Active Directory - Backup, Restore
Knowledge Base Questions & Answers
What must be done to backup AD (Active Directory)?
System state’s data backup must be done to backup of AD.
What data contains System State?
System State contains:
-
AD (database including other files in NTDS folder) (only on DC (Domain Controller)).
-
Boot and system files.
-
DFSR (Distributed File System Replication) staging.
-
AD CS (Active Directory Certificate Services) (only if Certificate Authority server is installed).
-
Cluster Service Database (only if Failover Cluster server is installed).
-
COM+ class registration database.
-
File system junctions.
-
Group Policies settings (only on DC).
-
IIS (Internet Information Services) meta-directory (only if IIS server is installed).
-
Registry
-
Netlogon shared folders: default profiles, system policies, logon/logoff/startup/shutdown scripts.
-
SYSVOL (System Volume) folder (only on DC).
What are AD Restore types?
There are two AD Restore types:
-
Non-Authoritative Restore (D2 restore).
-
Authoritative Restore (D4 restore).
What is Non-Authoritative Restore of AD?
-
Non-Authoritative Restore is the default method to restore AD, and it is using when its data lost or corrupted.
-
It restores a DC to its state at the time of backup. After restoring of DC, the local copy of SYSVOL is compared with its replication partners. After restarting DC, SYSVOL replicates any necessary changes to itself, bringing restored DC up-to-date with the other DCs within the domain.
-
To perform a Non-Authoritative restore, DC must be started in DSRM (Directory Services Restore Mode).
What is the Authoritative Restore of AD?
-
Authoritative Restore performs restoring of DC from backup, and after making up necessary configurations, the AD marks the local SYSVOL as authoritative and replicates it to the other DCs within the domain.
-
It has abilities to restore only particular objects.
For example, if OU (Organizational Unit) was deleted. The Authoritative Restore will be able to restore just this object.
-
To perform an Authoritative restore, DC must be started in DSRM.
-
Authoritative Restores need to use ntdsutil utility.
-
Authoritative Restore often needed when human error is involved, such as when an administrator accidentally deletes some objects and that change replicated to the other DCs and the object cannot be recreated easily.
What is DSRM (Directory Services Restore Mode)?
-
DSRM is a special boot mode, which is using for repairing or recovering AD.
-
It is used to login to the computer when AD has failed or needs to be restored on DC.
DNS (Domain Name System) - Server
Knowledge Base Questions & Answers
What are the different types (roles) of the “DNS Servers”?
There are five types (roles) of “DNS Servers”:
-
Authoritative DNS Server
-
Non-Authoritative (Caching) DNS Server
-
Primary (Master) DNS Server
-
Secondary (Slave) DNS Server
-
Caching-Only DNS Server
What is the “Authoritative DNS Server”?
-
“Authoritative DNS Server” holds a particular domain’s actual DNS records (A, CNAME, PTR, etc.).
-
For example, if a company has a DNS server with an “A” record for itguidespro.com, then this DNS server will be authoritative for itguidespro.com.
What is a “Non-Authoritative (Caching) DNS Server”?
-
“Non-Authoritative (Caching) DNS Server,” also known as a “Recursive Resolver” or “Caching Resolver,” is a type of DNS server that helps clients find the IP (Internet Protocol) address associated with a domain name.
-
It retrieves the DNS information from the authoritative DNS Server and caches it for faster responses to future queries.
What is the “Primary (Master) DNS Server”?
“Primary (Master) DNS Server” hosts the primary zone, which contains all the authoritative information for a domain and includes essential information such as the IP address of a resource.
What is the “Secondary DNS Server”?
-
“Secondary (Slave) DNS Server” is a backup for the primary DNS server, where it maintains a read-only copy of the DNS zone.
-
It is used for LB (Load Balancing) of DNS requests between DNS servers.
What is a “Caching-Only DNS Server”?
-
“Caching-Only DNS Server” performs name resolution queries, caches the answers, and returns the results to the DNS clients.
-
After the answer, the query stores in the cache. The next time, the query is resolved locally from the cache instead of going to another DNS server.
-
“Caching-Only DNS Server” does not contain zone information.
Experience-Based/Practical Questions & Answers
What are the advantages and disadvantages of using a “Secondary DNS Server” and a “Caching-Only DNS Server”?
-
The main advantage of having a “Secondary DNS Server” is that you have zone data on it, which allows it to work as the backup of the “Primary DNS Server” and perform LB.
-
“Caching-Only DNS Server” has data in the cache, and if it receives a query for a domain resource, which it did not answer before, then it will contact the “Primary DNS Server” or “Secondary DNS Server” for it.
-
Suppose the “Primary DNS Server” or “Secondary DNS Server” is unavailable. In that case, the “Caching-Only DNS Server” server will provide answers until the DNS records’ TTL (Time-To-Live) expires. Therefore, in a while, it cannot provide DNS resolution.