Tài liệu Module 10: Implementing Disaster Recovery docx

Lab A: Implementing Disaster Recovery for Active Directory and Windows 2000 Prepare students for the lab in which they will install and use a Recovery Console, restore the system state d

Contents

Recovering from Disasters in a

Restoring Active Directory Objects 12

Rebuilding a Network Server 15

Lab A: Implementing Disaster Recovery

for Active Directory and Windows 2000 16

Module 10:

Implementing Disaster Recovery

be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation If, however, your only means of access is electronic, permission to print one copy is hereby granted

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property

? ? 1999 Microsoft Corporation All rights reserved

Microsoft, Active Directory, PowerPoint, and Windows are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A and/or other countries

The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted

Other product and company names mentioned herein may be the trademarks of their resp ective owners

Project Lead and Instructional Designer: Mark Johnson

Instructional Designers :Aneetinder Chowdhry (NIIT Inc.), Kathryn Yusi

(Independent Contractor)

Lead Program Manager: Ryan Calafato

Program Manager: Joern Wettern (Wettern Network Solut ions)

Graphic Artist: Julie Stone (Independent Contractor)

Editing Manager: Tina Tsiakalis

Substantive Editor: Kelly Baker (Write Stuff)

Copy Editor: Wendy Cleary (S&T OnSite)

Online Program Manager: Nikki McCormick

Online Support: Arlo Emerson (MacTemps)

Compact Disc Testing: Data Dimensions, Inc

Production Support: Arlene Rubin (S&T OnSite)

Manufacturing Manager: Bo Galford

Manufacturing Support: Mimi Dukes (S&T OnSite)

Lead Product Manager, Development Services: Elaine Nuerenberg

Lead Product Manager: Sandy Alto

Group Product Manager: Robert Stewart

Introduction

This module provides students with the knowledge and skills to repair member servers and domain controllers and recover data if a network disaster should occur Students will learn how to use advanced startup options and the Recovery Console Students will also learn how to restore Active Directory™

directory service and specific Active Directory objects

In the hands -on lab in this module, students will perform recovery procedures

on servers They will install the Recovery Console and use it to repair a system file They will restore the system state data on a domain controller (which includes Active Directory) Students will also restore specific Active Directory objects by performing an authoritative restore

Materials and Preparation

This section provides you with the materials and preparation needed to teach this module

Materials

To teach this module, you need the following materials:

?? Microsoft® PowerPoint® file 1558A_10.ppt

Preparation

To prepare for this module, you should:

?? Read all the materials for this module

?? Complete the lab

?? Study the review questions and prepare alternative answers to discuss

?? Anticipate questions that students may ask Write out the questions and provide the answers

?? Review Appendix F, Recovery Console Commands, on the Student

Materials compact disc

Presentation:

45 Minutes

Lab:

45 Minutes

Module Strategy

Use the following strategy to present this module:

?? Recovering from Disasters in a Windows 2000 Network

In this topic, you will introduce the methods for disaster recovery in a Microsoft Windows® 2000 network, including a high- level overview of the different types of recovery that can occur Emphasize the importance

of quickly recovering from disasters so that network resources are always available

?? Repairing a Network Server

In this topic, you will explain the different methods to use to repair a server, including a domain controller First, present information on advanced startup options Emphasize that advanced startup options disable certain parts of Windows 2000 so that an administrator can bypass a problem and start Windows 2000 When presenting the options and their descriptions, be sure also to present the reasons that an administrator would select a

particular option Next, present information on the Recovery Console Emphasize that it is a minimal version of Windows 2000 that also contains the command that an administrator can use to repair servers If time permits, start the Recovery Console and show students the commands Finally, present information on the system state data Emphasize that it defines the configuration of the operating system on a computer

?? Restoring Active Directory

In this topic, present information on restoring Active Directory on a domain controller Mention that when you restore the system state data, you restore Active Directory and the Sysvol folder Emphasize that Active Directory cannot be running when you restore Active Directory files

