Additional Tasks for Authoritatively Restoring the Entire Active Directory Datab

H

Henri

Hello all,

Can anyone please clarify the following notes? I don't
have any practical experience on this topic. The question
is why do we need to do these additional tasks, if the
system state data include sysvol? What does it mean by
after the SYSVOL share is published? Does it mean on the
alternate location? I will appreciate any guidance.

Start of note.

Additional Tasks for Authoritatively Restoring the Entire
Active Directory Database
When you authoritatively restore the entire Active
Directory database, you also must perform an additional
procedure involving the SYSVOL directory. This is
necessary to ensure the integrity of the computer's group
policy. To ensure the proper elements are authoritatively
restored, you must also:
· Copy the SYSVOL directory on the alternate
location over the existing one after the SYSVOL share is
published.
When you authoritatively restore a portion of the Active
Directory database (including policy objects), you also
must perform an additional procedure involving the SYSVOL
directory. To ensure the proper elements are
authoritatively restored, you must also:
· Copy only policy folders (identified by the GUID)
corresponding to the restored Policy objects from the
alternate location after the SYSVOL share is published.
Then, copy them over the existing ones.
When authoritatively restoring either the entire Active
Directory database or selected objects, it is important
that you copy the SYSVOL and policy data from the
alternate location after the SYSVOL share is published. If
the computer is in a replicated domain, it may take
several minutes before the SYSVOL share is published
because it needs to synchronize with its replication
partners. If all computers in the domain are
authoritatively restored and restarted at the same time,
then each will be waiting (indefinitely) to synchronize
with each other. In this case, restore one of the domain
controllers first so that its SYSVOL share can be
published; then restore the other computers
nonauthoritatively.
 
M

Mike Aubert

The question is why do we need to do these additional tasks, if the system
state data include sysvol?

SYSVOL is part of the system state backup. However, when you restore a
domain controller from backup (using the default options), the domain
controller performs a full re-sync of the SYSVOL folder (from an existing
domain controller in the domain) the next time you restart the server in
normal mode. The data that you restored is moved to a temporary location
(NtFrs_PreExisting___See_Event-Log).
What does it mean by after the SYSVOL share is published?

Put simply, it means once the domain controller has had a chance to fully
replicate the SYSVOL folder. Until SYSVOL has been replicated, the system
prevents the server from acting as a domain controller. You can check the
File Replication Service event log for an event that says "The File
Replication Service is no longer preventing the computer DC_NAME from
becoming a domain controller." to determine this.
Does it mean on the alternate location?

No, it means the actual SYSVOL folder.

------------------------------------------------------------------
Mike Aubert
MCSE, MCSD, MCDBA
(e-mail address removed)

Note the "news2" in my email address is temporary and may be changed in the
future, remove it to email me at my Permanente address.
This posting is provided "AS IS" with no warranties, and confers no rights.


Hello all,

Can anyone please clarify the following notes? I don't
have any practical experience on this topic. The question
is why do we need to do these additional tasks, if the
system state data include sysvol? What does it mean by
after the SYSVOL share is published? Does it mean on the
alternate location? I will appreciate any guidance.

Start of note.

Additional Tasks for Authoritatively Restoring the Entire
Active Directory Database
When you authoritatively restore the entire Active
Directory database, you also must perform an additional
procedure involving the SYSVOL directory. This is
necessary to ensure the integrity of the computer's group
policy. To ensure the proper elements are authoritatively
restored, you must also:
· Copy the SYSVOL directory on the alternate
location over the existing one after the SYSVOL share is
published.
When you authoritatively restore a portion of the Active
Directory database (including policy objects), you also
must perform an additional procedure involving the SYSVOL
directory. To ensure the proper elements are
authoritatively restored, you must also:
· Copy only policy folders (identified by the GUID)
corresponding to the restored Policy objects from the
alternate location after the SYSVOL share is published.
Then, copy them over the existing ones.
When authoritatively restoring either the entire Active
Directory database or selected objects, it is important
that you copy the SYSVOL and policy data from the
alternate location after the SYSVOL share is published. If
the computer is in a replicated domain, it may take
several minutes before the SYSVOL share is published
because it needs to synchronize with its replication
partners. If all computers in the domain are
authoritatively restored and restarted at the same time,
then each will be waiting (indefinitely) to synchronize
with each other. In this case, restore one of the domain
controllers first so that its SYSVOL share can be
published; then restore the other computers
nonauthoritatively.
 
H

Henri

Very well put. Thank you Mike,


Henri
-----Original Message----- tasks, if the system
state data include sysvol?

SYSVOL is part of the system state backup. However, when you restore a
domain controller from backup (using the default options), the domain
controller performs a full re-sync of the SYSVOL folder (from an existing
domain controller in the domain) the next time you restart the server in
normal mode. The data that you restored is moved to a temporary location
(NtFrs_PreExisting___See_Event-Log).
published?

Put simply, it means once the domain controller has had a chance to fully
replicate the SYSVOL folder. Until SYSVOL has been replicated, the system
prevents the server from acting as a domain controller. You can check the
File Replication Service event log for an event that says "The File
Replication Service is no longer preventing the computer DC_NAME from
becoming a domain controller." to determine this.


No, it means the actual SYSVOL folder.

---------------------------------------------------------- --------
Mike Aubert
MCSE, MCSD, MCDBA
(e-mail address removed)

Note the "news2" in my email address is temporary and may be changed in the
future, remove it to email me at my Permanente address.
This posting is provided "AS IS" with no warranties, and confers no rights.


Hello all,

Can anyone please clarify the following notes? I don't
have any practical experience on this topic. The question
is why do we need to do these additional tasks, if the
system state data include sysvol? What does it mean by
after the SYSVOL share is published? Does it mean on the
alternate location? I will appreciate any guidance.

Start of note.

Additional Tasks for Authoritatively Restoring the Entire
Active Directory Database
When you authoritatively restore the entire Active
Directory database, you also must perform an additional
procedure involving the SYSVOL directory. This is
necessary to ensure the integrity of the computer's group
policy. To ensure the proper elements are authoritatively
restored, you must also:
· Copy the SYSVOL directory on the alternate
location over the existing one after the SYSVOL share is
published.
When you authoritatively restore a portion of the Active
Directory database (including policy objects), you also
must perform an additional procedure involving the SYSVOL
directory. To ensure the proper elements are
authoritatively restored, you must also:
· Copy only policy folders (identified by the GUID)
corresponding to the restored Policy objects from the
alternate location after the SYSVOL share is published.
Then, copy them over the existing ones.
When authoritatively restoring either the entire Active
Directory database or selected objects, it is important
that you copy the SYSVOL and policy data from the
alternate location after the SYSVOL share is published. If
the computer is in a replicated domain, it may take
several minutes before the SYSVOL share is published
because it needs to synchronize with its replication
partners. If all computers in the domain are
authoritatively restored and restarted at the same time,
then each will be waiting (indefinitely) to synchronize
with each other. In this case, restore one of the domain
controllers first so that its SYSVOL share can be
published; then restore the other computers
nonauthoritatively.



.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top