Step 1: Restore AD LDS Instance Data
Applies To: Windows Server 2008
You should back up Active Directory Lightweight Directory Services (AD LDS) data and log files regularly to ensure the continued availability of data to applications and users in the event of a system failure.
By default, each instance of AD LDS running on an AD LDS server stores its database file, Adamntds.dit, and the associated log files in %program files%Microsoft ADAMinstance_namedata, where instance_name is the AD LDS instance name. Include these files as part of the regular backup plan of your organization. You back up data for an AD LDS instance by backing up these files.
In the following sections, you back up your AD LDS instance data using the following tools:
For more information about installing Windows Server Backup, see Installing Windows Server Backup (http://go.microsoft.com/fwlink/?LinkId=96495).
For general information about Windows Server 2008 Windows Server Backup, you can view the Help on your server. To display Help, open Windows Server Backup, and then press F1.
Backing up AD LDS instance data with Windows Server Backup
Membership in the local Backup Operators group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).
Before you back up the AD LDS folder of an instance, use the Services snap-in to confirm that the instance is started. To start Services, click Start, click Administrative Tools, and then click Services. Because the instance service must be running when the files are backed up, you must use a backup utility (such as Windows Server Backup) that can back up open files. |
To back up an AD LDS instance using Windows Server Backup
1. Click Start, point to Administrative Tools, and then click Windows ServerBackup.
2. On the Action menu, click Backup once.
3. In the Backup Once Wizard, on the Backup options page, click Different options, and then click Next.
4. On the Select backup configuration page, click Custom, and then click Next.
5. Select the volume or volumes that contain the AD LDS database and log files, and then click Next.
You can install the AD LDS database and log files on separate volumes. |
6. On the Specify destination type page, select Local drives or Remote shared folder, depending on whether you want your backup to be stored locally or remotely.
7. On the Select backup destination page, specify the appropriate drive where you want the backup to be stored.
8. Complete the wizard to begin the backup operation.
If you backed up data from an NTFS file system volume, we recommend that you restore the data to an NTFS volume of the same version to prevent loss of data. |
Backing up AD LDS instance data with Dsdbutil.exe
With the Dsdbutil.exe tool, you can create installation media that corresponds only to the AD LDS instance that you want to back up, as opposed to backing up entire volumes that contain the AD LDS instance.
Membership in the local Backup Operators group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).
To create AD LDS installation media with Dsdbutil.exe
1. Click Start, right-click Command Prompt, and then click Run as administrator to open an elevated command prompt.
2. Type the following command, and then press ENTER:
dsdbutil
3. At the dsdbutil: prompt, type the following command, and then press ENTER:
activate instance <instance_name>
where <instance_name> is the name of the AD LDS instance that you want to create the installation media for.
Example:
activate instance instance1
At the dsdbutil: prompt, type the following command, and then press ENTER:
ifm
4. At the ifm: prompt, type the command for the type of installation media that you want to create, and then press ENTER:
create full <location>
where <location> is the path to the folder where you want the installation media to be created. You can save the installation media to a network shared folder or to any other type of removable media.
Example:
create full C:Backupinstance1
5. To exit dsdbutil:
a. At the ifm: prompt, type quit, and then press ENTER.
b. At the dsdbutil: prompt, type quit, and then press ENTER.
Source: Step 1: Back Up AD LDS Instance Data
Step 2: Restore AD LDS Instance Data p>
Applies To: Windows Server 2008
To restore your Active Directory Lightweight Directory Services (AD LDS) instance data, select a procedure that is most appropriate for your AD LDS restore scenario:
· Restore an existing AD LDS instance
· Restore a retired AD LDS instance
· Authoritatively restore an AD LDS instance
· Install an AD LDS replica from media
Restore an existing AD LDS instance
You can restore an existing AD LDS instance to its state at the time when its backup was created. When you restore a database for an existing AD LDS instance, you must stop the AD LDS instance before you run the restore operation. In addition, we recommend that you move (or delete) the existing database and log files from the AD LDS instance before you begin the restore operation.
If you restore an AD LDS backup over a running AD LDS instance, Windows Server Backup leaves the restored files in a pending state, and it does not write the files to disk until the computer reboots. In this situation, any directory changes that are made to the running AD LDS instance after Windows Server Backup is run are lost.
Membership in Administrators, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).
To restore an existing AD LDS instance
1. Stop the AD LDS instance that you just created, as follows:
a. Click Start, point to Administrative Tools, and then click Services.
b. In Services, right-click the AD LDS instance, and then click Stop.
