Backing up and restoring data in a network environment is a process that has always been subject to special problems and considerations. Windows 2000 Backup addresses some of these problems, as discussed in the following sections.
Because they can be constantly in use, mail servers like Microsoft Exchange have particularly difficult backup problems. Windows 2000 Backup includes a feature specifically designed to back up Exchange servers, which is available only when the program detects an Exchange module called Edbbcli.dll on the local system. When this module is present, a Microsoft Exchange item appears in the backup program's Tools menu, enabling you to specify the Universal Naming Convention (UNC) name of the Exchange server you want the program to access. Also, the expandable display in the Backup tab includes a Microsoft Exchange icon that you select to back up the mail server (Figure 35-12).
Figure 35-12. The Backup tab with the Microsoft Exchange dialog box displayed.
Encrypted files aren't stored any differently than unencrypted files by the Windows 2000 file systems; only their data format is different. Therefore, backing up encrypted files doesn't in any way compromise their security status. The files are copied to the tape or other medium in their encrypted form and restored the same way. The personnel responsible for backing up the files don't need to have access to the encryption codes, nor does access to the tape itself present a risk.
Backing up the system state is as simple as selecting the appropriate box in the Backup tab, but restoring it is a bit trickier. The restoration process must not only overwrite vital system data that is currently in use, such as the registry, but it must also (in the case of a domain controller) restore the Active Directory database. This problem is particularly difficult because in a domain with multiple domain controllers, the replication system can overwrite the newly restored data because of its outdated update sequence numbers.
Therefore, to effectively restore the system state on a domain controller, you must perform two special procedures during the restoration process: start the computer in directory services restore mode and perform an authoritative restore of the Active Directory database.
You can restore the system state only on the local system. The Windows 2000 Backup program automatically determines the correct destination for the restored data, based on the location of the system root directory (typically C:\Winnt), and it overwrites the existing system state data on the computer.
To restore Active Directory and the SYSVOL volume on a Windows 2000 domain controller, you must first reboot the system in directory services restore mode, a form of safe mode that ensures that the system is ready to have its Active Directory database overwritten. To do this, restart the system and press the F8 key when you see the Please Select The Operating System To Start message. From the Boot menu, choose Directory Services Restore Mode. After checking the system's local drives to ensure their integrity, Windows 2000 loads the operating system in a stand-alone server configuration with a set of generic drivers that permit safe-mode access to the operating system.
Because your domain controller system won't be functioning as a domain controller at this time, you might see error messages stating that Active Directory-dependent services have failed to load. This is to be expected. Because the machine isn't functioning as a domain controller, it isn't using the user and group objects associated with the domain. Instead, the system is using a small set of user and group accounts stored in the registry rather than in Active Directory. At this point, you can run Windows 2000 Backup and restore the system state.
When you restore the system state on a domain controller, the restored Active Directory objects have the same update sequence numbers as when they were backed up. These numbers are necessarily older than those currently in use in Active Directory and, as a result, they are considered to be outdated and overwritten during the next replication pass. To prevent this from happening, you must perform an authoritative restore of the Active Directory data stored as part of the system state on the backup medium. An authoritative restore is one that flags the restored Active Directory objects as authoritative, meaning that during the next replication event they overwrite the equivalent objects on the domain controllers containing the replicas.
To perform an authoritative restore, you must run the Windows 2000 Ntdsutil.exe program after you restore the system state and before you reboot the computer. Ntdsutil.exe modifies the update sequence numbers of the restored objects so that they appear to the replicas to contain the newest data available. During the next replication pass, the system uses the restored Active Directory database objects to overwrite the data on the domain's other controllers.
The Ntdsutil.exe program is an interactive command-line utility copied to the \%SystemRoot%\System32 folder by default during the operating system installation. You see a prompt labeled ntdsutil: when you run the executable file from the command line. The program uses a series of menus to navigate its various functions. Type a question mark (?) or help at any prompt to list the available commands and submenus for that prompt. To perform an authoritative restore, type authoritative restore at the ntdsutil prompt and then type help to display the available commands, which are as follows:
Thus, to use the entire Active Directory database restored with the system state as authoritative information, you use the Restore Database command at the Ntdsutil.exe authoritative restore: prompt. The program opens the database and increases the version number of all the Active Directory objects by 100,000. Once the process is completed, you can exit the program by typing quit twice and restart the system in normal mode. When the computer is functioning as a domain controller again, it replicates its Active Directory database to all of the other controllers in the domain, and because the version numbers of its objects are substantially higher than those of the other replicas, the system copies the restored data to all of the replicas in the domain.
File system permissions are an essential element of any network storage policy, and for a backup program to function in a network environment, it must be able to save the permissions along with the files and restore them either to the same or a different location. However, the various file systems supported by Windows 2000 complicate this process considerably. The FAT file systems don't support permissions, and if you restore a backup of an NTFS drive to a FAT drive, those permissions are lost.
The introduction of NTFS 5 in Windows 2000 presents another significant incompatibility, and that is with NTFS drives created in Microsoft Windows NT 4. When you restore a backup of an NTFS 5 drive to a Windows NT 4 NTFS drive, you lose the following file system elements:
The loss of these elements can compromise network security and make it impossible to access data that is encrypted or stored on another drive or medium. Restoring NTFS 5 data files to another file system can also cause you to lose data from embedded or linked documents and from alternate data storage formats such as those used by Services for Macintosh, disk image files, and custom file types created by certain non-Microsoft applications. You should always consider the file system used on your destination drive before you perform any NTFS restores.