backup, restore, and recovery for windows server 2003 and active directory

vii

Contents

Chapter 6 Backup, Restore, and Recovery for Windows Server 2003 and Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

Using the RC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

Deploying EMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105Understanding Out-of-Band Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105Configuring the SAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107Understanding !SAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

Additional EMS Thoughts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112Performing an AD Backup and Restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112AD Backup Essentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

Performing a System State Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113Creating an AD Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

AD Nonauthritative Restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115AD Authoritative Restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116The New Windows 2003 Backup API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

Enabling ASR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

Replicating DCs from Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

Next: New Tools and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

Books

http://www.windowsitlibrary.com/Ebooks

http://www.netiq.com

101

Chapter 6:

Backup, Restore, and Recovery for Windows Server 2003 and Active DirectoryPerforming backups is a system administrator’s single most important task. However, because havingbackups sometimes isn’t enough, you need skills that go beyond the ability to back up and restorefiles. In this chapter, I describe some common scenarios in which things go wrong – from a servergoing belly up to objects in Active Directory (AD) being inadvertently deleted.

Windows Server 2003 (Windows 2003) gives you many ways to get your system back to businessas usual. I’ll show you how to use the techniques and features it offers – before you have to swinginto action to save the day (and your job). I discuss using the Recovery Console (RC), deploying thenew Emergency Management Services (EMS) feature, performing an AD backup and restore, enablingAutomated System Recovery (ASR), and replicating DCs from media with the new Install from Media(IFM) feature.

Using the RC When Microsoft released Windows 2000, one of my new favorite features was the Recovery Console(RC). The RC could help you address a persistent problem that many of you will remember.

Before the advent of the RC, if a server went belly-up and you needed to perform surgery on it,doing so was difficult if the underlying file system was NTFS. Booting from a floppy disk wouldn’t letyou see or modify NTFS volumes. Given the frustration of working with NTFS in this urgent situation,thousands of Windows NT 4.0 server administrators kept their OS loaded on FAT partitions – just forthe rare emergency. This approach let the administrators boot to a DOS prompt to edit, rename, ormodify damaged files.

Windows 2003 and Win2K have the RC, a tool whose job is to help when the chips are down.The RC console lets you load a very small subset of the OS along with a powerful subset of OS func-tions. Previously, for example, if a service went down while NT 4.0 was running and you needed toreboot the server, you might be in trouble if the Last Known Good Configuration recovery optionfailed to bring your system back. With the RC, you can start and stop services, format disks, and copyand replace files already on the disk. Basically, the RC contains much of what you’ll need shouldthings on a particular Windows 2003 or Win2K server go awry.

Brought to you by NetIQ and Windows & .NET Magazine eBooks

You can use the RC two ways: preloaded or loaded on the fly. Preloading the RC requires only about 7MB of disk and adds an additional boot option to the boot.ini file. To preload the RC,insert the Windows 2003 CD-ROM and open a command prompt. From the CD-ROM, run winnt32/cmdcons. The RC will contact Microsoft for any last-minute updates, then perform the installation, as Figure 6.1 shows.

Figure 6.1 Installing the RC

After the files are copied, you can see the fruits of your labor. Simply reboot the server and lookfor the new RC line added to the boot.ini file, which Figure 6.2 shows.

Figure 6.2 RC line item in the boot.ini file

102 Windows 2003: Active Directory Administration Essentials


After you enable the RC, you’re asked to log on. If this server is a member server or standaloneworkstation, you log on with the local Administrator password. If this server is a domain controller(DC), you log on with the Directory Services Restore Mode password that you input when you created this DC. (I discuss the Directory Services Restore Mode password in the upcoming ADNonauthoritative Restore section.) If you try to log on with the domain Administrator account password, you won’t be permitted to use the RC, as Figure 6.3 shows.

Figure 6.3 Attempted logon to a DC with RC installed using the domain Administrator password

After you log on to the RC successfully, you have an array of tools at your disposal, as Figure 6.4shows. I encourage you to familiarize yourself with the tools in the RC, so you’ll be ready to usethem when you encounter a problem.

