Active Directory - Backup, Restore
Knowledge Base Questions & Answers
What must be done to backup AD (Active Directory)?
System state’s data backup must be done to backup of AD.
What data contains System State?
System State contains:
-
AD (database including other files in NTDS folder) (only on DC (Domain Controller)).
-
Boot and system files.
-
DFSR (Distributed File System Replication) staging.
-
AD CS (Active Directory Certificate Services) (only if Certificate Authority server is installed).
-
Cluster Service Database (only if Failover Cluster server is installed).
-
COM+ class registration database.
-
File system junctions.
-
Group Policies settings (only on DC).
-
IIS (Internet Information Services) meta-directory (only if IIS server is installed).
-
Registry
-
Netlogon shared folders: default profiles, system policies, logon/logoff/startup/shutdown scripts.
-
SYSVOL (System Volume) folder (only on DC).
What are AD Restore types?
There are two AD Restore types:
-
Non-Authoritative Restore (D2 restore).
-
Authoritative Restore (D4 restore).
What is Non-Authoritative Restore of AD?
-
Non-Authoritative Restore is the default method to restore AD, and it is using when its data lost or corrupted.
-
It restores a DC to its state at the time of backup. After restoring of DC, the local copy of SYSVOL is compared with its replication partners. After restarting DC, SYSVOL replicates any necessary changes to itself, bringing restored DC up-to-date with the other DCs within the domain.
-
To perform a Non-Authoritative restore, DC must be started in DSRM (Directory Services Restore Mode).
What is the Authoritative Restore of AD?
-
Authoritative Restore performs restoring of DC from backup, and after making up necessary configurations, the AD marks the local SYSVOL as authoritative and replicates it to the other DCs within the domain.
-
It has abilities to restore only particular objects.
For example, if OU (Organizational Unit) was deleted. The Authoritative Restore will be able to restore just this object.
-
To perform an Authoritative restore, DC must be started in DSRM.
-
Authoritative Restores need to use ntdsutil utility.
-
Authoritative Restore often needed when human error is involved, such as when an administrator accidentally deletes some objects and that change replicated to the other DCs and the object cannot be recreated easily.
What is DSRM (Directory Services Restore Mode)?
-
DSRM is a special boot mode, which is using for repairing or recovering AD.
-
It is used to login to the computer when AD has failed or needs to be restored on DC.
DNS (Domain Name System) - Query, Forwarding
Knowledge Base Questions & Answers
What is a “DNS Query”?
“DNS Query” is a request made by a client to a DNS server to find the IP (Internet Protocol) address associated with a specific domain name.
What are the different types of DNS queries?
There are the following types of DNS queries:
-
Recursive Query
-
Iterative Query
-
Reverse DNS Query (PTR (Pointer Record))
-
MX (Mail Exchanger) Record Query
-
NS (Name Server) Query
-
SRV (Service) Query
What is a “Recursive Query”?
-
A “Recursive Query” is a DNS query that is sent to a DNS server with the expectation that the server will fully resolve the query, providing a complete answer to DNS clients.
-
Suppose the DNS server receiving the “Recursive Query” cannot find the answer within its DNS zones or cache. In that case, it will work with other DNS servers using Recursive and Iterative queries to find the requested DNS record.
What is the “Iterative Query”?
An “Iterative Query” is a DNS query where the DNS server provides the best answer based on its local knowledge. If it doesn’t have the complete answer, it refers the client to another DNS server for further resolution.
What is a “Reverse DNS Query (PTR (Pointer Record))”?
“Reverse DNS Query (PTR (Pointer Record))” retrieves the domain name associated with a given IP address.
What is “DNS Forwarding,” and what are its benefits?
-
“DNS Forwarding” is a mechanism where a DNS server is configured to forward all queries it cannot resolve locally to another DNS server rather than to root or other DNS servers.
-
They allow the decrease of DNS traffic and increase the speed of resolving queries.
-
“DNS Forwarding” allows specifying several DNS servers.
-
They are configured on the DNS server level.
What is “DNS Caching”?
-
“DNS Caching” temporarily stores DNS information to avoid repeated DNS lookups.
-
It speeds up website access by remembering previously resolved domain names and their IP addresses.
-
It reduces network traffic and improves performance.
Experience-Based/Practical Questions & Answers
What are the benefits of using recursive queries on DNS servers?
There are the following benefits when you use recursive queries:
-
By supporting recursion, the DNS server can handle all the necessary iterative queries and follow the referrals on behalf of clients.
-
Recursive queries simplify the client’s resolution process - the client does not need to handle the complexity of following referrals and making multiple queries across different DNS servers. The recursive DNS server handles all of this, making the DNS resolution process more efficient and transparent for the client.
What are the drawbacks of using recursive queries on DNS servers?
There are the following possible drawbacks when you use recursive queries:
-
Increased network traffic for local DNS servers.
-
Possibilities of DDoS (Distributed Denial Of Service) attacks.
-
Privacy and security risks: Recursive queries involve sharing information about requested domain names with external DNS servers.
What is the flow of internet DNS recursive query?
-
Client request.
-
Local DNS resolver.
-
Recursive resolution.
-
Root DNS servers.
-
TLD (Top Level Domain) DNS servers.
-
SLD (Second Level Domain), which is an authoritative DNS server. DNS records are located on these servers.
-
Response to the client.
What are the benefits of using DNS forwarding?
There are the following benefits of DNS forwarding:
-
Improved DNS resolution efficiency.
-
Reduced network traffic on local DNS servers.
How does DNS forwarding work?
-
When a DNS client sends a query to a DNS server configured for forwarding, the DNS server first checks if the query can be resolved using its own zone data or the zone data stored in its cache.
-
If it cannot resolve the query, it forwards it to the DNS server configured in forwarding settings.
How does DNS caching improve DNS query performance?
-
DNS caching improves DNS query performance by storing previously resolved domain names and their corresponding IP addresses in a local cache.
-
It reduces network traffic, decreases response times, and offloads the workload from DNS servers, resulting in faster and more efficient DNS resolution.