Fotolia

Q
Problem solve Get help with specific problems with your technologies, process and projects.

Dealing with Active Directory restore challenges

What are the biggest challenges with backing up Active Directory?

The Active Directory made its debut in Windows 2000 Server and although it has been enhanced over the years, it still adheres to the same basic structure that it did 15 years ago. As such, Active Directory backups are well supported by all of the major backup vendors and the procedure is well documented by Microsoft.

When it comes to Active Directory backup challenges, it isn't really the backup process that is challenging, but rather the recovery. Backing up the Active Directory is usually very simple and straightforward, but the recovery can be a bit more complicated.

The Active Directory is a database, and the objects in this database each have a sequence number (Microsoft calls this the Update Sequence Number or USN). When a domain controller is restored from backup, the newly restored domain controller is compared against existing domain controllers and any missing objects are replicated to the newly restored domain controller.

The problem with this model is that it always brings the newly restored domain controller up to a current state. There may be instances in which the domain needs to be reverted to an earlier point in time. This requires an authoritative restoration to be performed. Since this isn't exactly a procedure that most people perform on a daily basis, IT admins may need to research the process.

Another challenge has to do with Flexible Single Master Operations Roles (FSMO). In an Active Directory domain, there are domain controllers known as FSMO role holders that perform special housekeeping tasks. This is important because it is unlikely that every domain controller is being backed up.

If a domain controller fails and there is no backup for it, the administrator will have to determine whether it held any FSMO roles. If the domain controller held one or more of these roles then the roles will have to be seized by another domain controller in order to keep the Active Directory healthy.

Next Steps

Avoid challenges when restoring Active Directory

How hardware can impact the Active Directory restore process

How to perform an Active Directory restore

This was last published in December 2014

Dig Deeper on Backup and recovery software

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchSolidStateStorage

SearchCloudStorage

SearchDisasterRecovery

SearchStorage

SearchITChannel

Close