Each particular role on a Windows Server 2008 R2
system can have very specific backup and recovery procedures. As a
general rule, though, performing full backups using Windows Server 2008
R2 Windows Server Backup will enable the restore of a system to a previous
point in time, including restoring all Windows Server roles, role
services, features, and configuration to that previously backed-up
state. Most role services can be restored using a System State
recovery; however, a System State recovery cannot be restored in
part—only the complete System State can be restored.
Windows Server 2008 R2 System State Recovery
When operating systems
become corrupt or unstable or a role service needs to be rolled back to
a previously backed-up state, the quickest and easiest way to perform
this task is to restore the System State. The System State can be
backed up independently but is also contained within a full server
backup. To restore the System State on a Member Server from a previous
backup, perform the following steps:
1. | Log on to the Windows Server 2008 R2 system with an account with administrator privileges.
| 2. | Click Start, click All Programs, click Administrative Tools, and select Windows Server Backup.
| 3. | In the Actions pane, select Recover to start the Recovery Wizard.
| 4. | On
the Getting Started page, select either to restore data previously
backed up from the local computer or a different computer. For this
example, select This Server (Servername), where Servername is the name of the server Windows Server Backup is connected to, and click Next to continue.
| 5. | On
the Select Backup Date page, select the correct date and time of the
backup you will use to restore the data, and click Next to continue.
Days with a successful backup are formatted in boldface.
| 6. | On the Select Recovery Type page, select the System State option button, and click Next to continue.
| 7. | On
the Select Location for System State Recovery page, click the Original
Location option button and click Next to continue. If this system was a
domain controller, more options would be available, but that is covered
later in this chapter.
| 8. | On
the Confirmation page, review the section and ensure that the check box
to automatically reboot the server to complete the recovery process is
checked, and then click Recover to start the process.
| 9. | After
the system reboots, log on to the server to verify functionality. If
the system is working properly, perform a full system backup.
|
Active Directory Recycle Bin Recovery
Let’s begin this section with a
very clear statement: If you need to recover a deleted Active Directory
object and the Active Directory Recycle Bin was not enabled before the
object was deleted, skip this section and proceed to the “Active Directory Authoritative Restore”
section. Now if the Active Directory Recycle Bin feature was enabled
before an Active Directory object was deleted, follow the proceeding
steps to recover objects using the Active Directory Recycle Bin. Before
completing the following steps, you should know a few important things:
- Restoring a deleted object using the Recycle Bin requires that the object’s distinguished name or object GUID is known.
- When restoring an object, the object will be restored into the original location, unless the –TargetPath option is used. If the original location does not exist, the restore will fail.
- Restoring
a container or organizational unit using the Restore-ADObject cmdlet
does not restore any objects that were contained within the container
or OU when it was deleted. For this functionality, either all objects
need to be restored after the container or OU is restored or a domain
controller can be booted into DSRM and an authoritative restore can be
performed using the Restore Subtree option.
Now, if you know that an
object was mistakenly deleted and it should be recovered, the following
steps can be followed. For this example, we will restore a user account
named Khalil Droubi. To discover the properties of this deleted object,
we will use the Get-ADObject cmdlet and will filter based on the name
of Khalil. Also, when running the Get-AdObject cmdlet, using the –properties
switch will expand the attributes listed for the query or search
results. To restore a single deleted user object, perform the following
steps:
1. | Log on to the Windows Server 2008 R2 domain controller system with an account with domain administrator privileges.
| 2. | Click
Start, click All Programs, click Accessories, click the Windows
PowerShell folder, right-click on Windows PowerShell, and select Run As
Administrator.
| 3. | Type cd \ and press Enter.
| 4. | Type Import-Module ActiveDirectory and press Enter.
| 5. | Type Get-Command *AD* -CommandType cmdlet
and press Enter. This returns all of the Active Directory-related
cmdlets and also returns a few more cmdlets not related to Active
Directory.
| 6. | Type Get-ADObject –Searchbase "CN=Deleted Objects,DC=Companyabc,DC=com" –Filter * -IncludeDeletedObjects
and press Enter. This returns all of the deleted Active Directory
objects on the local domain controller in the companyabc.com domain to
the PowerShell window with a default list of attributes.
| 7. | Because we are trying to restore a deleted user account named Khalil Droubi, we can filter the previous command by typing Get-AdObject –Searchbase"CN=Deleted Objects,DC=Company,DC=com" –LdapFilter "Name=*Khalil*" –IncludeDeletedObjects and pressing Enter. This command returns all of the deleted objects that contain Khalil in the name.
| 8. | As stated previously, if the deleted object will be restored to the original location, as is the case with a default Restore-ADObject command, the parent OU or container must be present. To determine the parent container of the deleted user object, type Get-AdObject
–Searchbase"CN=Deleted Objects,DC=Company,DC=com" –LdapFilter
"Name=*Khalil*" –IncludeDeletedObjects –Properties LastknownParent and then press Enter.
| 9. | When the LastKnownParent
property value is returned, if the value returns a proper distinguished
name, it exists. If the name includes CN=Deleted Objects in the value,
the parent OU or container has also been deleted. If the
LastKnownParent has been deleted, it either needs to be restored before
the deleted user object or the user object needs to be restored to an
alternate location using the –TargetPath option in the Restore-ADObject cmdlet.
| 10. | Assuming
that the LastKnownParent value returns an existing container to restore
the object, copy the ObjectGUID of the deleted user account to the
Clipboard, type Restore-ADObject –Identity and paste the ObjectGUID, and press Enter to restore the object, as shown in Figure 1.
|
|
