Active directory Backup and Restore

Active Directory Recovery
One of the most important step in a recovery strategy for domain controllers is to perform the proper backups while everything is working correctly. In addition to regular full backups, you should perform regular system state backups. Restoring from a system state backup, is faster than restoring from a full server backup.


Be aware of the Windows editions when performing a system state backup:

With Windows Server 2008 R2 you can use Windows Backup (GUI) to take a systemstatebackup.


With Windows Server 2008 you must use wbadmin start systemstatebackup (CMD) to take a system state backup. The backup can only be saved to a local drive (not the same drive as the system state data), not to a shared folder or a disc.



There is 3 type of restoring Active Directory / AD Objects

1. Nonauthoritative:

A nonauthoritative restore returns the domain controller and the Active Directory database to its state at the time of backup. When the domain controller returns online, Active Directory replicates the database with other DC’s on the domain. Any changes that took place since the backup are replicated to the restored domain controller.

Most common use of a nonauthoritative restore is to bring an entire DC back from a failure.

2. Authoritative:

An authoritative recovery used to restore a designated object or container of objects to its state at the time of the backup. Fx., if an administrator accidentally deletes an OU that contains a large number of users. If you restore the server from backup, the default nonauthoritative process doesn’t restore the deleted OU because the domain controller is updated to the current status of its replication partners, which means that the OU is deleted.

When you perform an authoritative restore, you prevent specific objects from the backup from being overwritten by Active Directory replication. With the authoritative restore, the Update Sequence Number (USN) is incremented so that it is higher than the existing USN of the (deleted) object in the Active Directory replication system.

Use an authoritative restore to restore specific objects in Active Directory.

3. Active Directory Recycle Bin

You can use Active Directory Recycle Bin if your AD DS run with Windows Server 2008 R2 FFL/DFL . AD Recycle Bin helps to minimize directory service downtime by enhancing your ability to preserve and restore accidentally deleted Active Directory objects without restoring Active Directory data from backups, restarting Active Directory Domain Services (AD DS), or rebooting domain controllers.

Click Here if you want to Enable AD Recycle Bin.

The following methods show how to perform a domain controller restore. If possible, use the first method in the table.

Dcpromo:

If the server boots but Active Directory is corrupt, you can use dcpromo.

Run dcpromo to remove Active Directory from the domain controller (The server will become a member server)
Run dcpromo again to install Active Directory. The AD data will be copied from another DC on the network.
Run dcpromo /forceremoval if you are unable to remove Active Directory.

The disadvantage of using dcpromo is that the entire Active Directory database must be replicated across the network from another domain controller. However, you can use the Install from Media option to copy the database from media to reduce network traffic.

Restore system state:

If the server boots but Active Directory is corrupt, you can restore the system state data from a recent backup. After the backup is restored, Active Directory replication copies only the changed data to the restored domain controller. To use this method to restore a domain controller:

Reboot the server in Directory Services Restore Mode (DSRM). Use one of the following methods:
Reboot the server. Following the BIOS screen, press F8. Select Directory Services Restore Mode (DSRM) .
At a command prompt, type:
bcdedit /set safeboot disrepair
shutdown -t 0 -r
From Command Prompt (Run as Administrator) Run wbadmin start systemstaterecovery to restore the system state data.
Restart the server in normal mode. If you used bcdedit to start the server in DSRM, type the following at a command prompt:
bcdedit /deletevalue safeboot
shutdown -t 0 -r
Critical volume or full server restore:

If you are unable to reboot the server, you will need to perform a critical volume or full server restore. This restore rebuilds the entire server, along with the Active Directory database. Use the wbadmin start recovery command to start the restore. A full server restore not only restores Active Directory, but data on all other volumes as well.





To enter DSRM, you must supply the recovery mode password. You set this password during the domain controller installation. If you need to set or change the password, use the following steps:

Open an elevated command prompt by clicking Start, then right-clicking Command Prompt and selecting Run as administrator.
Type ntdsutil.
Type set dsrm password.
Type reset password on server .
Enter the password.
Confirm the password.
Type quit, then quit again.

fonte: http://thelaith.net/2010/09/29/active-directory-backup-and-restore/

Liferay avviare

Per avviare Liferay:

/opt/liferay/liferay-portal-6.0.6/tomcat-6.0.29/bin
./startup.sh

Connettere o disconnettere unità di rete

Supponiamo che il computer che ospita la risorsa condivisa si chiami SRV01, che esso condivida una cartella DATI, alla quale ha accesso l’utente Bob, che può essere definito localmente su SRV01 oppure appartenere al dominio DOMAIN. Tutti i comandi vengono impartiti da un secondo PC connesso in rete; per semplicità assumiamo che SRV01 sia configurato per accettare le connessioni dal questa seconda macchina.

La situazione più comune è la mappatura di una unità di rete, che possiamo effettuare con il comando:
net use z: \\SRV01\DATI /user:Bob password se l’utente Bob è locale a SRV01, oppure
net use z: \\SRV01\DATI /user:DOMAIN\Bob password se l’utente è di dominio.
Con lo swith /savecred, nome e password vengono salvate.
Se invece di indicare esplicitamente la lettera da usare per la mappatura dell’unità, vogliamo utilizzare la prima lettera disponibile sul client, il comando diventa:
net use * \\SRV01\......

Nel caso non si volesse scrivere in chiaro la password su una riga di comando, basta sostituirla con un asterisco, ed il sistema ce la chiederà, oscurandola.
Aggiungendo al comando lo switch /persistent:yes, la connessione verrà ripristinata al riavvio.
Una volta terminato il lavoro, per sconnettere l’unità, possiamo impartire il comando:
net use z: /delete

Se si desiderasse eliminare la richiesta di conferma (serve se il comando si inserisce in uno script), il comando diventa:
net use z: /delete /yes
per cancellare tutte le mappature:
net use * /delete o net use * /delete /yes

A volte può essere necessario navigare nelle risorse di un computer remoto; se un doppio click non fosse sufficiente a visualizzare la finestra di immissione di nome e password, possiamo usare il comando per autenticarci preventivamente:
net use \\SRV01 /user:ecc ecc ecc
Quest’ultimo comando serve anche per poter stampare su una stampante di rete su un host che ha bisogno di una autenticazione preventiva. Il caso tipico è quello di chi collega il proprio PC a diverse reti con diversi domini, ad esempio il sistemista che frequenta le sedi dei propri clienti e si trovi nella necessità di stampare.
Utilizzare i comandi dall’interfaccia carattere è molto più veloce dell’interfaccia grafica, che spesso si “pianta” inesorabilmente quando si cerca di navigare all’interno di risorse senza la preventiva autorizzazione.

fonte: http://www.andreabeggi.net/2007/01/29/net-use/