Show Menu
Cheatography
  1. Home >
  2. Cheat Sheets >

System State Recovery Cheat Sheet by

Author­itative Restore

Hvad er det
Tillader admini­str­atoren at recover en domain contro­ller, restore den til et bestemt tidspunkt, eller markere objekter i AD til at være author­itative
Author­itative betydning
"For example, you might need to perform an author­itative restore if an admini­strator inadve­rtently deletes an organi­zat­ional unit containing a large number of users. If you restore the server from tape, the normal replic­ation process would not restore the inadve­rtently deleted organi­zat­ional unit. Author­itative restore allows you to mark the organi­zat­ional unit as author­itative and force the replic­ation process to restore it to all of the other domain contro­llers in the domain."
Kommandoer
 
Restore database
"­Marks the entire Ntds.dit (both the domain and config­uration naming contexts held by the domain contro­ller) as author­ita­tive. The schema cannot be author­ita­tively restor­ed."­
 
Restore database verinc %d
Marks the entire Ntds.dit (both the domain and config­uration naming contexts held by the domain contro­ller) as author­itative and increments the version number by % d . Use this option only to author­ita­tively restore over a previous, incorrect, author­itative restore, such as an author­itative restore from a backup that contains the problem you want to restore over.
 
Restore subtree %s
"­Marks subtree (and all children of subtree) as being author­ita­tive. The subtree is defined by using the fully distin­guished name of the object."
 
Restore subtree %s verinc %d
Marks subtree (and all children of subtree) as being author­itative and increments the version number by % d . The subtree is defined by using the fully distin­guished name of the object. Use this option only to author­ita­tively restore over a previous, incorrect, author­itative restore, such as an author­itative restore from a backup that contains the problem you want to restore over.
Source

Tombstone Lifetime

Hvad er det
Tombstone Lifetimen i en AD forest bestemmer hvor lang tid et slettet object (en tombstone) er holdt i AD DS.
Se tombstone lifetime med Dsquery
Åben komman­dop­rompten og skriv 
dsquery * "­cn=­dir­ectory servic­e,c­n=w­indows nt,cn=­ser­vic­es,­cn=­con­fig­ura­tio­n,d­c=<­for­est­DN>­" –scope base –attr tombst­one­lif­etime
Skift <fo­res­tDN> ud med navnet på din egen forest
Source
 

DSRM - Directory Services Restore Mode

Hvad er det
DSRM er en speciel boot mode for reparation eller recovery af Active Directory. Det bruges til at logge på computeren når Active Directory har fejlet eller har behov for at blive genopr­ettet.
Syntax
 
dsrm <Ob­jec­tDN> ... [-subtree [-excl­ude]] [-nopr­ompt] [{-s <Se­rve­r> | -d <Do­mai­n>}] [-u <Us­erN­ame­>] [-p {<P­ass­wor­d> | *}][-c­][-­q][{-uc | -uco | -uci}]
Boot ind i DSRM
For at boote ind i Directory Services Restore Mode så tryk F8 under BIOS POST skærmen (Hvis windows logoet kommer frem var du for langsom) En tekst menu kommer frem og der vælger du Directory Services Restore Mode eller DS Restore Mode
Log ind i DSRM
Efter du er booted op i DSRM så log ind med admini­strator kontoen.
Boot ind i DSRM genvej inde fra windows
 
bcdedit /set safeboot dsrepair, then reboot: shutdown /r /f /t 5.
i kommando prompten
Source

Ntdsut­il.exe

Hvad er det
Ntdsut­il.exe er et comman­d-line værktøj der giver management facilities til Active Directory Domain Services (AD DS) og Active Directory Lightw­eight Directory Services (AD LDS) Du kan bruge ntdsutil kommandoer til at lave database vedlig­eho­ldelse.
Syntax
 
Ntdsutil [activate instance %s | author­itative restore | change service account %s1 %s2 | config­urable settings | DS behavior | files | group membership evaluation | Help | ifm | ldap policies | ldap port %d | list instance | local roles | metadata cleanup | partition management | popups on | popups off | quit | roles | security account management | semantic database analysis | set DSRM password | snapshot | SSL port %d]
Source
 

Wbadmin

Hvad er det
Wbadmin er et comman­d-line alternativ til Windows Server Backup. Wbadmin kan bruges til at håndtere alle dele af backup konfig­ura­tion.
Kommandoer
 
DELETE SYSTEM­STA­TEB­ACKUP
Sletter system state backups fra et specif­iceret sted
 
DISABLE BACKUP
Slår scheduled backups fra
 
ENABLE BACKUP
Slår scheduled backups til eller modifi­cerer en allerede kørende scheduled backup
 
GET DISKS
Lister diskene som er online på den lokale computer.
 
GET STATUS
Rappor­terer statusen for et ongoing backup eller recovery job
 
GET VERSIONS
Lister detaljer om de tilgæn­gelige backups i en specific lokation, som backup tider og destin­ation.
 
START BACKUP
Start en en-gangs backup med specifikke parameter. Bruger scheduled backups parameter hvis ingen bliver sat
 
START RECOVERY
Starter recovery af volumes, applik­ationer eller filer
 
START SYSTEM­STA­TEB­ACKUP
Starter en system state backup
 
START SYSTEM­STA­TER­ECOVERY
Starter en system state recovery
 
STOP JOB
Stopper det kørende backup eller recovery job
Source

ADSI Edit (adsie­dic.msc)

Hvad er det
Active Directory Services Interfaces Editor (ADSI Edit) er en lightw­eight directory access protocol (LDAP) editor som man kan bruge til at håndtere objekter i AD.
Source
 

Metadata

  • Languages:
  • Published: 13th November, 2015
  • Last Updated: 13th May, 2016

Comments

No comments yet. Add yours below!

Add a Comment

Your Comment

Please enter your name.

    Please enter your email address

      Please enter your Comment.