?? Restoring Active Directory Objects

In this topic, present information on restoring individual Active Directory objects First, present information on an authoritative restore Define it and explain how it is used Emphasize that by marking Active Directory objects

as authoritative, the objects are assigned the highest update sequence number (USN) in Active Directory Next, present the steps for performing

an authoritative restore Emphasize that an administrator must not restart the

domain controller after restoring the system state data and before starting Ntdutil.exe If an administrator did restart the domain controller, replication would probably change the object just restored

?? Rebuilding a Network Server

In this topic, present the method for rebuilding a network server This topic provides a checklist to organize the different steps required for rebuilding a server Different courses in the Microsoft Official Curriculum (MOC) present the detailed content for these steps These courses include course

1556A, Administering Microsoft Windows 2000, course 1557A, Installing

and Configuring Microsoft Windows 2000, and this course, 1558A, Advanced Administration for Microsoft Windows 2000

?? Lab A: Implementing Disaster Recovery for Active Directory and Windows 2000

Prepare students for the lab in which they will install and use a Recovery Console, restore the system state data on a domain controller, and perform

an authoritative restore Make sure that students run the command file for the lab, and tell them that they will work with their partners’ computers After students have completed the lab, ask them whether they have any questions

?? Best Practices Present best practices for implementing disaster recovery

Important

Important

Overview

?Recovering from Disasters in a Windows 2000 Network

?Repairing a Network Server

?Restoring Active Directory

?Restoring Active Directory Objects

?Rebuilding a Network Server

?Best Practices

Disaster recovery involves the efforts by administrators to reduce the time that a computer is nonfunctional in the event of a network disaster Network disasters can be caused by power outages, virus attacks, fires, and hardware and software failures A nonfunctioning server or domain controller is particularly damaging

to your organization because your network resources, including Active Directory™ directory service, reside on them Microsoft® Windows® 2000 provides you with alternative methods for starting network computers that you are unable to start by using the normal methods, as well as the means to repair servers and restore critical system data after startup

At the end of this module, you will be able to:

?? Identify the methods that Windows 2000 provides to help you recover from network disasters

?? Repair a network server, including a domain controller

?? Restore Active Directory by restoring the system state data for a domain controller

?? Restore Active Directory objects by performing an authoritative restore

?? Identify the steps for rebuilding a network server

?? Apply best practices for implementing disaster recovery

recovering from system

failure and minimizing the

impact of system failure on

your network

Recovering from Disasters in a Windows 2000 Network

Advanced Startup Options

Recovery Console Restoring System State Data

Restoring System State Data

Restore Active Directory

Restore Active Directory

Restore Active Directory

Restore Active Directory Objects

?? Repair a server When a server does not start properly, Windows 2000

provides you with two methods for restarting and repairing it These methods include the advanced startup options (which allow you to start Windows 2000 so that you can repair it) and the Recovery Console (which allows you to start and repair Windows 2000) Windows 2000 also provides you with the ability to restore the system state data (the configuration information for a computer) by using Windows Backup

?? Restore Active Directory When Active Directory is corrupted or deleted,

Windows 2000 provides you with the ability to restore the entire Active Directory, as it is part of the system state data

?? Restore Active Directory objects When Active Directory objects are

changed or deleted, Windows 2000 provides you with the ability to restore individual Active Directory objects from a backup

?? Rebuild a server When hardware or software problems prevent a member

server or domain controller from starting or running Windows 2000, you can completely rebuild the computer and restore Windows 2000 it to its previous functioning state This includes setting up the hard disk and

reinstalling the operating system, its configuration, and its lost data

Slide Objective

To explain the different

tasks that an administrator

can perform to recover from

a network disaster

Lead-in

Windows 2000 minimizes

downtime for network

computers and the

resources that reside on

them by providing you with

the capability to recover

from the different types of

network disasters that may

occur in your network

Do not go into detail on this

topic, because the content

will be covered in

following topics

? Repairing a Network Server

?Using Advanced Startup Options

?Using the Recovery Console

?Using Windows Backup to Restore the System State Data

You need to repair a failed server that does not start as soon as pos sible so that the resources stored on the server are not lost or made unavailable to users for extended periods Any downtime caused by a failed server reduces the productivity of your organization Windows 2000 provides several methods and utilities to repair a failed server, including the use of alternative startup methods when a normal startup fails

