About restoring individual Active Directory and ADAM/AD LDS objects

Article:HOWTO23305  |  Created: 2010-01-01  |  Updated: 2011-07-28  |  Article URL http://www.symantec.com/docs/HOWTO23305
Article Type
How To

Product(s)

Subject


About restoring individual Active Directory and ADAM/AD LDS objects

Before starting the restore job, you should review information on finding and viewing specific data to restore, as well as on details on restore options and restore jobs.

See About restoring data.

When you restore Active Directory and ADAM/AD LDS objects from tape, you must specify an on-disk staging location where the objects will be placed prior to being restored. The staging location must be a path on a local NTFS volume on the media server running the restore job and the Backup Exec service account must also have access to it.

Note:

If you previously defined a default staging location in the option, Path on an NTFS volume that is local to the media server for temporary storage of restore data under Tools > Options > Restore, you can override the default by specifying an alternate staging location for each Active Directory and ADAM/AD LDS restore job by entering a path in the Advanced node found under Settings on the Restore Job Properties pane.

System volumes should not be used as a staging location because of the potentially large file sizes that are created on the disk specified in the staging location path.

Because restoring objects from tape requires the creation of a staging location, restoring from tape requires more time than if you are restoring from disk.

By default, ADRA restores deleted Active Directory or ADAM/AD LDS objects from the Active Directory Deleted Objects container if their tombstone lifetimes have not passed.

When objects in Active Directory are deleted, they are removed from their current Active Directory or ADAM/AD LDS container, converted into tombstones, and then placed in the Active Directory Deleted Objects container where their tombstone lifetime is monitored. After their tombstone lifetime passes, the tombstones are purged from the Active Directory Deleted Objects container, which permanently deletes the objects from the Active Directory and ADAM/AD LDS databases.

Following are requirements for backup and restore operations when an Active Directory or ADAM/AD LDS backup is enabled for the restore of individual items:

Table: Requirements for backup and restore operations for Active Directory or ADAM/AD LDS

Item

Description

If the destination device for the backup job is a backup-to-disk folder

Backup-to-disk folders provide the most efficient method of storage for GRT-enabled backups. You must create a temporary hard disk staging location on a local NTFS volume to restore individual items from GRT-enabled backups on tape. The data is first copied from tape to the temporary staging location before it can be restored. As such, a restore from tape takes more time. For best results, you should specifically select the backup-to-disk folder you want to use for your GRT-enabled backup jobs when you set them up.

If you create full backups

The full job templates must be in a policy, and must have a backup-to-disk folder as the destination device.

If you run only a full backup of the Active Directory or ADAM/AD LDS, the full job template does not have to be in a policy.

See Creating a new policy.

If you restore individual items from an Active Directory or ADAM/AD LDS backup set that is on a device other than a backup-to-disk folder

Backup Exec must temporarily stage the entire database to a path on an NTFS volume on the media server to extract individual items. You must specify this path.

When restoring Active Directory user objects, you must reset the object's user password and then re-enable the object's user account. For ADAM/AD LDS user objects, you must reset the object's user password and then re-enable the object's user account. For Active Directory user objects, use the Microsoft Active Directory Users and Computers application. For ADAM/AD LDS user objects, use ADSI Edit.

For Active Directory computer objects, you must reset the object's account.

See Resetting the Active Directory computer object and the computer object account.

ADRA does not support reanimation of objects from the Active Directory Deleted Objects container on a Windows 2000 domain controller. It is recommended that individual restores of deleted objects be done by a Backup Exec Remote Agent on a Windows 2003 domain controller, if one exists in the same domain. If a Windows 2003 domain controller is not available in the domain, deleted objects can only be restored using an agent on a Windows 2000 domain controller if the Recreate deleted object check box is checked.

Note:

Some objects in the Active Directory Configuration Partition node cannot be reanimated from the Active Directory Deleted Objects container. However, recreated objects may not be recognized by some applications.

For more information, see your Microsoft Active Directory documentation.

See About inventorying media

See Creating a new catalog

See Restoring individual objects from an Active Directory backup

See About recreating purged Active Directory and ADAM/AD LDS objects

See Restoring individual objects from an ADAM/AD LDS backup

See Resetting the Active Directory computer object and the computer object account


Legacy ID



id-SF700168626_be2010_adm


Article URL http://www.symantec.com/docs/HOWTO23305


Terms of use for this information are found in Legal Notices