Академический Документы
Профессиональный Документы
Культура Документы
Server 2008
Gil Kirkpatrick
AT A GLANCE:
Copy Code
C:\> servermanagercmd -install Backup-Features
Windows Server Backup is composed of two sub-features, Windows Server Backup and Command-line Tools. Note
that Command-line Tools refers to a set of Windows PowerShellTM cmdlets—not the WBADMIN .EXE command-line
tool. Thus, if you choose to install both sub-features, you must install the Windows PowerShell feature.
After installing Windows Server Backup, you can find the Microsoft Management Console (MMC) snap-in under the
Storage node in Server Manager and on the Administrative Tools menu. If you are installing Windows Server
Backup on a Windows Server 2008 Server Core installation, use the OCSETUP command (it's important to note
that the OCSETUP command is case-sensitive):
Copy Code
C:\> ocsetup WindowsServerBackup
A complete description of the installation process is available at go.microsoft.com/fwlink/?LinkId=113146.
Note that Windows Server Backup can't restore images created with NTBACKUP. For this unlikely scenario,
Microsoft has made available a downloadable version of NTBACKUP for Windows Server 2008 (see
go.microsoft.com/fwlink/?LinkId=113147).
(WBADMIN.EXE)
Splitting the application into a client and a service has several advantages, the most important being increased
reliability. Whether you start a backup from either the MMC client or the command-line interface, the WBENGINE
service is doing the heavy lifting. The client programs just report the status of the backup. Thus, terminating the
client will not result in a half-baked backup. The client will stop and the service will continue to completion. Of
course, if you really want to stop the backup, you can, but you must do so explicitly.
The other advantage of this split architecture is that you can use the client to manage backups on remote
machines. This is particularly nice when you have to back up Windows Server 2008 Core machines.
Windows Server Backup supports bare-metal restores using the Windows Recovery Environment, or WinRE, which
comes on the Windows Server 2008 installation media. WinRE simplifies the process of recovering a server from
scratch. I will discuss performing a bare-metal restore later in this article. It's worth mentioning that Windows
Server Backup supports several Group Policy settings for managing backups—these are outlined in the "Group
Policy Settings" sidebar.
Figure 1 Disable incremental backups on busy volumes (Click the image for a larger view)
When the backup is complete, Windows Server Backup takes a snapshot of the target volume (assuming you are
backing up to a locally attached hard disk). During the next backup, the target VHD files are overwritten. But since
Volume Shadow Copy Service is maintaining shadow copies of the target volume, there are, in effect, multiple
versions of each VHD file corresponding to each of the full backups. You essentially get multiple full backups for
the cost of one full backup and the changed blocks.
Copy Code
C:\> wbadmin start systemstatebackup
–backuptarget:e:
WBADMIN will then back up the critical system files and application databases to the target volume, in a folder
reserved for system state backups. The system state backup on a 32-bit Windows Server 2008 domain controller
(DC) with a default directory information tree (DIT) runs a little more than 6GB—this is more than 5GB larger than
on Windows Server 2003 due in part to the fact that Windows Server Backup is capturing core OS files that
NTBACKUP didn't.
The time required to back up the system state is also greater, as you would expect. These initial numbers, of
course, are based on a pre-release version of the OS. You'll certainly need to test this in your own environment,
but it's likely that you'll need to plan for larger system state backups (and longer backup times) when you move
your domain controllers to Windows Server 2008.
Figure 2 Windows Server Backup MMC (Click the image for a larger view)
As you can see in Figure 3, I can choose whether to back up all the volumes on the server or back up just the
specific volumes that I choose. If I select Full server, Windows Server Backup will back up all mounted volumes,
but I won't have the option of backing up to a mounted hard drive—instead, I will have to back up to a recordable
DVD or to a network share.
Figure 3 Using the backup configuration dialog to specify all or select volumes (Click the
image for a larger view)
In this example, I want to back up to a local hard drive, so I select the Custom option. A dialog then lets me select
the volumes to back up (see Figure 4). By default, Windows Server Backup checks the Enable system recovery
box, which causes Windows Server Backup to select the boot volume, the OS volume, and any other volumes with
critical system files and application databases. On a DC, this includes the volumes hosting SYSVOL, the Active
Directory DIT, and Active Directory logs. This is the equivalent of a system state backup but it backs up all the
critical volumes, not just the critical files on those volumes. In fact, I even have the ability to perform a system
state recovery from a system recovery backup set.
Figure 4 Selecting specific volumes to back up (Click the image for a larger view)
After I select the destination type (local drive or network share) and specify the destination, Windows Server
Backup prompts me to select either a "VSS copy" backup or a "VSS full" backup. The terminology is a little
confusing, as both options will back up the selected volumes in their entirety. The difference lies in the way
Windows Server Backup handles the source files after they've been backed up. If you select the copy option,
Windows Server Backup will leave the backed up files alone. If you choose the full option, Windows Server Backup
will then reset the archive.
Figure 5 Specifying when daily backups should occur (Click the image for a larger view)
After selecting the times at which I want the backup to occur, I can select the volume (or volumes) to which I want
to back up. In this case, I select the backup volume E:, as shown in Figure 6. Windows Server Backup tries to
select an appropriate target volume for you, but if it happens that the disk you want to back up to doesn't appear,
you can use the Show All Available Disks button to view all attached disk devices. After going through a couple of
"confirm" dialogs, Windows Server Backup formats the target volume(s) and schedules the backup task using the
Windows Task Scheduler.
Figure 6 Specifying the destination disk for a scheduled backup (Click the image for a larger
view)
Each time a scheduled backup is completed, Windows Server Backup takes a snapshot of the target volume. And
every seven days, it creates a new base image. Activity is logged in the Microsoft/Backup/Operational log. You can
check there to see if your backups completed successfully; you can also associate a task, such as sending an e-
mail message, with the success and failure events so you will always know the status of your scheduled backups.
Figure 8 Specifying system recovery options (Click the image for a larger view)
After you select the operating system you want to repair (there is typically only one choice), WinRE allows you to
select the backup from which you want to restore. By default, WinRE selects the most recent complete system
backup, but you can specify other backups stored on local disks or search the network for backups that are stored
on file shares on other servers.
In my example, I select the most recent complete system backup. The next dialog (shown in Figure 9) lets me
format and repartition all the disks before they are restored. This is an appropriate option if the problem you are
recovering from was caused by some sort of disk failure or if you've replaced one or more disk drives in the server.
Figure 9 You can easily format and repartition disks before they're restored (Click the
image for a larger view)
After a couple of confirming dialogs, WinRE starts the restore process and the server reboots. This is a pretty
painless way to perform a bare-metal recovery on a server.
Copy Code
C:\> bcdedit /set safeboot dsrepair
This will set the safeboot option for the default boot loader entry. In a fresh Windows Server 2008 installation,
there is only one boot loader entry, WINLOAD.EXE. To remove the safeboot option and reboot in normal mode, use
this command:
Copy Code
C:\> bcdedit /deletevalue safeboot
To make things a little easier for yourself, you can configure two bootloader entries on your DCs—one for a normal
boot and one for a DSRM boot. This way, you can change the boot options using the Startup and Recovery settings
dialog available under System Settings. To add a new bootloader entry, use this command:
Copy Code
C:\> bcdedit /copy {default}
/d "Directory Service Repair Mode"
This action will create a new bootloader entry by copying the default bootloader entry. BCDEDIT will display
something like this:
Copy Code
The entry was successfully copied to
{c50d4710-a1f0-11dc-9580-0003ff402ae9}.
The GUID identifies the new entry. Then use this command to set the safeboot option for the new bootloader entry
in the BCD:
Copy Code
C:\> bcdedit /set {<GUID for new entry>}
safeboot dsrepair
You can now switch from normal boot mode to DSRM boot mode using the Startup and Recovery settings (see
Figure 10).
Copy Code
C:\> wbadmin get versions
WBADMIN will then display the backup versions in a form similar to the info shown in Figure 11. Note that each
backup has a backup time, backup target, a version identifier (which, by the way, is the time and date the backup
was started in Universal Mean Time), and a list of the types of recovery operations the backup can support.
Figure 11 Identify backups available for recovery
Copy Code
wbadmin 1.0 - Backup command-line tool
(C) Copyright 2004 Microsoft Corp.
Backup time: 11/30/2007 3:47 PM
Backup target: Fixed Disk labeled E:
Version identifier: 11/30/2007-22:47
Can Recover: Application(s), System State
Backup time: 12/1/2007 10:46 PM
Backup target: Fixed Disk labeled Backup(E:)
Version identifier: 12/02/2007-05:46
Can Recover: Volume(s), File(s), Application(s), Bare Metal Recovery, System State
Backup time: 12/2/2007 5:58 PM
Backup target: Fixed Disk labeled Backup(E:)
Version identifier: 12/03/2007-00:58
Can Recover: Volume(s), File(s), Application(s), Bare Metal Recovery, System State
Backup time: 12/3/2007 11:25 AM
Backup target: Fixed Disk labeled E:
Version identifier: 12/03/2007-18:25
Can Recover: Application(s), System State
In this case, I select the most recent backup and start the system state restore with this WBADMIN command:
Copy Code
C:\> wbadmin start systemstaterecovery
–version:12/03/2007-18:25
This will perform a non-authoritative restore. If you want to perform an authoritative restore of the SYSVOL, you
can just mark the restored SYSVOL replica as being authoritative by adding the authsysvol option to the WBADMIN
command. For more information on this process, see go.microsoft.com/fwlink/?LinkId=113152.
Copy Code
ntdsutil: snapshot
snapshot: activate instance ntds
Active instance set to "ntds".
snapshot: create
Creating snapshot...
Snapshot set {42c44414-c099-4f1e-8bd8-4453ef2534a4} generated successfully.
snapshot: quit
ntdsutil: quit
This sequence of NTDSUTIL commands creates a Volume Shadow Copy Service snapshot of the volumes that
contain the Active Directory DIT, logs, and SYSVOL. Even though Active Directory is still being updated, Volume
Shadow Copy Service uses a copy-on-write strategy to make sure that the snapshots you've taken are properly
maintained. Note that the snapshots are not a complete copy of the DIT. They are really just a collection of disk
blocks in the DIT that have been modified since the snapshot was taken. By combining these blocks with the
current copy of the DIT, VSS can present the Active Directory DIT just as it appeared at the time of the snapshot.
Figure 12 shows how to delete old or unneeded snapshots.
Figure 12 Delete unneeded snapshots
Copy Code
C:\> ntdsutil
ntdsutil: snapshot
snapshot: list all
1: 2007/12/03:23:18 {42c44414-c099-4f1e-8bd8-4453ef2534a4}
2: C: {c0dd71ba-5bcd-4daf-9fbb-5cfbdd168022}
3: D: {2bbd739f-905a-431b-9449-11fba01f9931}
snapshot: delete 1
Snapshot {c0dd71ba-5bcd-4daf-9fbb-5cfbdd168022} mounted as
C:\$SNAP_200712032318_VOLUMEC$\
Snapshot {2bbd739f-905a-431b-9449-11fba01f9931} mounted as
C:\$SNAP_200712032318_VOLUMED$\
snapshot: quit
ntdsutil: quit
C:\>
Copy Code
C:\> ntdsutil
ntdsutil: snapshot
snapshot: list all
1: 2007/12/03:23:18 {42c44414-c099-4f1e-8bd8-4453ef2534a4}
2: C: {c0dd71ba-5bcd-4daf-9fbb-5cfbdd168022}
3: D: {2bbd739f-905a-431b-9449-11fba01f9931}
snapshot: mount 1
Snapshot {c0dd71ba-5bcd-4daf-9fbb-5cfbdd168022} mounted as
C:\$SNAP_200712032318_VOLUMEC$\
Snapshot {2bbd739f-905a-431b-9449-11fba01f9931} mounted as
C:\$SNAP_200712032318_VOLUMED$\
snapshot: quit
ntdsutil: quit
C:\>
The "list all" command lists all the available Active Directory snapshots that are currently being maintained by
Volume Shadow Copy Service. The "mount 1" command mounts the selected snapshots of the Active Directory DIT
and log volumes and makes them available in the file system. They are located at
C:\$SNAP_200712032318_VOLUMEC$\ and C:\$SNAP_200712032318_VOLUMED$\.
