Windows 2000 Backups
Users with the "Backup files and directories" or "Restore files and directories" permission can backup or restore files. On Windows 2000 computers Administrators and Server Operators can backup and restore data. NT server, users who are members of the Server Operators group can back up files. On NT workstation, other users who can backup any files include:
- Users who are in the local Backup Operators group.
Microsoft Backup Strategy
When choosing backup strategy consider what data requires backup, whether it is stored in a central location or if it resides on several computers, and how often the data should be backed up. The registry and the SAM on the domain controller should be backed up daily.
- System data - Important operating system files, databases, and directories. It may include:
- The registry
- System startup files
- Component services data class registration database
- Active Directory (Windows 2000 Servers only)
- Certificate server database (Windows 2000 Servers only)
- SYSVOL filder (Windows 2000 Servers only)
- User data - Applications installed by the user along with other data created by the users.
- Create an emergency repair disk (ERD).
Types of Backups
- Normal - Saves files and folders and shows they were backed up by clearing the archive bit.
- Copy - Saves files and folders without clearing the archive bit.
- Incremental - Saves files and folders that have been modified since the last backup. The archive bit is cleared.
- Differential - Saves files and folders that have been modified since the last backup. The archive bit is not cleared.
- Daily - Saves files and folders that have been changed that day. The archive bit is not cleared.
To perform a backup, select "Start", "Programs", "Accessories", "System Tools", and "Backup". The Windows 2000 "Backup Utility" will start. It has these tabs:
- Welcome - Includes:
- Backup Wizard - Options
- Backup everything.
- Backup selected files, drives, or network data.
- Only back up system state data.
- Restore Wizard - Used to restore data including system state data on computers that are not domain controllers. Restoring system state data is only done as a last resort to recover a failed system.
- Emergency Repair Disk - Used to create an emergency repair disk.
- Backup - Shows computer drives that can be backed up and allows selection for manual backup.
- Restore - Used to restore part or all of a backup.
- Schedule Jobs - Used to schedule backups.
Options Dialog Box
This dialog box may be entered by selecting "Tools" and "Options" from the menu from the Windows 2000 "Backup Utility". It has these tabs:
- General - Checkboxes:
- Compute selection information before backup and restore operations - Allows progression bar to be shown
- Use the catalogs on the media to speed up building restore catalogs on disk - The existing hard drive file catalog is used tor the backup tape.
- Verify data after the backup completes
- Backup the contents of mounted drives
- Show alert messages when I start Backup and Removable Storage is not running
- Show alert messages when I start Backup and there is compatible import media available
- Show alert messages when new media is inserted into Removable Storage
- Always move new import media into the backup media pool.
- Restore - When restoring a file that is already on my computer - Radio button options:
- Do not replace the file on my computer (recommended)
- Replace the file on disk only if the file is older
- Always replace the file on my computer
- Backup Type - Select the backup option to be one of:
- Backup Log - Amount of backup logging detail:
- Summary Only
- Copy full detail - Logs the names of files and directories backed up.
- Don't log
- Exclude Files - Select files to be excluded from the backup.
Restoring a Domain controller system
Domain controllers contain Active Directory data. Two restores:
- Nonauthoritative Active Directory restore - Active directory entries on other domain controllers overwrite older entries restored from backup.
- Authoritative Active Directory restore - Whan done, if any entries are marked as authoritative, those entries will replace other corresponding entries on other domain controllers.
How to restore a domain controller system:
- Reboot the domain controller.
- Press F8 while booting.
- Open Advanced Options Menu, select "Directory Services Restore Mode".
- Select the correct Windows 2000 Server operating system if more than one system is on the computer.
- During safe mode, press CTRL-ALT-DEL.
- Log on as Administrator.
- Select "Start", "Programs", "Accessories", "System Tools", and "Backup".
- Use the "Restore Wizard".
- After the restore, if an authoritative restore was done use the "ntdsutil" command line utility. Type "authoritative restore". Syntax for restoration of partial database format:
restore subtree OU=OUname, DC=domainname, DC=rootdomain
Type "restore database" to make the entire database authoritative.
- Reboot the Domain Controller.
Microsoft Backup Terms
- Backup Set - The group of files and directories that are stored on a tape during one backup session. Multiple backup sets may be stored on a tape.
- Family Set - Tapes that the backup set is stored on.
- Catalog - The list of directories and files stored on the backup set. It is stored on the last tape in the set.
- Backup Log - The log file for the backup which records the backup details including the date and files backed up.
- Append - Puts the new backup set after the previous set on the tape.
- Replace - Old backup sets are overwritten by the new backup.
- Verify after backup - Verifies whether the files were accurately saved on the tape.
- Backup Registry - Allows the system registry to be backed up.
- Restrict Access - Only allows administrators, backup operators, or the tape owner to use the tape for file recovery.
- Hardware Compression - Allows the backed up data to be compressed on the tape.
The registry cannot be restored remotely on a computer, but files may.
- Restore Registry - The system registry is restored from the tape to the local computer.
- Restore Permissions - The file and file permissions (Access control list entries) are restored to their state when the file was backed up. The file will have the default permissions of the directory it is restored to unless this option is chosen.
- Verify After Restore - It is confirmed that the files were correctly restored.
The registry cannot be restored remotely on a computer, but files may.
Scheduling the Backup
The AT command may be used to schedule backups from the command line interface. The most common way to schedule a back is to use the Windows 2000 "Backup Utility"by selecting "Backup" in the "Administrative Tools" section of the start menu. Select the "Backup" tab and click the "Schedule" button to set a schedule. A user name and password will be required to run the backup.
Common Backup Strategies
- Daily normal backup
- Weekly normal backup with daily differential backups.
- Weekly normal backup with daily incremental backups.
Removable Storage Tool
Used to manage removable media. Enter by right clicking "My Computer" and selecting "Manage".
Active Directory Storage and Restoration
Extensible Storage Engine
The Extensible Storage Engine is used by Active Directory to provide a transaction based database with fault tolerance. This means that partial transactions will not be stored but only complete transactions are logged. Log files are used to provide fault tolerance by writing the transaction to the log file before commiting it to the Active Directory database. There are three steps to saving a transaction:
- The transaction is written to a log file.
- The transaction is written to a Active Directory database page in memory.
- The transaction is committed to disk storage.
Directory Store Files that are Backed up
- Database file - Stored in SystemRoot\NTDS\ntds.dit, it holds all AD objects and attributes. Contains these tables:
- Object table - Has a row for each object in AD.
- Link table - Stores inter object relationship information.
- Schema table - Has a list of all objects and their attributes.
- Log file - The following files are stored in the System Rootdirectory in the NTDS folder.
- Checkpoint log files - Holds pointers to transaction logs that have been committed to the AD database. The file name is edb.chk.
- Transaction log files - Stores transactions that are either commited or are about to be committed to the AD database. The file name is edb.log. If more than one log file is used the log file name is edbhhhhhh.log where "hhhhhh" is a hexadecimal based number.
- Patch files - Manages data while backups are done. These files have the file extension ".pat".
- Reserve log files - Reserves hard drive space for transaction log files. The files names are res1.log and res2.log.
The AD restores are done by starting the computer in Directory Service Restore mode described in the "System Failure" section of this guide.
- Non-Authoritative Restore - Changes are accepted from other domain controllers after the backup is done.
- Authoritative Restore - Changes are NOT accepted from other domain controllers after the backup is done.
- recovery without Restore - Transaction logs are used to recover uncommited AD changes after a system crash. This is done by the system automatically without using a restore from a tape backup.