Active Directory - Backup, Restore
Knowledge Base Questions & Answers
What must be done to backup AD (Active Directory)?
System state’s data backup must be done to backup of AD.
What data contains System State?
System State contains:
-
AD (database including other files in NTDS folder) (only on DC (Domain Controller)).
-
Boot and system files.
-
DFSR (Distributed File System Replication) staging.
-
AD CS (Active Directory Certificate Services) (only if Certificate Authority server is installed).
-
Cluster Service Database (only if Failover Cluster server is installed).
-
COM+ class registration database.
-
File system junctions.
-
Group Policies settings (only on DC).
-
IIS (Internet Information Services) meta-directory (only if IIS server is installed).
-
Registry
-
Netlogon shared folders: default profiles, system policies, logon/logoff/startup/shutdown scripts.
-
SYSVOL (System Volume) folder (only on DC).
What are AD Restore types?
There are two AD Restore types:
-
Non-Authoritative Restore (D2 restore).
-
Authoritative Restore (D4 restore).
What is Non-Authoritative Restore of AD?
-
Non-Authoritative Restore is the default method to restore AD, and it is using when its data lost or corrupted.
-
It restores a DC to its state at the time of backup. After restoring of DC, the local copy of SYSVOL is compared with its replication partners. After restarting DC, SYSVOL replicates any necessary changes to itself, bringing restored DC up-to-date with the other DCs within the domain.
-
To perform a Non-Authoritative restore, DC must be started in DSRM (Directory Services Restore Mode).
What is the Authoritative Restore of AD?
-
Authoritative Restore performs restoring of DC from backup, and after making up necessary configurations, the AD marks the local SYSVOL as authoritative and replicates it to the other DCs within the domain.
-
It has abilities to restore only particular objects.
For example, if OU (Organizational Unit) was deleted. The Authoritative Restore will be able to restore just this object.
-
To perform an Authoritative restore, DC must be started in DSRM.
-
Authoritative Restores need to use ntdsutil utility.
-
Authoritative Restore often needed when human error is involved, such as when an administrator accidentally deletes some objects and that change replicated to the other DCs and the object cannot be recreated easily.
What is DSRM (Directory Services Restore Mode)?
-
DSRM is a special boot mode, which is using for repairing or recovering AD.
-
It is used to login to the computer when AD has failed or needs to be restored on DC.
DNS (Domain Name System) - Resource Record
Knowledge Base Questions & Answers
What is a “DNS Resource Record,” and what are some of its types?
“DNS Resource Record” is a piece of information in the DNS that links domain names to specific IP (Internet Protocol) addresses or other data, enabling devices to find each other on the internet.
What are the different types of DNS resource records?
There are the following types of DNS resource records:
-
A (Address) Record
-
AAAA (IPv6 Address) Record
-
CNAME (Canonical Name)
-
MX (Mail Exchanger) Record
-
NS (Name Server) Record
-
TXT (Text) Record
-
PRT (Pointer) Record
-
SRV (Service) Record
-
SOA (Start Of Authority) Record
What is “A (Address) Record” (Host Record)?
-
“A (Address) Record” (Host Record) is used to resolve FQDN (Fully Qualified Domain Name), for example, of server, to the associated IP address.
-
For example, the DNS name mail.itguidespro.com points to the IP address 20.20.20.20.
What is “AAAA Record” (Host Record)?
“AAAA Record” (Host Record) resolves FQDN to IPv6 (Internet Protocol Version 6) addresses.
What is a “CNAME (Canonical Name) Record” (Alias Record)?
-
“CNAME (Canonical Name) Record” (Alias Record) sets an Alias for a resource.
-
Network and internet resources can have several “CNAME Records.”
-
For example, there is “A” record web-main.itguidespro.com, which points to the web-main.itguidespro.com resource, and there is a “CNAME Record” web-backup.itguidespro.com, which is pointed to the “A” record web-main.itguidespro.com, so both these records are pointing to the same resource, web-main.itguidespro.com.
-
“CNAME Record” doesn’t require an existing “A” record for the Alias it creates, but it does require that the target of the Alias will have an “A” record. For example, creating a “CNAME Record” for mail-backup.itguidespro.com will point to the mail-main.itguidespro.com server; there must be an “A” or AAAA record for mail-main.itguidespro.com.
What is an “MX (Mail Exchanger) Record”?
-
“MX (Mail Exchanger) Record” is responsible for forwarding email messages to the specific mail server.
-
Several “MX Records” can be created to forward emails to different mail servers to implement the HA (High Availability) solution.
-
“MX Record” must be created with a priority number. A lower priority number means a higher priority. The higher priority number is “0”.
-
Example of “MX Record”:
itguidespro.com. 3600 IN MX 0 mail. itguidespro.com.
Where:-
itguidespro.com. - Domain name that is used by the mail system.
-
3600 - TTL (Time-To-Live). This record tells other DNS servers and clients that the “MX Record” will be cached on the host for up to 3600 seconds (one hour).
-
MX - Tells that it is “MX Record”.
-
0 - Priority of “MX Record.”
-
mail.itguidespro.com. - DNS name where emails should be sent.
-
What is an “NS (Name Server) Record”?
-
“NS (Name Server) Record” identifies the authoritative name servers for a domain.
-
There must be at least one “NS Record” for every DNS server in the DNS zone.
