- have to remove first
  • 34. System Admin Labs Sample 34 | P a g e B y : M U H A M M A D I Q B A L Now we will verify that, all the roles have been transferred to Server2 (ADC) On ADC Here we can see all the roles have been transferred