Multimaster replication provides both failover support and Active Directory protection. A copy of the AD DS database is stored on all domain controllers within a domain, so if one is lost and you do not have access to backup data, you can perform a recovery by reinstalling the domain controller from scratch and replicating the database from other domain controllers . In addition, methods exist for retrieving deleted or tombstoned items in AD DS . Also, you can configure items so they cannot be deleted and monitor attribute changes . All these topics are discussed in Lesson 2, "Performing Offline Maintenance." However, these techniques do not always provide the best method for data recovery. For example, objects you restore from tombstone containers do not include all their previous attributes .
When you restore AD DS data from a backup created by Windows Server Backup, you restore all object attributes, and you do not need to reassign attributes such as group membership . AD DS is automatically backed up whenever you back up the critical volumes on a domain controller. You can also perform an Active Directory backup by performing a system state backup
Although performing a system state backup backs up all Active Directory objects, the nature of Active Directory replication means that a recovered AD DS object is likely to be deleted again unless it is marked as authoritative . The process of performing an authoritative restore is covered later in this lesson. However, you should be aware that the technique for restoring a deleted GPO is significantly different from restoring a user account or organizational unit (OU) tree . GPOs are backed up using the Group Policy Management console, and you should use this console, rather than Directory Services Restore Mode, to recover deleted GPOs
To back up GPOs, open the Group Policy Management console so that the Group Policy Objects container is visible . Right-click Group Policy Objects, shown in Figure 8-4, and select Back Up All. As part of this process, you must specify a location and a description for the backup . You should choose a location that is normally backed up as part of the Windows Server Backup routine
Was this article helpful?