If you accidentally start a restore of an AD LDS instance over a currently running AD LDS instance, we recommend that you immediately restart the computer, stop the AD LDS instance, and then perform the restoration again. |
2. Click Start, click Administrative Tools, and then click Windows ServerBackup.
3. On the Action menu, click Recover.
4. Follow the steps in the Recovery Wizard to specify the location of the source backup data and identify the specific backup from which you want to recover instance data:
a. In Select recovery type, click Files and folders, and then click Next.
b. In Select items to recover, browse to and select the folder that contains the instance data files. By default, AD LDS database and log files are located in %ProgramFiles%Microsoft ADAMinstance_namedata, where instance_name is the AD LDS instance name.
c. In Specify recovery options, click Original location and Overwrite existing files with recovered files, and then click Next.
5. To complete the restore, click Recover.
6. After the restore is complete, close Windows Server Backup.
7. Start the AD LDS instance as follows:
a. Click Start, point to Administrative Tools, and then click Services.
b. In Services, right-click the AD LDS instance, and then click Start.
You cannot use Windows Server Backup to restore an existing AD LDS instance with a backup that was created with the Dsdbutil.exe tool. To restore your existing AD LDS instance with a backup that was created with Dsdbutil.exe, see Appendix B: Restore an AD LDS Instance with a Backup Taken with Dsdbutil.exe. |
Restore a retired AD LDS instance
To restore a retired AD LDS instance (or to move a specific AD LDS instance from one server to another), you must begin the recovery process by creating a new AD LDS instance using the same settings that were specified during the installation of the AD LDS instance that you want to recover or move.
Membership in Administrators, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).
To restore a retired AD LDS instance
1. Using the Active Directory Lightweight Directory Services Setup Wizard, create an AD LDS instance, specifying the same settings that you used during your original (uninstalled) AD LDS installation. However, do not create an application directory partition during setup. For more information about creating AD LDS instances, see the Step-by-Step Guide for Getting Started with Active Directory Lightweight Directory Services (http://go.microsoft.com/fwlink/?LinkId=98679).
2. Stop the AD LDS instance that you just created, as follows:
a. Click Start, point to Administrative Tools, and then click Services.
b. In Services, right-click the AD LDS instance, and then click Stop.
If you accidentally start a restore of an AD LDS instance over a currently running AD LDS instance, we recommend that you immediately restart the computer, stop the AD LDS instance, and then perform the restoration again. |
3. Click Start, click Administrative Tools, and then click Wi
ndows ServerBackup.
4. On the Action menu, click Recover.
5. Follow the steps in the Recovery Wizard to specify the location of the source backup data and identify the specific backup from which you want to recover instance data.
6. In Select recovery type, click Files and folders, and then click Next.
7. In Select items to recover, browse to and select the folder that contains the instance data files. By default, AD LDS database and log files are located in %ProgramFiles%Microsoft ADAMinstance_namedata, where instance_name is the AD LDS instance name.
8. In Specify recovery options, click Original locations and Overwrite existing files with recovered files, and then click Next.
9. To complete the restore, click Recover.
10. After the restore is complete, close Windows Server Backup.
11. Start the AD LDS instance that you just created, as follows:
a. Click Start, click Administrative Tools, and then click Services.
b. In Services, right-click the AD LDS instance, and then click Start.
Backing up an ADAM instance on a computer running Windows Server 2003 and restoring it onto an AD LDS instance on a computer running Windows Server 2008 or Windows Server 2008 R2 is not supported. |
You cannot use Windows Server Backup to restore a retired AD LDS instance with a backup that was created with Dsdbutil.exe. To restore your existing AD LDS instance with a backup that was created with Dsdbutil.exe, see Appendix B: Restore an AD LDS Instance with a Backup Taken with Dsdbutil.exe. |
If you no longer have access to the retired AD LDS instance that you want to restore, (for example, the administrative account from the server that originally hosted the retired AD LDS instance is gone), you can take ownership and grant selected users permissions to the application, configuration, or schema partitions of this AD LDS instance. For more information, see article 958973 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=149116). |
Authoritatively restore an AD LDS instance
If objects in the directory are inadvertently deleted or modified, and if those objects are replicated in a configuration set, you must authoritatively restore those objects so that the correct version of the objects is replicated.
To authoritatively restore directory data, run the dsdbutil tool after you restore the data but before you restart the AD LDS instance. With dsdbutil, you can mark directory objects for authoritative restore. When an object is marked for authoritative restore, its update sequence number is changed so that the number is higher than any other update sequence number in the configuration set. This ensures that any data you restore is properly replicated throughout the configuration set.
Membership in Administrators, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).
To authoritatively restore an AD LDS instance
1. If it is running, stop the AD LDS instance for which data will be restored:
a. Click Start, point to Administrative Tools, and then click Services.
b. In Services, right-click the AD LDS instance, and then click Stop.
