About the role of Active Directory
|Article:HOWTO13582|||||Created: 2008-01-05|||||Updated: 2013-10-17|||||Article URL http://www.symantec.com/docs/HOWTO13582|
When you protect a domain controller with Backup Exec System Recovery, be aware of the following:
If your domain controller is Windows Server 2003, it supports VSS. Backup Exec System Recovery automatically calls VSS to prepare the Active Directory database for backup. Windows 2000 Domain Controllers do not support VSS. In cases where the domain controller is running on a Windows 2000 server, the Active Directory database must be backed up using NTbackup before using Backup Exec System Recovery to protect the full system. This process can be automated with an external command that Backup Exec System Recovery calls. When you create a backup job, you have the option to enter external commands. This provides a simple process for protecting domain controllers that do not support VSS.
In order to participate on a domain, every domain computer must negotiate a trust token with a domain controller. This token is refreshed every 30 days by default. This time frame can be changed, and is referred to as a secure channel trust. But a trust token contained in a recovery point cannot be automatically updated by the domain controller. Therefore, when a computer is recovered with a recovery point that contains an outdated token, the recovered computer cannot participate in the domain until it has been added to the domain by someone with the proper credentials.
In most cases, domain controllers should be restored non-authoritatively. This prevents outdated objects in the Active Directory from being restored. Outdated objects are referred to as tombstones. Active Directory does not restore data older than the limits it sets. Restoring a valid recovery point of a domain controller is the equivalent of a non-authoritative restore. Refer to the Microsoft documentation to determine which type of restore that you want to perform. A non-authoritative restore prevents tombstone conflicts.
Article URL http://www.symantec.com/docs/HOWTO13582