If you look in these folders, you'll see the entire contents of those volumes as they were when the snapshot was
taken. Note, however, that the mounted snapshots are read-only—meaning you can't modify any of the files in the
mounted snapshot.
Copy Code
C:\> dsamain –dbpath
c:\$snap_200712032318_volumed$\ntds\dit
\ntds.dit -ldapport 10000
This mounts the ntds.dit file located in the c:\$snap_200712032318_volumed$\ntds\dit folder and makes it
available to LDAP operations on TCP port 10000 (or whatever open port you specify). DSAMAIN will open the
LDAPS port (the port used for LDAP over Secure Sockets Layer) on the port you specified plus one (in this case,
10001), the GC port (the port used for global catalog connections) on the port you specified plus two (10002), and
the GCS (Global Catalog over Secure Sockets Layer) port on the port you specified plus three (10003).
You can use any LDAP program (such as LDP) to access the mounted DIT on the specified port. But in Windows
Server 2008, Active Directory Users and Computers (ADUC), Sites and Services, and Domains and Trusts, as well
as ADSIEDIT, have all been modified to allow you to connect them to a DIT mounted using DSAMAIN. If you right-
click on the top-level node in the navigation pane of any ADUC and select Change Domain Controller, you will see
the dialog box shown in Figure 14. If you simply type the name or IP address of the server hosting the mounted
snapshot, along with the port (in my example, localhost:10000), ADUC will connect to the mounted snapshot,
allowing you to browse the contents of the directory as it existed at the time of the snapshot. Pretty amazing, isn't
it?
Figure 14 Connecting Active Directory users and computers to a mounted snapshot (Click
the image for a larger view)
Being able to access directory data in this way makes many kinds of data recovery tasks much easier than they
used to be. For instance, to recover a deleted object from a backup formerly required that you perform a non-
authoritative restore of the backup on an existing DC and then perform an authoritative restore of the deleted
object. And if the backup you restored didn't have the correct data, you had to start all over again with a different
backup. Now, using tombstone reanimation and snapshots, you can quickly find and recover deleted data, and you
don't even have to take the domain controller offline to do it.
There are some limitations, however. For instance, each active snapshot increases the disk I/O associated with
write operations to the directory, so you probably shouldn't have more than one or two snapshots active at any
point in time on a production DC. Also, the longer you keep snapshots active, the larger the Volume Shadow Copy
Service delta store becomes—this can also affect performance. And, of course, simply recovering a deleted object
is only the first part of the recovery problem. You will probably have to recover the object's linked attributes, such
as group memberships, as well. But even in this case, the snapshot can help you identify all the groups the
deleted object was a member of.
Gil Kirkpatrick is the CTO at NetPro and has been developing software for Active Directory since 1996. Along with
Guido Grillenmeier from HP, he delivers the popular Active Directory Disaster Recovery workshops. Gil is also the
founder of the Directory Experts Conference (see www.dec2008.com).