If you accidentally start a restore of an AD LDS instance over a currently running AD LDS instance, we recommend that you immediately restart the computer, stop the AD LDS instance, and then perform the restoration again. |
2. Click Start, click Administrative Tools, and then click Windows ServerBackup.
3. On the Action menu, click Recover.
4. Follow the steps in the Recovery Wizard to specify the location of the source backup data and to identify the specific backup from which you want to recover instance data.
5. In Select recovery type, click Files and folders, and then click Next.
6. In Select items to recover, browse to and select the folder that contains the instance data files. By default, AD LDS database and log files are located in %ProgramFiles%Microsoft ADAMinstance_namedata, where instance_name is the AD LDS instance name.
7. In Specify recovery options, click Original locations and Overwrite existing files with recovered files, and then click Next.
8. To complete the restore, click Recover.
9. After the restore is complete, close Windows Server Backup.
10. Click Start, right-click Command Prompt, and then click Run as administrator.
11. At the command prompt, type
the following command, and then press ENTER:
dsdbutil
12. At the dsdbutil: prompt, type the following command, and then press ENTER:
activate instance <instance_name>
where <instance_name> represents the service name of the AD LDS instance on which you want to restore data.
13. At the dsdbutil: prompt, type the following command, and then press ENTER:
authoritative restore
14. At the authoritative restore: prompt, type one of the commands in the following table.
Command |
Description |
restore object dn |
Performs authoritative restore of the directory object whose distinguished name is represented by dn. |
restore subtree dn |
Performs authoritative restore of the directory subtree whose distinguished name is represented by dn. |
15. To view the complete syntax for this command, and for information about the authoritative restore command in dsdbutil, at the authoritative restore: prompt, type:
16. Copy
17. ?
18. To exit dsdbutil:
a. At the authoritative restore: prompt, type quit, and then press ENTER.
b. At the dsdbutil: prompt, type quit, and then press ENTER.
19. Start the AD LDS instance as follows:
a. Click Start, click Administrative Tools, and then click Services.
b. In Services, right-click the AD LDS instance, and then click Start.
You cannot use Windows Server Backup to restore an AD LDS instance with a backup that was created with Dsdbutil.exe. To restore your existing AD LDS instance with a backup that was created with Dsdbutil.exe, see Appendix B: Restore an AD LDS Instance with a Backup Taken with Dsdbutil.exe. |
Install an AD LDS replica from media
When you install an AD LDS replica from media, you restore a backup of another AD LDS instance from the same configuration set, rather than performing a simple AD LDS replica installation.
Membership in Administrators, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).
If Dsdbutil.exe was used to create the installation media (backup) of your AD LDS instance data, skip Steps 1 through 7 and begin this procedure with Step 8. |
To install an AD LDS replica from media
1. Click Start, point to Administrative Tools, and then click Windows ServerBackup.
2. On the Action menu, click Recover.
3. Follow the steps in the Recovery Wizard to specify the location of the source backup data and identify the specific backup from which you want to recover instance data.
4. In Select recovery type, click Files and folders, and then click Next.
5. In Select items to recover, browse to and select the folder that contains the instance data files. By default, AD LDS database and log files are located in %ProgramFiles%Microsoft ADAMinstance_namedata where instance_name is the AD LDS instance name.
6. In Specify recovery options, click Another location, specify a temporary location for the recovered files, and then click Next.
7. To complete the restore, click Recover.
8. At a command prompt, type the following command, and then press ENTER:
%windir%adamadaminstall /adv
9. Follow the steps in the Active Directory Lightweight Directory Services Setup Wizard:
a. On the Select Options page, click A replica of an existing instance, and then click Next.
b. On the Joining a Configuration Set page, type the host name or Domain Name System (DNS) name of the computer where one of the remaining AD LDS instances of the configuration set is installed. Then, type the Lightweight Directory Access Protocol (LDAP) port number in use by that AD LDS instance, and then click Next.
c. On the Administrative Credentials for the Configuration Set page, click the account that is used as the AD LDS administrator for your first AD LDS instance.
d. On the Copying Application Information page, select From the restored backup files in these folders, specify the correct location of the installation media files in the Restored data folder field, leave the Restored data recovery folder field empty, and then click Next.
e. On the Copy Application Partition page, select the application directory partitions that you want to replicate to the new AD LDS instance.
f. Accept the default values on the remaining Active Directory Lightweight Directory Services Setup Wizard pages by clicking Next on each page, and then click Finish on the Completing the Active Directory Lightweight Directory Services Setup Wizard page.
You can also use this procedure to restore a retired AD LDS replica from media. However, we recommend that you first perform a metadata cleanup of any retired AD LDS replica that you plan to restore from media. For more information about metadata cleanup, see Appendix A: Metadata Cleanup for the Retired AD LDS Instances. |