Edirectory Disaster Recovery

Backup Info#

In addition, Directory Data Backups are done by some Edirectory Backup Strategy methods.

Don't Panic!#

Readers familiar with the works of Douglas Adams may chuckle at this step, but it is offered as a serious part of a disaster recovery scenario, and is an absolutely critical step in the process.

Troubleshooting and disaster recovery scenarios are - without a doubt - high-stress situations. The directory is a core part of any business operation, because it allows services to authenticate users; without the directory, authentication stops working, and everything that depends on that authentication also stops working.

Methods for Recovery#

Total replacement of NDS on server#

If it is determined that the DIB is unrecoverable, use these methods.

Before proceeding determine:

  • Where the Master of the Partitions stored on the problem server are loacated
  • The Certificate Server for the Tree for problem server.
  • DirXML drivers that reside on the problem server.

DO NOT Restore from Tape#

In short, the NDS database should not be restored from tape except in cases of extreme disaster, and the entire old NDS tree should be eradicated before doing so.

You should always use one of the Edirectory Backup Strategy options.

If a restore is performed under disaster recovery conditions, in which the original NDS database has been destroyed and then NDS has been reinstalled, then the NDS objects and attributes stored on the tape are being added to the minimal NDS tree provided by the installation process, resulting in a tree that is the same as the one that was saved to tape.

If, however, an NDS tree still exists on the server to which the restore is being performed, A tape will attempt to append to the old tree, rather than overwrite it. In the best possible case, the restore process will have no visible effect at all. The worst possible case will result in additional, unwanted objects being added to the existing NDS structure, leaving the old corrupted structures intact, and possibly adding additional corrupt any existing elements.

Trustees of Root#

Also be aware that the trustees of Root are not restored during a restore of NDS from tape. Admin will be the only user with full trustee rights to Root after a tape restore, even if other users had an explicit trustee assignment to Root . However, security equal to rights will be restored. If a user was security equal to admin, then the user will have the same rights that admin has- which is usually full rights to the tree.

Edirectory Backup Strategy#

Use an Edirectory Backup Strategy

Rest of this is older work....#

NDS Service Failure#

If it is determined or if the informed decision is that the DIB is okay, but the NDS service has some issue, follow these methods.

Be sure you know

More Information#

There might be more information for this subject on one of the following: