Plan for backup and recovery
Major changes since NTBackup
- Windows Server backup no longer supports tape media
- Windows Server backup on Windows Server 2008 does not support scheduled optical or remote share backups; Windows Server 2008 R2 does support scheduled remote share backups but with the caveat of only one backup being stored.
- The smallest backup object is a volume
- Only NTFS volumes can be backed up
- Backups are stored as VHD files
- Windows Server backup on Windows Server 2008 R2…
- …supports the inclusion or exclusion of files, file types and paths.
- …incremental backup forever
- …system state backup use shadow copy versions to minimise the backup set size
The backup operator role can only schedule adhoc backups; full administrator rights are required to configured scheduled backups.
Ideally backup sets should be kept offsite and where data is encrypted, encryption recovery keys should be kept with the backup set too. If using a disaster recovery site then adequate resource should be available; one benefit of Windows Server backup is that backup files are stored as VHD files, so virtualisation at the disaster recovery site is a viable solution.
Windows Server backup can restore applications that have Volume Shadow Service writer functionality in a more simplified manner; Windows Server backup will restore the application data, configuration settings and application program.
File recovery where duplicates exists will either overwrite, make a copy or ignore.
Server Recover Strategy
Complete server recovery requires you boot from the installation DVD and select repair; this will enter into Windows Recovery Environment (WinRE), from here you can select a backup to restore. This restore can also be used on differing hardware. NOTE full recovery requires the new disk be at least the same size as the original.
Directory Service Recovery strategy
Active Directory Authoritative restores require you restart the domain controller in Directory Services Restore Mode. Once in *DSRM restore the system state backup then start ntdsutil activating the ntds instance. Type authoritative restore, restore subtree “OU=OUName,DC=Domain,DC=com”, once the **authoritative restore is complete restart the domain controller. NOTE: authoritative restores are only valid if you have more than one domain controller i.e a non-authoritative restore would do the trick.
*an easy way to get into DSRM is by modifying the boot database, use:
bcdedit /set safeboot dsrepair
then when the restore is complete
bcdedit /deletevalue safeboot
**During a authoritative restore you will be notified of numerous ldif files which contain back links i.e. group membership, etc. note these then use:
ldifde.exe -L -K [path to file]\ldif.filename
Tombstone lifetime by default is 180 days, you cannot recover anything older than the tombstone lifetime. The tombstone lifetime was previously 60 days in Windows Server 2003 RTM.
Object level recovery
Volume shadow copies for shared folders functionality allows end users to recover deleted or corrupted files. Shadow copies can be used on non-shared folders too.
A maximum of 64 shadow copies can be created, if the disk holding the shadow copies is out of disk space then the oldest shadow copy will be deleted. The default space available for shadow copies is 10% of available disk space and the default schedule is 7am every weekday.
Active Directory objects can be restored individually using Active Directory snapshots created with ntdsutil or system state backups.
To restore an object from a system state backup first restore the system state redirecting the restore to an empty volume, then mount the ntds.dit database using dsamain.exe, use ldp.exe to restore the AD DS object.
To restore an object from a ntdsutil snapshot, mount the snapshot using ntdsutil, mount the ntds.dit database using dsamain.exe then use use ldp.exe to restore the AD DS object.
Object level recovery of objects using authoritative restores type restore object rather restore authoritative.
Windows Server 2008 R2 domain controllers running forest functional level Windows Server 2008 R2 have the AD recycle bin functionality; the recycle bin is enabled via PowerShell and requires you restore object using PowerShell; objects deleted before AD recycle bin was enabled will be missing linked value replication information i.e. group membership.