NORMAL SYSTEM STATE RESTORE (NO ACTIVE DIRECTORY)

Load the index containing the System State backup. (More information on loading the index for restore is available in the RESTORATION section of the manual.)

Select the System State object and either click the “Restore” icon on the toolbar or click

“Operations”/”Perform Restore.” You'll be able to check the appropriate restore options in the next screen: “Win32File Agent—Restore Options.” Click “Next.” When checked, the

“Unattended” feature means that if any error messages should occur during the restore, they'll be reported in the restore log rather than through interactive pop-up dialogs. Click

“Restore.”

NOTE: If one restores the entire C: drive without checking “Unattended,” there will usually be a barrage of interactive pop-up dialog boxes indicating the restoration of “In-Use” files. The restore will not continue unless someone is present to click “OK” to each pop-up dialog. Therefore, it is advised to click the “Unattended” check box when doing

________________________________________________________________________

machines without Active Directory. When attempting to recover a crashed Active Directory machine, install a bare bones version of Active Directory before restoring anything. After the vanilla Active Directory installation is complete, refer to the instructions below.

Start the domain controller in “Directory Services Restore” mode before restoring the System State. Do this by completing the following steps:

• Reboot the computer.

• When prompted to select an operating system, or as soon as Windows displays the

“Starting Windows” progress bar, press “F8.”

• Windows 2000 will display various boot options, one of which is “Directory Services Restore Mode (Windows 2000 domain controllers only).” Choose this option and press “Enter.”

• If prompted, select an appropriate operating system and then press “Enter.”

• Log in using an administrator account and password stored in the SAM (Security Accounts Manager). This account was created when Active Directory was installed.

NOTE: Active Directory administrator accounts are not available since the active directory is off-line.

• Select “OK” within the “Desktop” dialog box. This dialog box starts with the text,

“Windows is running in Safe Mode.”

Restoring the System State Using UltraBac – To perform a System State restore operation, follow these steps:

• Run UltraBac by selecting from Window's task bar: “Start”/”Programs”/”UltraBac 7.0”/”UltraBac Management Console.”

• Load the index containing the System State backup you wish to restore. There will be Active Directory components appearing as objects under the System State object in UltraBac. The loaded index should look similar to the screenshot below:

• From UltraBac's menu bar, select “Operations”/”Perform Restore.”

• Selecting “Perform Restore” automatically brings the “Restore Options” dialog box.

• Select “Next.” Choose “Unattended” if you wish to view errors in the restore log rather than interactively, and click “Restore.”

• When the restore completes, a reboot request will be made. UltraBac will display a pop-up message with the option to click “OK” for a reboot, or “Cancel” to exit. Select

“Cancel” to reboot the machine after the NDTSUTIL utility has run successfully.

• In the next pop-up dialog, UltraBac informs the user that some files will not be active until the machine is rebooted. Click “OK” to continue.

________________________________________________________________________

• Select “Restore Log” when the “UltraBac Progress” dialog box appears and verify the restore was successful. When you're finished viewing the restore file, close it and exit the application entirely. This concludes the UltraBac portion of the restore, but the NTDSUTIL still needs to be run in order to synch the newly restored Active Directory database.

Run NTDSUTIL – To perform an Authoritative restore, use NTDSUTIL after you restore the System State data, but before you restart the server on the network. NTDSUTIL allows Active Directory objects to be marked for “Authoritative” restore, ensuring proper

replication and distribution of data. An “Authoritative” restore should be used if the user is restoring the ONLY domain controller in the domain, or if the user desires all other domain controllers to synch up to the newly restored domain controller.

Run NTDSUTIL and mark all appropriate objects as “Authoritative.” NTDSUTIL can be run from the “Command” prompt. NOTE: Type <ntdsutil/?> for help on this utility.

• From the “Command” prompt, type in <NTDSUTIL> and press “Enter.”

• Type in the text <authoritative restore> at the “NTDSUTIL.EXE” prompt and press

“Enter.”

• To mark the full restore as “Authoritative,” type in the text <restore database> at the

“authoritative restore” prompt and press “Enter.” The “authoritative restore”

command will be used in most cases. To mark just a subtree as “Authoritative,” type in the text <restore subtree ***> at the “authoritative restore” prompt, where “***” is a string (e.g. “restore subtree

cn=DomainController,ou=DomainControllers,dc=DomainName,dc=TopLevelDomain Name”), and press “Enter.” For more information, see Microsoft's documentation on restoring subtrees.

• Select “Yes” when prompted with the following confirmation screen:

The following DOS screenshot looks similar to what happens when one runs a typical

“Authoritative” restore through NTDSUTIL.

• Type in <quit> at the “authoritative restore” prompt and press “Enter.”

• Type in <quit> at the “NTDSUTIL.EXE” prompt and press “Enter.”

REBOOT

IMPORTANT WARNING! Your system must be REBOOTED before the restored System State files will be activated.

NOTE: Only restored objects specifically marked as “Authoritative” will update their respective objects on other domain controllers. All other objects will still be “Non-Authoritative.” See Microsoft's documentation on “Authoritative” restores for more information.

NOTE: The Active Directory uses the USN (Update Sequence Number) to determine

________________________________________________________________________

the steps shown below to complete a “Non-Authoritative” restore.

Start the domain controller in “Directory Services Restore” mode by doing the following:

• Reboot the computer.

• When prompted to select an operating system, or as soon as Windows displays the Starting Windows progress bar, press “F8.”

• From the list of Safe Modes, select “Directory Services Restore Mode (Windows 2000 domain controllers only),” and then press “Enter.”

• If prompted, select an appropriate operating system and then press “Enter.”

• Wait for the “Welcome to Windows” screen to appear and press “Ctrl+Alt+Delete.”

• Log in using an administrator account and password stored in the SAM (Security Accounts Manager). This account was created when Active Directory was installed.

NOTE: Active Directory administrator accounts are not available since the active directory is off-line.

• Select “OK” within the “Desktop” dialog box. This dialog box starts with the text,

“Windows is running in Safe Mode.”

• Run the restore exactly as indicated above. The only difference between an

“Authoritative” and “Non-Authoritative” restore is that the NTDSUTIL is NOT used in a “Non-Authoritative” restore.

• Reboot the machine when UltraBac7 finishes the restore by clicking “OK” in the following dialog box:

AGENTS

________________________________________________________________________