A. Although you might have several domain controllers (DCs) providing fault tolerance for your domain, you still need to perform regular backups. Windows backs up AD as part of the System State and restores the directory by booting a DC into the Directory Services restore mode.
The default Directory Services restore mode is a nonauthoritative restoration. In this mode, Windows restores a DC's directory from the backup. Then, the DC receives from its replication partners new information that's been processed since the backup. For example, let's say we restore a DC using a 2-day-old backup. After the DC starts, its replication partners send all updates that have occurred in the past 2 days. This type of restore is typically used if a DC fails for hardware or software reasons.
An authoritative restoration restores the DC's directory to the state it was in when the backup was made, then overwrites all other DCs to match the restored DC, thereby removing any changes made since the backup. You don't have to perform an authoritative restoration of the entire directory--you can choose to make only certain objects authoritative. When you restore only parts of the directory, Windows updates the rest of the restored database by using information from the other DCs to bring the directory up-to-date, then replicates the objects that you mark as authoritative to the other DCs. This type of restore is most useful if you deleted, for example, an organizational unit (OU). In this case, you could restore an AD backup to a DC, mark the OU as authoritative, then start the DCs normally. Because you marked the OU as authoritative, Windows will ignore the fact that the OU was previously deleted, replicate the OU to the other DCs, and apply all other changes made since the backup to the restored DC from its replication partners.
Register
netman101 July 26, 2004 (Article Rating: