Active Directory - Backup, Restore
Knowledge Base Questions & Answers
What must be done to backup AD (Active Directory)?
System state’s data backup must be done to backup of AD.
What data contains System State?
System State contains:
-
AD (database including other files in NTDS folder) (only on DC (Domain Controller)).
-
Boot and system files.
-
DFSR (Distributed File System Replication) staging.
-
AD CS (Active Directory Certificate Services) (only if Certificate Authority server is installed).
-
Cluster Service Database (only if Failover Cluster server is installed).
-
COM+ class registration database.
-
File system junctions.
-
Group Policies settings (only on DC).
-
IIS (Internet Information Services) meta-directory (only if IIS server is installed).
-
Registry
-
Netlogon shared folders: default profiles, system policies, logon/logoff/startup/shutdown scripts.
-
SYSVOL (System Volume) folder (only on DC).
What are AD Restore types?
There are two AD Restore types:
-
Non-Authoritative Restore (D2 restore).
-
Authoritative Restore (D4 restore).
What is Non-Authoritative Restore of AD?
-
Non-Authoritative Restore is the default method to restore AD, and it is using when its data lost or corrupted.
-
It restores a DC to its state at the time of backup. After restoring of DC, the local copy of SYSVOL is compared with its replication partners. After restarting DC, SYSVOL replicates any necessary changes to itself, bringing restored DC up-to-date with the other DCs within the domain.
-
To perform a Non-Authoritative restore, DC must be started in DSRM (Directory Services Restore Mode).
What is the Authoritative Restore of AD?
-
Authoritative Restore performs restoring of DC from backup, and after making up necessary configurations, the AD marks the local SYSVOL as authoritative and replicates it to the other DCs within the domain.
-
It has abilities to restore only particular objects.
For example, if OU (Organizational Unit) was deleted. The Authoritative Restore will be able to restore just this object.
-
To perform an Authoritative restore, DC must be started in DSRM.
-
Authoritative Restores need to use ntdsutil utility.
-
Authoritative Restore often needed when human error is involved, such as when an administrator accidentally deletes some objects and that change replicated to the other DCs and the object cannot be recreated easily.
What is DSRM (Directory Services Restore Mode)?
-
DSRM is a special boot mode, which is using for repairing or recovering AD.
-
It is used to login to the computer when AD has failed or needs to be restored on DC.
DNS (Domain Name System)
Knowledge Base Questions & Answers
What is a DNS?
DNS is a service to resolve the FQDN (Fully Qualified Domain Name) to IP (Internet Protocol) address and vice versa.
What is “Name Resolution”?
“Name Resolution” is the process of translating human-readable domain names (like itguidespro.com) into resource IP addresses (like 136.15.21.36) to enable communication between devices on the internet.
What is a “DNS Resolver”?
“DNS Resolver” is a software component that translates domain names into IP addresses.
What are the different levels of the DNS domain hierarchy?
There are four levels of DNS domain hierarchy:
-
Root Domain
-
TLD (Top Level Domain)
-
SLD (Second Level Domain)
-
Subdomain
What is “Root Domain”?
-
“Root Domain” in the DNS hierarchy is represented by a single dot (.) and is at the highest level of the DNS structure.
-
It doesn’t directly appear in domain names.
-
“Root Domain” contains information about all the TLDs’ authoritative DNS servers.
-
While there are 13 “Root Server Clusters,” each cluster can consist of multiple servers, amounting to several hundred servers worldwide.
What is the TLD (Top Level Domain)?
-
TLD (Top-Level Domain) is the last segment of a domain name, represented by extensions like “.com,” “.org,” “.net,” etc.
-
TLD DNS servers manage the DNS records for the domains registered under that specific TLD.
What is SLD (Second Level Domain)?
-
SLD (Second Level Domain) is the portion of the domain name that appears to the left of the TLD.
-
It usually represents the organization, company, or entity registering the domain.
-
For example, in the domain name itguidespro.com, itguidespro is the SLD.
What is a Subdomain?
-
A Subdomain is a part of a larger domain that is added to the left of both the SLD and the TLD to categorize or organize specific sections within the main domain.
-
For example, blog.itguidespro.com features blog as a Subdomain of the domain itguidespro.com.
What is the FQDN (Fully Qualified Domain Name), and what does it consist of?
-
FQDN (Fully Qualified Domain Name) is the address of a resource on the internet.
-
It includes the resource name (if any), SLD, and the TLD.
-
For example app.itguidespro.com
What are the port numbers and protocols DNS is using?
-
DNS uses Port 53.
-
It uses the UDP (User Datagram Protocol) by default.
-
If UDP is malfunctioning, TCP (Transmission Control Protocol) is used.
What is “DNS Round-Robin”?
-
“DNS Round-Robin” aims to distribute incoming client requests evenly across multiple servers or IP addresses associated with a domain name.
-
It helps balance the load, improves performance, and provides redundancy in case of server failures.
What is “DNS LB (Load Balancing)”?
-
“DNS LB (Load Balancing)” distributes client requests across multiple servers and ensures high availability.
-
It uses techniques like round-robin or other algorithms.
What is “Split DNS” (Split-Horizon DNS)?
-
“Split DNS” (Split-Horizon DNS) is a configuration where separate DNS servers or zones provide different responses based on the source of the DNS query.
-
It improves security, performance, and control over DNS resolution.
What is “DNS Propagation,” and how long does it typically take?
-
“DNS Propagation” is the time it takes for DNS changes to be updated across all DNS servers worldwide.
-
It typically takes a few to 48 hours but can vary depending on factors like TTL (Time-To-Live) settings and DNS caching.
What is “DNS Dynamic Updates”?
“DNS Dynamic Updates” is a feature that allows devices to automatically register and update their DNS records in a DNS server.
What is “Domain Parking,” and what is its purpose?
“Domain Parking” is a service provided by domain registrars where they place a registered domain on a default webpage until the owner decides how to use it.
What is “DNS Cache Poisoning,” and how is it carried out?
-
“DNS Cache Poisoning” is a cyberattack where an attacker corrupts the data in a DNS resolver’s cache, leading users to malicious websites instead of legitimate ones.
-
It’s done by injecting fake DNS responses into the cache.
Experience-Based/Practical Questions & Answers
How can you prevent DNS query hijacking or DNS spoofing attacks?
-
Implement DNSSEC (Domain Name System Security Extensions) for data integrity and authentication.
-
Configure your DNS resolvers to use secure and reputable DNS servers.
-
Implement a “DNS Firewall” (DNS Filtering) to detect and block DNS spoofing attempts.
-
These solutions can help identify and prevent DNS queries to known malicious domains or IP addresses.