Chapter 6 Backup, Restore, and Recovery for Windows Server 2003 and Active Directory 103


Figure 6.4 The RC tools

Among the RC’s abundant tools, some of my favorites are

• Listsvc – Helps determine which services are running and the current state of each service

• Enable and Disable – Changes how services start up (e.g., you can disable services that aren’tworking as they should)

• Bootcfg – Aids you in rebuilding broken boot.ini files by helping you locate instances of Windows 2003 on the computer

• Expand – Lets you take a compressed file – for example, myfile.sy_ – and expand it tomyfile.sys, which you can then place almost anywhere on the hard drive

TipIt’s still fairly difficult to do registry repairs inside the RC. If you need tools to repair theregistry while the server is damaged, I encourage you to check out Winternals Software’s toolERD Commander at

http://www.winternals.com/products/repairandrecovery/erdcommander2002.asp

j



http://www.winternals.com/products/repairandrecovery/erdcommander2002.asp

Deploying EMS When a server is unresponsive, Windows 2003’s EMS can display what’s happening over the computer’s serial port. You can then use a second device to manage the broken server. Before I discuss EMS further, however, I’ll review the usual options for monitoring server operations and troubleshooting an unresponsive server.

When a server is running and you want to observe what’s going on, you have several options. If the machine is running well, you can peek in through the built-in administrative Terminal Servicesthat I described in Chapter 1 (Windows 2003 by default loads the necessary files for the equivalent of Windows 2000 Terminal Services), use Telnet to contact the machine, or tap a host of other tools.These approaches to monitoring your server are often called “in-band” management – that is, you usethe Ethernet cable to cross the network, look into server operations, and possibly work on the server.

Many datacenters I see have clunky cabinets with racks of monitors, keyboards, and mice. Otherdatacenters rack-mount their servers and use a keyboard/video/mouse (KVM) switchbox to switchbetween the servers in the rack. Still others have KVM switchboxes that run over TCP/IP, the ideabeing that – from anywhere in the enterprise – you can monitor what’s happening on the server console. Some of these setups are complex and expensive, but the real question is whether they can help if the server reaches the blue screen stage or completely hangs when you’re at another siteor in another country.

Understanding Out-of-Band Management When you reach an unresponsive server by an alternate route – through the serial port – theapproach is often referred to as “out-of-band” (OOB) management. Because Microsoft wants you to be able to run a lean datacenter, the company designed Windows 2003 to work in an OOB “headless” environment.

Headless means that you can set up, build, run, monitor, restart, and repair a Windows 2003server without a keyboard, a mouse, or even a video card. And you might be able to do so fromanywhere in your enterprise – in fact, from anywhere in the world. (You usually can’t perform allthose actions with a KVM switch or even with a TCP/IP KVM switch.)

NoteTo get the kind of support that Windows 2003’s headless environment provides, you wouldusually need to install a third-party card, such as Compaq’s Remote Insight Lights-Out Edition card.

If your server becomes unresponsive over the network and you can’t use Terminal Services orTelnet to manage it, you now have Windows 2003’s EMS. The principle underlying EMS is simple:You install a special piece of software on Windows 2003 that displays what’s happening over thecomputer’s serial port. Then, through a second device, you can manage a broken Windows 2003server.

Any of several pieces of hardware can serve as the second device, as Figure 6.5 shows.

• You might attach a handy Windows Tablet PC running Hilgraeve’s HyperTerminal – or anotherportable serial device.

n



• You might attach a password-protected security modem to the server’s serial port and dial in tosee what’s up.

• You might attach all the servers to a device called a serial port concentrator. Then, you can usecharacter-based Telnet to get direct access to a specific server.

