Nexus Backup and Restore Procedures:

 

Nexus backup and restore are done on the Eng2k DC server. The backup and restore procedure are actually very easy to do and also must be done with the Administrator account or the Super User account. The backup process of Apex/Nexus is done once a week in the Engineering Computing server room. In this document I will go through the backup procedures first then the restore procedure.

 

 

Backup:

 

All the DCs of Apex/Nexus files are backup onto file first then copied to Eng2k to backup onto tape.

 

Apex DCs Laputa and Ohmu files are backup through a network share on Isabeau. This is due to the limited amount of disk space that is on the servers.

 

Nexus DCs Grandis, Nausicaa, and Eng2k files are backup onto local disk. Grandis and Nausicaa put in C:\Backup. Eng2k has a specific disk for the backup files.

 

Each server has 2 backup files, one file for all data on the server and one for the system state only. System state is the active directory, COM+ files, boot files, the registry and the SYSVOL files. When you restore sysvol files, you will have to restore the files back onto the original location. If you do not, the files will not be restored.

 

Backup procedure:

 

Apex Full Backup:

 

1.)    Mount the backup partition on Isabeau onto Laputa or Ohmu. Authenticate.    

e.g. z:\\isabeau\w2kbc

2.)    Click on “Start | Programs | Accessories | System Tools | Backup”.

3.)    Run the Backup wizard. Select “Back up everything on my computer”, then click NEXT.

4.)    Select the location for the file and the name of the file. Click NEXT.

e.g. z:\Ohmu-FB-Aug07-13.40.bkf*

                        * (FB = full backup, SS = System State, 13.40 = 1:40 pm.)

5.)    Click the Advanced button.

6.)    Keep the default “Normal” backup type, select “Back up migrated Remote Storage Data” button, then click NEXT.

7.)    Click NEXT. Do not select verify data after backup.*

 

* You only select this if you are backing up data onto to tape or onto the local disk. You will get verification errors if you are backing up data over the network.

8.)      Select “Replace the data on the media with this backup”, then “Allow only the owner and …” Click NEXT.

9.)    Type in names for both “Backup label” and “Media label”. Click NEXT.*

 

* I usually replace the “Set” and “Media” with the name of the computer and the type of backup it is.

* e.g. default label is “Set created 07/08/2002 at 14:42

* new label is “Ohmu FB created 07/08/2002 at 14:42

 

10.)                        Select “NOW” for “When to Back up”. Click NEXT, then FINISH.

 

 

Apex System State:

 

Repeat the same steps as above except for step 4. Instead of selecting “Back up everything on computer”, select “Only back up the System State data”. Click NEXT.

 

Nexus Full Backup:

 

1.)    Click on “Start | Programs | Accessories | System Tools | Backup”.

2.)    Run the Backup wizard. Select “Back up selected files, drivers., or network data”, then click NEXT.

2b.) For Eng2k, select “FILE” for backup media type instead of 4mm DDS. Select the location of the file. Click NEXT.

3.)    Select C:, D:, E:.

3b.) For Grandis and Nausicaa, expand C: drive to show all files and folders, unclick the Backup folder. Click NEXT

3c.) For Eng2k, do not select F: and skip 3b. Click NEXT.

4.)    Select the location for the file and the name of the file. Click NEXT.

 

Grandis and Nausicaa:  C:\Backup\Grandis-FB-Aug07-13.40.bkf*

                        Eng2k:            F:\Backup\Eng2k-FB-Aug07-13.40.bkf*

                       

* (FB = full backup, SS = System State, 13.40 = 1:40 pm.)

 

5.)    Click the Advanced button.

6.)    Keep the default “Normal” backup type, DO NOT select “Back up migrated Remote Storage Data” button, then click NEXT.

7.)    Select verify data after backup. Click NEXT.

8.)    Select “Replace the data on the media with this backup”, then “Allow only the owner and …” Click NEXT.

9.)    Type in names for both “Backup label” and “Media label”. Click NEXT.*

 

* I usually replace the “Set” and “Media” with the name of the computer and the type of backup it is.

* e.g. default label is “Set created 07/08/2002 at 14:42

* new label is “Ohmu FB created 07/08/2002 at 14:42

 

10.)                        Select “NOW” for “When to Back up”. Click NEXT, then FINISH.

 

 

Nexus System State:

 

Repeat the same steps as above except for step 4. Instead of selecting “Back up everything on computer”, select “Only back up the System State data”. Click NEXT.

 

Tape Backup of all backup files on Eng2k:

 

1.)    Log into Eng2k. Mount Nausicaa, Grandis and Isabeau\w2kbc to Eng2k.

e.g. \\nausicaa\c$, \\grandis\c$, \\isabeau\w2kbc

 

2.)    Copy all system state files to Eng2k F:\Backup\SystemState.

