Navigation Bar

Windows
Windows File Systems
 NT FS
 Distributed FS
 Common Internet FS
 Virtual Disk Services
 Volume Shadow Copy Services
 Removable Storage System
Windows Volume Mgmt.
Defragmentation
Compression
Windows System state
Novell Netware
File Systems
Disks and Volumes
NDS and eDirectory
Clustered Servers
iFolder
Netware Storage Statistics
Linux
Files and Directories
File Systems
Volume Management
Linux Commands
z/OS Storage and Datasets
z/OS file structures
DFSMS on z/OS
  Data Class
  Management Class
  Storage Class
  Storage Group
z/OS file utilities
z/OS SMF statistics
z/OS RMF reporting
Managing VSAM files
VSAM overview
 VSAM structures
 VSAM commands
 Performance tuning
  JCL Buffers
  LSR Buffers
  System Buffers
  VSAM parameters
  File Extents
 IAM, a VSAM alternative
 VSAM Recovery
 VSAM RLS, DFSMStvs
ICF Catalogs
Catalog Management
 ICF Catalog Structure
 Fixing Catalog Problems
 Backup and Recovery
 Catalog Mgmt. Products
z/OS Batch Tuning
Batch Principles
 Reliability
 Parallelism
 Performance

The Windows System State


What is a System State?
System State Backup
System State Restore
Why is an authorative restore needed
How to restore a single Active Directory object
Automated System Recovery

What is a System State?

The Microsoft definition of the Windows System State is -


"In Backup, a collection of system-specific data maintained by the operating system that must be backed up as a unit. It is not a backup of the entire system. The System State data includes the registry, COM+ Class Registration database, system files, boot files, and files under Windows File Protection. For servers, the System State data also includes the Certificate Services database (if the server is a certificate server). If the server is a domain controller, the System State data also includes the Active Directory database and the SYSVOL directory. If the server is a node in a cluster, it includes the Cluster database information. The IIS Metabase is included if Internet Information Services (IIS) is installed."

The System State includes -

Component

When the component is included

The Registry (contains configuration information, such as user profiles, installed programs and their properties, property settings for folders and icons, and hardware and port configuration)

Always included

The COM+ Class Registration database

Always included

Boot files (used by Windows to load, configure and run the operating system)

Always included

Certificate Services database

Included if this is a Certificate Services server

Active Directory (stores information about objects on a network, so administrators can access those objects from a single logon.

Included if this server is a domain controller

SYSVOL (typically contains host logon scripts, user logon scripts for administrators who use active directory, policy objects for network client computers, and folders and files that must be available and synchronized between domain controllers)

Only included if this server is a domain controller

Cluster service (controls and manages server cluster operation, including the cluster database.

Included if this server is within a cluster.

IIS (Internet Information Services, looks after Web site creation, configuration, and management, including the various transport protocols needed to support internet services)

Included if it is installed

System files (various files used at initial startup, and configuration files used by Windows to run the operating system)

Always included

What's included in the system state is also dependent on the operating system. For Windows XP Professional the System State data includes only the registry, COM+ Class Registration database, files under Windows File Protection, and boot files.

back to top

System State Backups

You can manually backup the system state by simply clicking "Start", "Programs", "Accessories", "System Tools", "Backup". From the backup screen, click on the drives which contain the boot and system partitions. Select a backup destination, then click 'Start Backup'. You must be an administrator to back up Active Directory data. It is possible to automate this process with backup tools, see the TSM Backups tips section for one possible solution. You can't choose to back up individual components of the System State data, you have to backup the entire state. This can be a large overhead if you are backing up a lot of Windows systems using an enterprise backup tool.

back to top

System State Restores

There are three types of restore, and you can work out which one you need to use from the following graphic

A picture which explains when an authorative restore is needed. Basically, if this is a domain controller, with other active domain controllers in the network, and active directory is replicated, then an authorative restore is needed.

Take the following steps to run an authorative restore

  • Start your server in Directory Services Restore Mode.
  • Restore the system state either using Microsoft's Backup utility, or another backup utility. The TSM Restore page details how to do this with TSM
  • Run the Ntdsutil utility to mark Active Directory objects you wish to restore. You run Ntdsutil from the command prompt. You can get full details of the command parameters by typing ntdsutil /? at the command prompt.
  • Restart your server on the network, to replicate out the changes

You can only restore the System State data on a local computer. You cannot restore the System State data on a remote computer

Warning - If you restore the System State data, and you do not specify an alternate location for the data, the restore will overwrite the System State data that is currently on your computer. If you restore the System State data to an alternate location, only the registry files, SYSVOL directory files, Cluster database information files, and system boot files are restored. A System State restore to an alternate location will not restore the Active Directory directory services database, Certificate Services database, and COM+ Class Registration database.

back to top

Why do you need an authorative restore?

The Active Directory replication system uses an update sequence number to decide which versions of the same object get replicated. The object with the highest update sequence number is replicated over the others. When you restore an older object, it will have a lower update sequence number and it will never get replicated or distributed to your other servers because it will appear to be older than the objects currently on your other servers. The Ntdsutil utility increments the update sequence number by several hundred, to make it the highest in the system, and ensure it gets replicated over the others. In fact, if you do not use an authorative restore, your restore will probably be backed out by replication from other domain controllers.

back to top

How do you restore a single active directory object?

Say you accidentally delete an AD user account. The object does not actually get deleted, its just marked as deleted, and that mark is replicated out over all the ADs in the system. After about 60 days, the file is really deleted, But there is no 'undo' facility before that happens, The only way to get the object back is to restore it. However, you do not want to restore the whole AD, and backout other changes.

The answer - restore a system state backup as above, but when you get to the Ntdsutil utility part, you have to tell Ntdsutil the exact Fully Qualified Domain Name (FQDN) of the object you want to restore. For example, you might enter: 

    restore subtree cn=Allan Brown,
	ou=Service Management,dc=thiscompany,dc=com

to restore a user named Allan Brown, whose user account was in the Service Management organizational unit of the this company.com domain.

back to top

Automated System Recovery

Automated System Recovery (ASR) was introduced in Windows 2003. It simplifies the ‘bare metal’ recovery that is needed if a server is totally trashed.

In a disaster situation, you have to start with an empty disk. You need to partition that disk into the correct number of volumes with the correct sizes, and then install the registry, system files, and active directory if required. This information is known as the Windows System State as described above.

ASR consists of a supplied CD and a floppy that you must create. ASR does not completely automate the bare metal recovery process, as it is up to you to take regular copies of the system state, though ASR does help you through the copy process. Go into the Accessories – System Tools – Backup window, and select the Automated System Recovery wizard.
The wizard will take a backup of all the system files first, and by default will want to put this onto the A drive. As the file size will be almost 2 GB, you should change this to a more suitable location, ideally on a remote server. Once ASR has finished the system backup, it will prompt you for a floppy disk to store the ASR recovery data. After you finish taking the copy, remember not to leave the floppy on top of the server, it needs to be kept off-site. This is process is fine for a PC user, if you want to take regular system state backups of several servers, you will want a more automated method.

If you need to recovery the server, you use the backup set on the floppy disk along with the ASR restore CD to recover all the system state. ASR can also restore to different (but not too different) hardware.

back to top

By entering and using this site, you accept the conditions and limitations of use

 

 

 

Advertising banner for Lasconet