Figure 6.5 Connecting to a broken server’s serial port



Laptop Computer

Security Modem

Serial Port Concentrator

Typically,you would

use onedevice to

connect tothe server’sserial port

via Serial Port

via Serial Port

Dial-in

via Serial Port

Windows 2003 Server

Phone Company

Production Network Ethernet

Out of Band / Alternate Network

TipCyclades (http://www.cyclades.com) is one manufacturer of serial port concentrators. You can find the company’s statement of support for EMS athttp://www.cyclades.com/pressroom/?id=1051617600

No matter which serial connection you choose, the concept is the same: The device isn’t con-nected to the same network as the broken server. That way, you can reach the server through theserial port.

Configuring the SAC The Special Administration Console (SAC) is a key component of OOB management. The SAC is theEMS command-line environment that Windows 2003 provides. This console is separate from the usualcommand-line environment and provides different functions. After you’ve enabled EMS, the SAC isalways running unless EMS components don’t load properly.

For an introduction to the SAC, go to the following Microsoft URLs:http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/entserver/ems_components.asp

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/entserver/ems_sac_commands.asp

However you choose to manage your damaged server, with EMS, you ultimately use the serialport. To see for yourself what EMS looks like, you must configure your server to output to the serialport. You do so through the bootcfg command, which changes parameters in the boot.ini file. You’llsimply run bootcfg /EMS with additional parameters.

CautionYour commands might differ depending on which serial and boot options work for yourhardware.

You’ll automatically add an entry to your boot.ini file that, after a reboot, enables EMS. If youhave a device connected to the serial port through a null-modem connection, you’ll see the output ofEMS as soon as the system reboots. Figure 6.6 shows the results of a successful run of the bootcfgcommand as well as the output from the newly changed boot.ini file.

d

j



http://www.cyclades.com

http://www.cyclades.com/pressroom/?id=1051617600

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/entserver/ems_components.asp

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/entserver/ems_sac_commands.asp

Figure 6.6 Enabling EMS

TipEnabling EMS for the next boot is easy; just be sure to use the same speed for the computer andthe receiving device.

When you reboot the server, you might notice almost imperceptible differences on the boot-upscreen – but little else that’s different. In fact, if the server doesn’t encounter problems, it continues toboot as usual. However, if you have a device connected to the serial port of the server, you’ll see theSAC, which Figure 6.7 shows. In this example, I have a laptop running HyperTerminal connectedthrough a null-modem connection.

j



Figure 6.7 SAC initialization

After the SAC is loaded, you can choose to

• restart the unresponsive server

• shut down the server

• open one or more command prompts

• set a different IP address for the server, which is useful should the server need to be moved to adifferent segment

• manually crash the system, which is useful if you want to generate Crashdump data for MicrosoftProduct Support Services (PSS – Microsoft might request Crashdump information to troubleshootparticularly sticky problems)

Figure 6.8 displays SAC commands. Reading through the list gives you a sense of the actions youcan take.



Figure 6.8 SAC commands

CautionUsually, you’ll want to avoid Crashdump because it will, as its name implies, crash the systemand create a dump.

What’s amazing about the SAC is that if your server encounters a blue screen (or if you force one through the SAC’s Crashdump command), you’ll see the blue screen output on your serial-portconnected terminal session, as Figure 6.9 shows.

d



Figure 6.9 Windows 2003 server crash SAC output

Understanding !SAC Telnet and Terminal Services work well when the system is running – in which case, you can use in-band management. The SAC makes the difference when things aren’t going well (e.g., misconfigured IP addresses, service problems, blue screens) over the usual network channel. However, if a machine is completely unresponsive (i.e., the machine might or might not have displayed the blue screen but is 100 percent hung), you still have !SAC.

!SAC (usually pronounced Bang SAC) is a special Windows 2003 mode. !SAC provides a limitedsubset of what you can do through OOB. Basically, you can restart the computer and redirectonscreen blue screen messages. You can’t choose !SAC mode to perform these functions, however;the underlying system chooses it for you.

