Advanced Windows PowerShell Scripting Video Training

Advanced Windows PowerShell Scripting Video Training
Advanced Windows PowerShell Scripting Video Training

Wednesday, February 16, 2011

Backup and Restore AD LDS with DSDBUTIL.exe

Active Directory Lightweight Directory Services allow you to create a directory service that allows applications to have access to user accounts, groups, and authentication similar to Active Directory Domain Services.  The big advantage here is that the schema of the directory service will not be bound by the rules of an Active Directory database.  Exchange 2007/2010, for example, use an instance of AD LDS on the Edge Transport Server to provide for user authentication from the internet.  Because your Active Directory database is not exposed to the internet, this is more secure.

Applications will handle most of the dirty work should they require AD LDS.  You may want to make sure the database is being backed up and also have a restore plan in place.  Should the database become corrupt, the application that uses that database will fail.  This document will walk you through backing up and restoring an instance of AD LDS using the dsdbutil.exe command.

First off, we have an AD LDS instance called ContosoApplication.
image

Log into the server that is hosting the AD LDS instance with an account that has permissions to back up the AD LDS data.

Click Start, type cmd and press Enter.

Type dsdbutil and press enter.

Now type activate instance instance name; and press Enter in our example, the instance name is ContosoApp1.  The instance name was created when the instance was itself created.
image

Now type ifm and press Enter

Type Create full location; where location; is the path and file name you wish to use for the backup. In this example, I used create full ContosoApp1Backup and pressed Enter.
image

Type quit and press Enter.  Do this again to exit dsdbutil

Since a path was not specified for the backup location, it was stored at c:\Users\Administrator\ContosoApp1Backup since this was the account we were using during the backup.  In reality, you would use another location.  If you open this folder you will see the database file adamntds.dit.

Let's now simulate some type of database corruption. I deleted the two user accounts of Jerry and Bert from the AD LDS instance using the ADSI Editor.
image

We are now going to restore the lost objects from our AD LDS instance.

Click Start. Type Services.msc and press Enter.
We need to stop the service that is running the instance of AD LDS we are about to restore.  Find ContosoApp1 in the list of services.  Right click it and select Stop.
image

We now need to delete the current instance and log files of the AD LDS instance you wish to recover.  If the files are stored in the default location, they will be at %ProgramFiles%\Microsoft Adam\instance_name\data\adamntds.dit.  For our example we need to type del “c:\Program Files\Micarosoft Adam\ContosoApp1\data\*.*” and press Enter.

Type Y and press Enter.

image

Next we need to copy the backed up data to this location.


xcopy /os C:\Users\Administrator\ContosoApp1Backup\adamntds.dit “%ProgramFiles%\Microsoft Adam\ContosoApp1\data\adamntds.dit”

Type F

image

Click Start. Type Services.msc and press Enter.

Right click ContosoApp1  and select Start

Going back to ADSI Editor and doing a refresh, we see that our lost objects have been restored.

image

6 comments:

JM said...

Where can I download software like this one? I'm a bit confuse on how to use it.

Jason Yoder, MCT said...

JM,

Active Directory Light Weight Directory Services (AD LDS) is a role on Windows Server 2008 and Windows Server 2008 R2. You merely need to go into your Server Manager, Click Roles, and then click Add Roles. You will see AD LDS listed. Please visit the Microsoft website on AD LDS for more information.

http://technet.microsoft.com/en-us/library/cc755080(WS.10).aspx

http://technet.microsoft.com/en-us/library/cc754361(WS.10).aspx

dreamland said...

Hi Jason,

Nice work here ... :)
I need to do the same procedure but with a small change. I want to backup from one server and restore on another one. And on top of that the source AD LDS is a domain machine (not controller), the destination is not. The purpose is to be able to give developers the backup in order to restore it locally on theirs computers for testing.
The backup is fine, but after I restore it and go to ADSI Edit in the partition I don't see all the objects like on the source, for example the attributes are missing.
This is driving me mad ...

Any idea why ?

PS: Followed these links:

http://technet.microsoft.com/en-us/library/cc730941%28WS.10%29.aspx
http://technet.microsoft.com/en-us/library/cc770886%28WS.10%29.aspx

PPS: The source server is 2008 R1, destination is 2008 R2 or win7.

Jason Yoder, MCT said...

Dreamland,

Just curious, but are the missing objects anything that you pulled from ADDS, like a AD user or Group?

Jason

Anonymous said...

What is the abbreviation of ifm?

Jason Yoder, MCT said...

IFM stnads for "Install From Media".