Windows 2000 provides you

with the means to start the

server and then repair the

server so that critical

resources are not lost or

made unavailable for an

extended period

Using Advanced Startup Options

Enable Boot Logging

Enable Boot Logging Creates a log file that references the device driver and system servicesCreates a log file that references the device driver and system services

Safe Mode

Safe Mode Loads basic services and drivers

Safe Mode with Networking

Safe Mode with Networking Enables networking and loads basic services and drivers

Safe Mode with Command Prompt

Safe Mode with Command Prompt Starts a command prompt instead of the graphical user interface and loads basic services and drivers

Starts a command prompt instead of the graphical user interface and loads basic services and drivers

Enable VGA Mode

Enable VGA Mode Loads the basic VGA driver

Last Known Good Configuration

Last Known Good Configuration Uses the last good configuration to start the computer

Directory Services Restore Mode

Directory Services Restore Mode Allows you to start Windows 2000 on a domain controllerwithout starting Active DirectoryAllows you to start Windows 2000 on a domain controllerwithout starting Active Directory

To display the advanced startup options, press F8 when Windows 2000 displays the boot loader menu during startup (which prompts you to select an operating system)

The following table describes each Windows 2000 advanced startup option and when to select a specific option

Option Description Select when Enable Boot

Logging

Creates a log file that references all

of the device drivers and system services that the system loads (or does not load) This log file (Ntbtlog.txt) is located in the

systemroot folder (by default,

C:\Winnt)

You can start Windows 2000, but problems occur during startup Reviewing this log file will help you diagnose startup problems

Safe Mode Loads only the basic services and

drivers that are required to start the computer, including the mouse, keyboard, mass storage device drivers, base video, and the standard, default set of system services This allows you to bypass nonessential services and drivers This option also creates a Ntbtlog.txt log file

A nonessential service or driver does not function correctly and prevents Windows 2000 from starting

Slide Objective

To describe the different

advanced startup options

Lead-in

If you cannot start a server

running Windows 2000

Server normally, you can

use one of the advanced

startup options to start the

server so that you can repair

the problem

Discuss the advanced

startup options Be sure to

explain to students when to

use each option

Mention to students that

they will be able to use the

advanced startup options in

the lab

Key Points

Each advanced startup

option disables specific

parts of Windows 2000 By

disabling a particular part of

the operating system, an

administrator can bypass a

problem and start

Windows 2000

After Windows 2000 starts,

the administrator can repair

the problem

The Ntbtlog.txt file is a log

file that can be created by

using different advanced

startup options

(continued)

Option Description Select when Safe Mode

with Networking

Enables networking in addition to loading what Safe Mode loads This option creates a Ntbtlog.txt log file

The conditions for Safe Mode exist, but you also need network access (for example, to connect to a shared folder on another computer)

Safe Mode with Command Prompt

Starts a command prompt instead of the graphical user interface in addition to loading what Save Mode loads This option creates a

Ntbtlog.txt log file

Problems related to graphical user interface prevent Windows 2000 from starting successfully

Enable VGA Mode

Windows 2000 from starting

Last Known Good Configuration

Uses the last good configuration information in the registry to start the computer

Selecting this option will result in Windows 2000 replacing the

HKEY_LOCAL_MACHINE\

SYSTEM\CurrentControlSet

registry key with a version that represents the last know good configuration

A configuration change that you made prevents the operating system from starting

Directory Services Restore Mode

Allows you to start Windows 2000 on

a domain controller without starting Active Directory You can then restore and maintain Active Directory (and restore the Sysvol folder) You can only repair or restore Active Directory if it is offline

You need to restore Active Directory

Debugging Mode

Sends debugging information through the serial port to another computer

When other startup options

do not allow you to fix the problem This option should only be used by individuals who have the technical skills to do advanced troubleshooting or who are following the instructions of

a technical support professional

The Safe Mode and Safe Mode with Command Prompt options do not

function on a domain controller These two options do not start the Net Logon service, which must be running in order for you to log on using a user account

in Active Directory

Note

Using the Recovery Console

?The Recovery Console:

? Is a minimal version of the Windows 2000 operating systemthat you can use when all other startup options fail

? Contains commands to perform a variety of repair tasks

?Install the Recovery Console from a Windows 2000 Compact Disc Before You Need to Use It

?Start the Installed Recovery Console:

? By logging on using a local Administrator account

? From the Boot Loader menu

The Recovery Console is a minimal version of the Windows 2000 operating system that you can use to start Windows 2000 when all other startup options fail The minimal set of commands that the Recovery Console contains provides you with the ability to repair damaged system components (a damaged boot sector, for example) that prevent you from starting the computer in any other manner You use the Recovery Console to perform the following repair tasks:

?? Enable and disable services that prevent Windows 2000 from starting

?? Read and write files on a local drive, including drives that are formatted with the NTFS file system (The Recovery Console recognizes and enforces NTFS permissions.)

?? Format hard disks

?? Repair a boot sector

?? Copy files and system files from a floppy disk or compact disc

For more information about the repair tasks that you can perform by using the Recovery Console, see appendix F, “Recovery Console Commands,”

on the course 1558A, Advanced Administration for Microsoft Windows 2000,

Student Materials compact disc

Slide Objective

To explain what the

Recovery Console is and

when to use it

Lead-in

If you cannot start

Windows 2000 normally or

by using the advanced

startup options, then you

can use the

Recovery Console

Delivery Tip

If time permits, demonstrate

starting and using the

Recovery Console Display

the list of commands

Key Points

The Recovery Console is a

minimal version of the

Windows 2000 operating

system that an administrator

can use to start a computer

when all other startup

options fail An administrator

can use the commands that

the Recovery Console

provides to repair

Windows 2000 An

administrator should install

this console before it

resides in a minimal local

user account database that

Window 2000 created

when you installed

Active Directory

Note

Installing the Recovery Console

You install the Recovery Console from a Windows 2000 compact disc You should install the Recovery Console before you need to use it so that it is on the hard disk when you need it

To install the Recovery Console, perform the following steps:

1 Start a command prompt and change to the I386 (or Alpha) folder on the Windows 2000 compact disc

2 At the command prompt type, winnt32 /cmdcons and press ENTER

3 Click Yes, and then click OK

Windows 2000 installs the Recovery Console in x:\Cmdcons, where x is the

drive on which Windows 2000 is installed

If you choose not to install the Recovery Console, or if it does not start because the partition on which you installed it is inaccessible, you can start the Recovery Console from the Windows 2000 compact disc Start the computer by using the Windows 2000 compact disc or Setup boot disks When prompted to choose whether you want to set up Windows 2000 or repair an existing installation, select to repair When prompted to choose whether you want to repair Windows 2000 by using the emergency repair process or the Recovery Console, select the Recovery Console

Using an Installed Recovery Console

When using the Recovery Console, you must log on using the local built-in Administrator account that resides in the local security database On a domain controller, this a minimal database that Windows 2000 creates when you install Active Directory This database contains only the Administrator user account that you use to perform repair tasks on a domain controller when Active Directory is not available (such as starting the Recovery Console) In the prerelease version of Windows 2000 that is included with this course, the password for the local Administrator user account on a domain controller

is blank

To start and use the installed Recovery Console, perform the following steps:

1 Start the computer, on the boot loader menu select Microsoft

Windows 2000 Command Console , and then press ENTER

2 Specify the installation of Windows 2000 to which you want to log on (even

on a computer with a single-boot configuration), and then press ENTER

3 Type the password for the local Administrator account (or on a domain controller, leave the password blank), and then press ENTER

4 At the command line, type help to display all of the commands available

You can use the commands that the console provides to repair the server For instructions on how to use a command, at the command line, type

Using Windows Backup to Restore the System State Data State Data

Restore the system state data by using Windows Backup

Restore the system state data by using Windows Backup

Start

?The System State Data Is a Collection of Data That Defines the Configuration of the Operating System