3.)    Copy all full backup files to Eng2k F:\Backup\FullBackup.

4.)    Insert a blank tape into the tape drive. You might be prompted with a message stating that the tape is not “prepared” for backup. Answer yes to “prepare” the tape .

5.)    Click on “Start | Programs | Accessories | System Tools | Backup”.

6.)    Select the “Backup Wizard”. Click NEXT.

7.)    Select “Back up selected files, drives, or network data”. Click NEXT.

8.)    Select F:\Backup. Click NEXT.

9.)    Select “4mm DDS” as the back up media type. Select the name of the file. Click NEXT.

10.)                        Click Advanced.

11.)                        Keep the default “normal” type of back up operation. Do not select “Back up migrated Remote Storage Data”. Click NEXT.

12.)                        Select “Verify date after backup” and “User hardware compression, if available”. Click NEXT.

13.)                        Select “Replace the data on the media with this backup” and “Allow only the owner and the Administrator access …”. Click NEXT.

14.)                        Type in names for both “Backup label” and “Media label”. Click NEXT.*

 

* I usually replace the “Set” and “Media” with the name of the computer and the type of backup it is.

* e.g. default label is “Set created 07/08/2002 at 14:42

* new label is “Ohmu FB created 07/08/2002 at 14:42

 

15.)                        Select “NOW” as of “When to Back up”. Click NEXT and then FINISH.

 

 

Restoration:

 

There are 2 types of restore from tape, Non-Authoritative and Authoritative. In Non-Authoritative mode, Windows Backup restores all files, including Active Directory objects, with their original Update Sequence Number (USN) or numbers. The Active Directory replication system uses the USN to detect and replicate changes to the Active Directory to all of the domain controllers on the network. All data that is restored non-authoritatively appears to the Active Directory replication system as old data. Old data is never replicated to any other domain controllers. The Active Directory replication system updates the restored data with newer data from other domain controllers. An authoritative restore resolves this issue.

 

Restoring the System State on a Domain Controller

 

To restore the system state on a domain controller, first start the computer in Directory Services Restore Mode.

 

1.) Restart the computer and press the F8 key when you see the “Boot” menu.

2.) Choose “Directory Services Restore Mode”.

3.) Choose the Windows 2000 installation you are going to recover, and then press ENTER.

4.) At the logon prompt, type in the password credential during the Dcpromo process.

5.) Click “OK to go into Safe mode.

6.) Click Start | Programs | Accessories | System Tools | Backup”.

7.) Click the Restore tab.

8.) Click the appropriate backup media and the system state to restore.

NOTE: During the restore operation, the Winnt\Sysvol folder must also be selected to be restored to have a working sysvol after the recovery process. Be sure that the advanced option to restore "junction points and data" is also selected prior to the restore. This ensures that sysvol junction points are re-created. In the Restore Files to box, click Original Location.

NOTE: When you choose to restore a file to an alternative location or to a single file, not all system state data is restored. These options are used mostly for boot files or registry keys.

 

9.) Click Start Restore”.

10.) After the restore process is finished, restart the computer.

 

Authoritative Restore


1.) After the data has been restored, use Ntdsutil.exe to perform the authoritative restore:

2.) At a command prompt, type “NTDSUTIL”, and then press ENTER.

3.) Type “authoritative restore” and then press ENTER.

4.) Type “restore database”, press ENTER, click OK, and then click Yes.


Restore a Subtree

 

In many cases you may not want to restore the entire database due to the replication impact this would have on your domain or forest. The following steps will allow you to authoritatively restore a subtree within a Forest.

 

1.) Restart the domain controller.

2.) When the Windows 2000 Startup menu is displayed, select Directory ServicesRestore Mode, and then press ENTER.

3.) At a command prompt, type "ntdsutil" (without the quotation marks), and then press ENTER.

4.) Type "authoritative restore" (without the quotation marks), and then press ENTER.

 

Type "restore subtree "ou=<OU Name>,dc=<domain name>,dc=<xxx>"" (without the quotation marks), and then press ENTER, where <OU Name> is the name of the organizational unit you want to restore, <domain name> is the domain name the OU resides in, and <xxx> is the top level domain name of the domain controller, such as com, org, or net.

 

5.) Type "quit" (without the quotation marks), press ENTER, type "quit" (without the quotation marks), and then press ENTER.

6.) Type "exit" (without the quotation marks), and then press ENTER.

7.) Restart the domain controller.

 

 

Recovery of Operation Masters

The best documentation I've read on Active Directory disaster recovery is from Compaq's white paper. It is a must read for all Windows 2000 administrators.

Last updated: Wed August 07 14:38:41 EDT 2002 by Hon