For more information about !SAC, go to the following Microsoft URL:http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/entserver/ems_!sac_commands.asp



http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/entserver/ems_!sac_commands.asp

Additional EMS Thoughts EMS, SAC, and !SAC offer OOB management with terrific benefits. However, you might be able to getadditional benefits depending on which kind of BIOS and hardware you use for your Windows 2003server. For example, if you need to change the boot order or another BIOS setting, your BIOS mightor might not be capable of redirecting its output to the serial port. You’ll need to check with yourserver vendor to ask whether your server BIOS supports redirection to the serial port.

You can do much more with EMS, headless servers, and the SAC, including building machinesfrom scratch – all through the serial port. For more information about EMS and headless servers, go to the following Microsoft URL: http://www.microsoft.com/whdc/hwdev/platform/server/headless/default.mspx

Performing an AD Backup and Restore If you open up your Windows 2003 and Win2K Active Directory Users and Computers console,you’re likely to see a sea of organizational units (OUs) full of users. A portion of your directory mightresemble the DomainA.com directory that the diagram in Figure 6.10 represents.

Figure 6.10 DomainA.com AD directory



John

Sally

DomainA.com

East Coast Sales

Dirk

Jeff

Edna

James

West Coast Sales

Sales

http://www.microsoft.com/whdc/hwdev/platform/server/headless/default.mspx

AD can be a pretty treacherous place, with many administrators performing lots of work at all times. What happens if an administrator inadvertently deletes Jeff’s account? Or worse, an administrator deletes East Coast Sales and everyone in it? Or worse yet, an administrator deletes Sales,all the OUs below it, and everyone in them?

Although a little panic is understandable, if you stay calm, you can get your AD accounts back.Doing so, however, takes some pre-planning and a little good fortune.

AD Backup Essentials Backing up AD is relatively straightforward. Simply perform a system state backup of one DC. A

server’s system state is its nucleus. If you back up a DC’s system state, you have the contents of AD.

CautionIf you must perform a restore of deleted objects, you need to know that the machine on whichyou do the backups is the machine on which you do the restores. Also, to perform a restore, asyou’ll see in the following text, you need to reboot and take the DC offline. Therefore, if youplan to back up one or two DCs in your environment, make sure that you can reboot thoseDCs during the day without penalty.

Performing a System State Backup With the preceding information, you can use the standard backup tool. Navigate to and select SystemState, as Figure 6.11 shows.

Figure 6.11 Backing up the system state

d



You should back up to a location that you’ll be able to access when this machine is rebooted – either a tape drive or a file. Remember that you can’t take a system state backup fromone DC and restore that system state to another DC.

Creating an AD Map Next, you need to make a “map” of your AD. If someone deletes an object, you’ll need to know itsdistinguished name (DN) to restore it. As you’ll recall, a DN is a list of items separated by commasthat uniquely identifies an object by using the relative DN for the object and the names of the container objects and domains that contain the object. The DN is a text representation of an entry inthe directory server database. For example, the object selected in Figure 6.12 would have the DN

cn=James,ou=East Coast Sales,ou=Sales,dc=domaina,dc=com

Figure 6.12 Mapping each object shown by DN

Without a map of your AD that tells you explicitly where each object is listed by DN, you’ll havea difficult time restoring objects, as the following text discusses.

TipIn Chapter 7: Command-Line, Support, and Microsoft Windows Server 2003 Resource KitTools, I’ll show you how to use the Dsquery command to display a list of all the users’ DNs at once.

j



AD Nonauthoritative Restore After you’ve performed your backup, if a problem occurs (e.g., someone deletes James’ account orEast Coast Sales), you can start to recover what was deleted by performing a nonauthoritative restore.To begin a nonauthoritative restore, you need to reboot the DC on which you created the systemstate backup. When you do so, press F8 to get to the special boot options that Figure 6.13 shows.

Figure 6.13 Starting an AD restore

Choose the Directory Services Restore Mode (Windows domain controllers only) option. Thischoice enables a special mode that lets you start your restore process.

When the logon prompt appears, you log on with the Directory Services Restore Mode password.You created and entered this password when you ran Dcpromo and made this server a DC.