?The System State Data Includes:

controller

database on all computers

The system state data is a collection of data that defines the configuration of the operating system on a computer If accidental changes occur or if data is lost in any of the components that make up the system state data, you can restore it from a backup This action restores your computer’s configuration to a previously known good state

System state data on a computer includes the following:

?? Active Directory (only on domain controllers)

?? The Sysvol shared folder (only on domain controllers) The Sysvol folder is

a shared folder that contains Group Policy templates and logon scripts

?? The registry The registry is a database repository for information about the

computer’s configuration

?? System startup files The system startup files are required during the initial

startup phase of Windows 2000

?? Class registration database The class registration is a database of

information about Component Services applications

?? The Certificate Services database (if the server is operating as a certificate

server) The Certificate Services database contains certificates that Windows 2000 uses to authenticate users

To be able to restore the system state data successfully, you must have a recent backup of it You can back up the system state data by selecting it in Windows Backup For information about performing backups and restores on computers, see module 10, “Backing Up and Restoring Data,” in course 1556A,

Administering Microsoft Windows 2000 To restore the system state data on a

domain controller, you must use the Directory Services Restore Mode

advanced startup option

Slide Objective

To explain what system

state data is and how

to restore it

Lead-in

Because the system state

data is a collection of data

that defines the

configuration of the

operating system, you need

to restore it when it

is corrupted

Tell students what the

system state data includes

for member servers and

domain controllers

Mention to students that

information on restoring the

system state data for a

domain controller is covered

in the next topic

Tell students what a

Open Windows Backup,

start the Backup wizard, and

show students the option to

back up the system

state data

Key Points

The system state data is a

collection of data that

defines the configuration of

the operating system

The system state data of a

domain controller contains

Active Directory and the

Sysvol folder

To restore system state data on a computer other than a domain controller, perform the following tasks:

1 Restore the system state data by using Windows Backup

If Active Directory is running on a domain controller, you cannot copy over it and restore it The next topic provides information about restoring Active Directory

2 Restart the server

When you restore the system state data, Windows Backup erases the system state data that is currently on your computer and replaces it with the system state data that you are restoring Depending on how old the system state data is, you can lose configuration changes that you have recently made to the computer To minimize this problem, back up the system state data regularly

Warning

Restoring Active Directory

Restart the domain controller Select Directory Services Restore Mode

Select Directory Services Restore Mode

Restart the domain controller

Restart the domain controller Finish Finish

? The Active Directory Database Cannot Be Running When You Restore Active Directory Files

? The Backup of the System State Data Cannot Be Older Than 60 Days

Windows 2000 provides you with the ability to restore the Active Directory database if it becomes corrupted or is destroyed due to hardware or software failures Windows Backup cannot replace Active Directory files while Active Directory is running Therefore, you must start the operating system by using

the Directory Services Restore Mode advanced startup option

Because Active Directory is part of the system state data on a domain controller, you must restore the system state data in order to restore Active Directory You can use Windows Backup to perform this restore

You cannot restore Active Directory from a backup that is more than 60 days old (this period is called the tombstone lifetime) A domain controller only keeps track of deleted objects for 60 days

If you have only one domain controller, any changes that you made since you last backed up are lost If you have multiple domain controllers, and the age of the backup is less than 60 days, restore the backup that you have and then let the replication between domain controllers make Active Directory current

To restore Active Directory, perform the following steps:

1 Restart the domain controller, and press F8 to display the advanced startup options

2 Select Directory Services Restore Mode

This starts Windows 2000 but does not start Active Directory

3 Log on to Windows 2000 by using the Administrator account that resides in the local user account database on the domain controller Note that this administrator account is the same one used to log to a domain controller when using the Recovery Console

When you restore Active

Directory, you have to make

sure that it is not running on

the computer

Mention to students that

they will restore Active

Directory in the lab

Key Points

Windows Backup cannot

replace the Active Directory

files while Active Directory

is running

To restore Active Directory,

an administrator must start

Windows 2000 by using the

Directory Services

Restore Mode advanced

startup option

An administrator cannot

restore from a system state

data backup on a domain

controller if the backup data

is over 60 days old

Important