-
Example of “NS Record”:
itguidespro.com. 3600 IN NS web.itguidespro.com.
Where:-
itguidespro.com. - Domain name.
-
3600 - TTL. This record will remain in the system cache for 3600 seconds (one hour).
-
NS - Tells that it is an “NS Record.”
-
web.itguidespro.com. - DNS server that serves DNS requests for the domain itguidespro.com.
-
What is the “TXT (Text) Record”?
-
“TXT (Text) Record” is used to store text information for a domain.
-
It can be used for different purposes, such as email authentication or adding additional information about the domain.
What is a “PTR (Pointer) Record”?
-
“PTR (Pointer) Record” creates a pointer that maps an IP address to a resource for reverse lookups.
-
All these records are created within the “Reverse Lookup Zone.”
What is the “SRV (Service Location) Record”?
-
“SRV (Service Location) Record” provides information about specific network services available within a domain.
-
It is commonly used to locate email servers, web servers, and other network services.
-
“SRV Record” contains all service information of the DNS server, like port, target, priority, etc.
-
Example of “SRV Record” for Exchange server:
_smtp._tcp.abc.com. 3600 IN SRV 10 5 25 mail.abc.com.
Where:-
_smtp. - Indicates that this “SRV Record” pertains to the SMTP (Simple Mail Transfer Protocol) email service.
-
_tcp. - Specifies that the service uses the TCP (Transmission Control Protocol).
-
abc.com. - Domain name.
-
3600 - TTL.
-
IN - Class of the record (IN for internet).
-
SRV - Resource record type.
-
10 - Priority level of the target server. The lover number is a higher priority.
-
5 - Weight of the target server when multiple servers have the same priority. Higher weight values receive more traffic.
-
25 - Port number on which the SMTP service is available.
-
mail.abc.com. - FQDN (Fully Qualified Domain Name) of the SMTP service’s server.
-
What is “SOA (Start Of Authority) Record”?
-
“SOA (Start Of Authority) Record” declares that the DNS server is authoritative for the zone (which includes domain and subdomain names).
-
Each zone must have one “SOA Record,” which is created automatically when a zone is created.
-
The following purposes of “SOA Record” are:
-
It contains information about the zone.
-
It has a TTL value, used by default for all resource records in the zone.
-
It includes the current zone serial number, which is used in zone transfers.
-
-
Example of SOA record:
itguidespro.com. IN SOA ns1.itguidespro.com admin. itguidespro.com. (
2023010101 ; Serial
7200 ; Refresh
7200 ; Retry
172800 ; Expire
3600 ; Negative Cache TTL
) -
Where:
-
itguidespro.com. - Domain name the “SOA Record” is associated with.
-
IN - Class of the record (IN for internet).
-
SOA - Indicates that this is an “SOA Record.”
-
ns1.itguidespro.com - Primary master NS for the domain. This server holds the definitive copy of the domain’s zone file.
-
admin.itguidespro.com. - Administrative contact for the domain’s zone file, typically the email address of the domain administrator with the “@” replaced by a dot (.). Original mail address: admin@itguidespro.com.
-
What is a “Static DNS Record”?
-
A manually created DNS entry is called a “Static DNS Record.”
-
“Static DNS Records” usually are configured for internet resources (websites, etc.).
-
It is not automatically updated, and the changes must be done manually.
What is TTL (Time-To-Live)?
TTL (Time-To-Live) specifies how long the DNS Record will be held in the computer’s local DNS cache until it must be resolved again.
What is “Negative Cache TTL”?
-
“Negative Cache TTL” is the duration for which a DNS server caches a “domain not found” or “resource record not found” response.
-
It helps prevent repeated queries to the DNS server for names that do not exist.
Experience-Based/Practical Questions & Answers
Is assigning multiple IP addresses to the “A” record possible?
-
This technique is often used for DNS round-robin LB (Load Balancing) and redundancy. When a domain has multiple “A” records pointing to a different IP address, DNS servers will rotate through these addresses in response to queries, distributing the load across multiple servers.
-
This method, however, does not consider server load or health, so it may direct traffic to servers that are down or overwhelmed.
How does MX record work?
-
The sender’s email server performs a DNS query for the MX records of the recipient’s domain by looking up the domain’s DNS information.
-
The sender’s email server selects the mail server with the lowest priority number (highest preference) from the MX records and sends the email to that server. If that server is unavailable, the server with the next lowest priority number is used.
What are the benefits of increasing the TTL (Time-To-Live) value?
There are the following benefits of increasing the TTL (Time-To-Live) value:
-
Reduces the number of queries to DNS servers.
-
Improves DNS resolution performance.
-
Decrease network traffic.
What is the drawback of the increasing value of TTL?
When a record is updated on the DNS Server, but the user’s computer still has an “old” DNS record, it will prevent the user from accessing valid service.
How do you check the DNS record’s TTL value on the command prompt?
-
Run the command to clear DNS cache:
ipconfig /flushdns -
Run command:
nslookup -
Then run the command:
set debug -
Type DNS record or IP address and press enter. In our case, it is bbc.com.
-
On the output, look at the ttl value. This output shows 15 (15 seconds) for all IP addresses.
How to view all DNS records for a specific domain?
-
Run command:
nslookup -
Then run the command:
set type=all -
Type the DNS domain name and press enter. In our example, it is cvs.com.