TipWhat if you can’t remember your Directory Services Restore Mode password? You’ll need toreboot, log on as domain Administrator, and type

Ntdsutil

Then type the command

set dsrm password

which lets you reset your forgotten password.

After you log on, run the backup utility again. Perform a full system state restore to the originallocation, as Figure 6.14 shows.

j



Figure 6.14 Restoring AD on top of itself

After you perform the full system state restore, the records you’ve preserved in the system statebackup will be returned to AD and restored. However, your job isn’t complete until you do anauthoritative restore.

AD Authoritative Restore After the nonauthoritative restore is complete, you’ll be asked to reboot the machine. Do not reboot!Instead, close NT Backup and proceed.

CautionWhen you’re asked to reboot the machine following a nonauthoritative restore, do not reboot!If you reboot, other DCs can override information about the objects you’re restoring.

If you reboot, the AD objects wouldn’t be restored. This situation occurs because when an ADobject is deleted, it’s recorded as deleted and “tombstoned.” That information goes to other DCs,which also record that the object is slated for deletion and tombstoned. As a result, even though thisDC has restored the object to its own local copy of the AD database, other DCs will override therestoration with their signal indicating that the object is tombstoned and slated for deletion.

d



You need a way to communicate to the other DCs that – for the specific objects you wantrestored – those DCs should accept a signal to override the communication that those objects areslated for deletion. That signal is the authoritative restore.

NoteBecause AD replication would require a chapter in itself, I’ll keep the information brief here.However, underneath the hood, the authoritative restore raises the update sequence number(USN) to a very high number – ensuring that other DCs with lower USNs can’t overwrite theobjects you’re restoring. For a comprehensive article about USNs with AD backup and restore,see my article at http://www.mcpmag.com/features/article.asp?editorialsid=166 and the following Windows and .Net Magazine article athttp://www.winnetmag.com/articles/index.cfm?articleid=15558

Start your authoritative restore by typing

Ntdsutil

at a command line. Then, to reach the authoritative restore menu, type

authoritative restore

Assuming the inadvertently deleted portion of AD was the East Coast Sales OU and everything in it,following “authoritative restore,” type

restore subtree "ou=East Coast Sales,ou=sales,dc=domaina,dc=com"

as Figure 6.15 shows.

Figure 6.15 Performing an authoritative restore

n



http://www.mcpmag.com/features/article.asp?editorialsid=166

http://www.winnetmag.com/articles/index.cfm?articleid=15558

An authoritative restore ensures that other DCs won’t overwrite the objects you’re restoring afterthis DC is rebooted. When you reboot this DC after the authoritative restore is complete, the deletedobjects get the signal to “ride above” the tombstoned objects. That way, the objects are restored tothis DC and replicated to all other DCs.

The New Windows 2003 Backup API Windows 2003 provides a new API, Tombstone Reanimate, which should be useful in restoringdeleted objects in AD. As you just read, it takes a full system state backup of a DC, a reboot, anonauthoritative restore, and an authoritative restore – just to get back one user object. The idea ofthe new API is straightforward: After an AD object is tombstoned – that is, marked for deletion – you can have a program “un-tombstone” that object.

I worked with Bill Boswell (http://www.winconsultants.com) and Mark Russinovich(http://www.sysinternals.com) to test this API. Unfortunately, although we were able to reanimatetombstones (and get previously deleted objects back from the dead), they resembled the reanimatedanimals in Stephen King’s Pet Sematary in that they “weren’t quite right.” Most of their features, such as group membership and even phone number, weren’t replaced, making the API a lot lessuseful than it could be. You can test the code yourself by visitinghttp://www.sysinternals.com/files/adrestore.zip.

Enabling ASR When a major server failure hits, you want to get the server back up and running quickly. Windows2003’s (and Windows XP’s) Automated System Recovery (ASR) feature lets you recover a system thatwon’t start. Before ASR, you had to load the entire OS from CD-ROM, then do a complete restore ontop of the fresh OS installation.

ASR lets you take a snapshot of the system volume and put it on tape or other locally attachedmedia. Additionally, some information about the backup is preserved to floppy disk. Figure 6.16shows the Automated System Recovery Preparation Wizard, which lets you enable ASR from withinWindows 2003’s backup utility.



http://www.winconsultants.com

http://www.sysinternals.com

http://www.sysinternals.com/files/adrestore.zip

Figure 6.16 The Automated System Recovery Preparation Wizard

NoteASR lets you take a snapshot of the system volume for later restore.

TipThe Automated System Recovery Preparation Wizard backs up the partition the OS uses, but itdoesn’t back up other partitions, such as program and data partitions. Those partitions must bebacked up using standard routines.

When a problem hits, you can simply pop in the most recent set of ASR tapes along with thefloppy disk created for that backup and boot with the Windows 2003 CD-ROM, as Figure 6.17 indicates. While the CD-ROM is booting, press F2 for ASR Recovery, and you’re nearly done.

j

n



Figure 6.17 Starting ASR after a disaster

The ASR process will read the floppy disk to determine your disk configuration at the time you created the backup. After the OS is loaded, the process automatically restores the rest of thesystem drive.

ASR can really save time – but the catch is that the backup data must reside in a place that ASR can reach. ASR can reach only locally attached backup data, such as data stored on tape or disk.(You can’t access the backup over the network, and you can’t have it waiting for you on specialtydevices such as FireWire – IEEE 1394 – or USB 2.0 drives.)

For more information about ASR, go tohttp://www.windows2000faq.com/articles/index.cfm?articleid=37650http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/entserver/asr_overview.asp

Replicating DCs from Media Before I wrap up this chapter, I want to discuss one more backup-related issue: the new Windows2003 option that lets you install from media. IFM solves a serious problem that certain AD deployments have. Some AD deployments are so large and the pipes between DCs so small that promoting a new DC becomes painfully slow – or even impossible.

Windows 2003’s IFM option lets you take one DC’s system state and put it on CD-ROM, USB“thumb drive,” or any other removable media. You can then ship that removable media along withthe server to a destination (or if the server is already at the destination, send just the latest IFM mediaset). When you’re ready to promote the target server to DC, run Dcpromo with a special switch (theDcpromo /adv switch), and the Active Directory Installation Wizard will prompt for that previouslysaved system state, as Figure 6.18 shows.



http://www.windows2000faq.com/articles/index.cfm?articleid=37650

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/entserver/asr_overview.asp

Figure 6.18 Deploying IFM to copy domain information

The newborn DC gets about 99 percent of the AD information from the removable media it haslocally. You can get the remaining 1 percent of information over the network. Now, deploying DCsacross even pathetically slow links is virtually a guaranteed success.

NoteYou start with a system state you already have, put it on removable media, and ship it with (orto) the DC-to-be. Then, run Dcpromo /adv. When you do, the Active Directory InstallationWizard offers a special option for promoting a new DC. By using IFM, you can reduce networktraffic and get that DC loaded.

Next: New Tools and Resources Being able to restore AD is more important than ever; fortunately, doing so is easier than ever. TheWindows 2003 backup and recovery functions I’ve discussed in this chapter take you a long waytoward recovery nirvana.

• RC – Microsoft introduced the RC in Win2K, but the feature has been updated in Windows 2003.

• EMS with SAC and !SAC – EMS, SAC, and !SAC are new in Windows 2003.

n



• AD backup and restore – Although this function is familiar, it’s good to refresh your knowledge.Also, I hope that the Tombstone Reanimate API brings forth some goodies from third-party toolmakers.

• ASR – ASR is new in XP and Windows 2003. The tool is handy, but works only if the disk ortape is locally attached.

• IFM – IFM is a highly useful tool, especially for large AD shops with small pipes and lots of DCs.

Windows 2003 becomes more interesting the closer you look. In Chapter 7, you’ll encounterWindows 2003’s new built-in tools, support tools, and resource kit tools.



backup, restore, and recovery for windows server 2003 and active directory

Documents