JSI Tip 3512. Backup of the Active Directory Has 60-Day Useful Life?

Microsoft Knowledge Base Article 216993 contains the following summary:

Windows Backup, the backup tool included in the Administrative Tools folder on Windows 2000 servers, can back up and restore the Active Directory on Windows 2000 domain controllers. These backups can be performed while the domain controller is online. You can restore these backups only when the domain controller is booted into Directory Services Restore mode using the F8 key when the server is starting.

If a non-authoritative restore is performed using Backup, the domain controller will contain the settings and entries that existed in the Domain, Schema, Configuration, and optionally the Global Catalog Naming Contexts when the backup was performed. Partial synchronization (replication) from other replicas within the enterprise then update all naming contexts hosted on the domain controller, overwriting the restored data.

For additional information about authoritative and non-authoritative restores, please see the following article in the Microsoft Knowledge Base:
216243 Authoritative Restore of Active Directory and Impact on Trusts and Computer Accounts
Windows 2000 prohibits the restoring of old backup images into a replicated enterprise. Specifically, the useful life of a backup is identical to the "tombstone lifetime" setting for the enterprise. The default value for the tombstone lifetime entry is 60 days. This value can be set on the Directory Service (NTDS) config object.



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish