Backing up Systems in Windows Server 2003

Although Windows Server 2003 is a highly reliable operating system, complemented with RAID-5 arrays, clusters and fault-tolerant server placements, things can and WILL go wrong. A CPU may fail, a cooling fan might blow, or even a fire may destroy your server, for this reason it is vital that as well as a data backup strategy, you also have a way to recover a system.

Use the buttons below to navigate through the lesson


Luckily, Windows Server 2003 supports a number of methods to repair and recover from system failures:

As seen earlier in the course, Windows provides a driver-rollback facility. If a driver has been updated and the system becomes unstable,  you can rollback the driver installation to the previous driver. Windows also provides the ability to start the system using one of several modes:

Windows Startup Options

Safe Mode.

  • Boots Windows up only using the minimum amount of drivers
  • Ideal for troubleshooting hardware

VGA Mode

  • Boots Windows up using generic video-card drivers
  • Ideal for troubleshooting display problems

Last Known Good Configuration

  • Restores the computer to the last successful login
  • Ideal for restoring a computer that won’t start correctly

Directory Services Restore Mode

  • Used for recovering Domain Controllers
  • Ideal for troubleshooting the Active Directory

System Failure

Last Known Good Configuration will rollback the system’s registry to the last successful logon.This is ideal in most cases, however if you manage to logon using the faulty system, then the Last Known Good Configuration will be overwritten with the bad configuration.

Safe Mode will enable the system to start an otherwise unbootable system, by disabling non-vital services and drivers. From safe mode you may be able to uninstall or remove corrupt programs and drivers.

Directory Services Restore Mode will allow you start a Windows Server 2003 Domain Controller without loading Active Directory. This can be used to restore a Domain Controller from a backup, or restore individual objects, e.g. Organizational Units.

VGA Mode will start the system using the standard Windows VGA driver. This method can be used to troubleshoot and repair a failed video driver.

The Boot options menu can be accessed by pressing F8 before the operating system boots. For example, when booting in Safe Mode, only vital system drivers are loaded. You can then login as normal and attempt to troubleshoot the system.

Each of the previous recovery processes makes the assumption that a system can be restarted. However, if a system cannot be restarted, the System State,  Automated System Recovery, and the Recovery Console can return the system to an operational status.

The System State

Windows provides the ability to backup a computer’s System State as part of a normal backup process. System State data contains critical elements of a system’s configuration, including:

  • The Window’s Registry
  • The COM+ Class Registration Database
  • The boot files, including boot.ini, ntdetect.com, ntldr, bootsect.doc, and ntbootdd.sys
  • System Files such as the WINNT folder.

In addition, the following items are also included in the System State depending on which services are installed on the system.

  • The Certificate Services Database
  • Active Directory and the SYSVOL folder
  • Cluster service information
  • Internet Information Services (IIS) metabase

The System State can be easily backed up using the Backup Utility covered earlier.

The Backup Utility cannot backup individual components of the System State. For example, you cannot backup Active Directory on its own. Performing a System State backup automatically forces the backup type to Copy, although the interface might not indicate that fact. You should take this into consideration when planning whether to include other items in a backup selection that includes the System State. The System State on a domain controller includes the Active Directory database and the Sysvol folder. You can back up the system state on a domain controller just as on any other system, by using the Backup Utility. To restore a Domain Controller by using a System State backup you must firstly restart the computer in Directory Services Restore Mode.

Backing up the Active Directory

Although Microsoft recommends that you have more than one Domain Controller per Domain, things can still go wrong. Not all hardware is reliable, and a failed hard drive could spell a lot of trouble for a domain containing only one domain controller. Human Error, however can cause damage to a domain even if it has multiple Domain Contollers.

Imagine you accidentally delete an Organisational Unit containing all of the Managing Directors. The change would be automatically replicated to every domain controller on the domain. Restoring Active Directory should be a simple process and it is when only one domain controller is involved. However!!! Problems arise when there is more than one Domain Controller in the Domain.

Take the following example. The cleverly named domain domain.com contains two Domain Controllers. A Network Administrator has been working on Domain Controller A and has accidentally deleted an OU containing several Users and Computers. Luckily the Administrator backed up the system state last night and he successfully restores it from his tape drive. Luckily the Administrator backed up the system state last night and he successfully restores it from his tape drive.

The OU is successfully restored, however the database on Domain Controller B is now newer than the version on Domain Controller A. The deletion of the OU caused a change to the database, i.e. Domain Controller B has a newer database. And as expected, The Domain Controllers replicate and the OU is once again deleted. The only way round this is perform an Authoritative Restore.  An authoritative restore will mark objects on the restored database as newer by increasing their serial numbers.

In the es-net.co.uk domain, there are two domain controllers and an organizational unit called ManagingDirectors. For the sake of illustration, the ManagingDirectors OU is accidentally deleted. This change would then be replicated to the other domain controller.

Reboot the Domain Controller and press F8 to access the advanced startup options. Select the Directory Services Restore Mode option. ..and hit Enter. Windows is then started in Directory Services Restore Mode.Click OK to continue.

Restoring Active Directory

Upon restoring the backup containing the System State, launch a command prompt. And launch NTDSUTIL. Specify authoritative restore. And type restore database. Click on Yes to accept the warning. The database is then updated.

Upon reboot, the OU has been restored and replicated. If an authoritative restore had not been performed, then the OU would have been immediately deleted, since the second domain controller would have a new Active Directory database which doesn’t contain the OU.

NTDSUtil also allows you to restore individual objects using the restore subtree command. This is handy if you want to restore individual objects and not an entire database which would obviously cause problems if the backup was old.

Imagine a scenario where you need to perform an authoritative restore on a database that is 2 months old. Any changes made in the last 2 months on all the other domain controllers on the domain would be deleted and replaced with the copy that is older.

Automated System Recovery

Recovering a failed server has traditionally been a tedious task, involving reinstallation of the operating system, mounting the backup tape, and then performing a full system restore.

Automated System Recovery makes this process significantly easier. Automated System Recovery creates an ASR set, consisting of a backup of critical system files, and a floppy disk listing the system files that are installed on the computer.

If a server fails to start, you simply restart with the Windows CD-ROM and select the option to perform an Automated System Recovery. The process uses the list of files on the ASR disk to restore standard drivers and files from the original Windows CD-ROM. Automated System Recovery will also restore any remaining files from the ASR backup set, thus restoring the system back to a usable state.

To create an ASR set, launch ntbackup and select the Automated System Recovery Wizard button. Click on Next to continue. Choose a name and location for the backup and click on Next to continue. Click on Finish to begin the backup process. The backup process will then begin.

An ASR set can be quite large. On a standard installation of Windows Server 2003, the backup size will be almost 2 GB. An ASR set includes disk configuration, a System State Backup, and a backup of files including the driver cache. The wizard will ask you to insert a blank floppy disk. Click on OK to continue. The ASR floppy disk contains two catalogues of files on the system: asr.sif and asrpnp.sif You can create a floppy manually after running the wizard by copying these files from the %systemroot%\repair folder. Once the disk has been created, click on OK to continue.

To restore a system using the ASR set, you should restart the system using the Windows Server 2003 CD-ROM. Press F2 when prompted and follow the instructions on screen. The wizard will ask you for the ASR disk you have just created. The system should then be restored to a usable state using files from the CD-ROM and the ASR set.