Non-Authoritative restore on W2K8

Tutorials Win: Microsoft Windows Forum

Confused on this one.





Why can't I do a non-authoritative restore by stopping AD DS as opposed to
having to reboot and use DSRM (I haven't tried this but the article doesn't
provide the option)? According to the article link this is the only way to
go and this makes no sense to me and seems that AD DS as a service should be
allowed to do this and would be beneficial because of it.



Anyone have a definitive answer? I will find time to try in the future, but
I am curious to know.



http://technet2.microsoft.com/windowsserver2008/en/library/510b106b-e7fb-42a5-bcb2-0c3278a5d73e1033.mspx?mfr=true


--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
Top

Re: Non-Authoritative restore on W2K8 by Paul

Paul
Tue Feb 19 11:15:26 PST 2008

Well I got an answer back from a source and I guess it isn't supported at
this time. So disregard, answer is below.

"Restore without reboot is not supported because we cannot guarantee that
all
internal memory caches are refreshed following restore + AD DS service
start. LSA caches a whole lot of data in memory (which initially comes from
AD), and there's no way to make it reload this data without a reboot.

It's understood that in most cases, a restore won't change any system data
(such as domain name or sid). However, there's no way to enforce that. So,
we decided to make this unsupported. To stay within support territory, you
must reboot after a restore."

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"Paul Bergson [MVP-DS]" <pbergson@allete_nospam.com> wrote in message
news:OExxIqycIHA.4936@TK2MSFTNGP03.phx.gbl...
> Confused on this one.
>
>
>
>
>
> Why can't I do a non-authoritative restore by stopping AD DS as opposed to
> having to reboot and use DSRM (I haven't tried this but the article
> doesn't provide the option)? According to the article link this is the
> only way to go and this makes no sense to me and seems that AD DS as a
> service should be allowed to do this and would be beneficial because of
> it.
>
>
>
> Anyone have a definitive answer? I will find time to try in the future,
> but I am curious to know.
>
>
>
> http://technet2.microsoft.com/windowsserver2008/en/library/510b106b-e7fb-42a5-bcb2-0c3278a5d73e1033.mspx?mfr=true
>
>
> --
> Paul Bergson
> MVP - Directory Services
> MCT, MCSE, MCSA, Security+, BS CSci
> 2003, 2000 (Early Achiever), NT
>
> http://www.pbbergs.com
>
> Please no e-mails, any questions should be posted in the NewsGroup
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
>


Top

Re: Non-Authoritative restore on W2K8 by Paul

Paul
Tue Feb 19 11:41:56 PST 2008

And another piece of related data I just found out kind of a bit different.



"It is 'supported' to run a restore in DS-stopped mode, as long as you do a
reboot afterwards. "

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"Paul Bergson [MVP-DS]" <pbergson@allete_nospam.com> wrote in message
news:u2YbJvycIHA.4312@TK2MSFTNGP03.phx.gbl...
> Well I got an answer back from a source and I guess it isn't supported at
> this time. So disregard, answer is below.
>
> "Restore without reboot is not supported because we cannot guarantee that
> all
> internal memory caches are refreshed following restore + AD DS service
> start. LSA caches a whole lot of data in memory (which initially comes
> from
> AD), and there's no way to make it reload this data without a reboot.
>
> It's understood that in most cases, a restore won't change any system data
> (such as domain name or sid). However, there's no way to enforce that. So,
> we decided to make this unsupported. To stay within support territory, you
> must reboot after a restore."
>
> --
> Paul Bergson
> MVP - Directory Services
> MCT, MCSE, MCSA, Security+, BS CSci
> 2003, 2000 (Early Achiever), NT
>
> http://www.pbbergs.com
>
> Please no e-mails, any questions should be posted in the NewsGroup
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
> "Paul Bergson [MVP-DS]" <pbergson@allete_nospam.com> wrote in message
> news:OExxIqycIHA.4936@TK2MSFTNGP03.phx.gbl...
>> Confused on this one.
>>
>>
>>
>>
>>
>> Why can't I do a non-authoritative restore by stopping AD DS as opposed
>> to having to reboot and use DSRM (I haven't tried this but the article
>> doesn't provide the option)? According to the article link this is the
>> only way to go and this makes no sense to me and seems that AD DS as a
>> service should be allowed to do this and would be beneficial because of
>> it.
>>
>>
>>
>> Anyone have a definitive answer? I will find time to try in the future,
>> but I am curious to know.
>>
>>
>>
>> http://technet2.microsoft.com/windowsserver2008/en/library/510b106b-e7fb-42a5-bcb2-0c3278a5d73e1033.mspx?mfr=true
>>
>>
>> --
>> Paul Bergson
>> MVP - Directory Services
>> MCT, MCSE, MCSA, Security+, BS CSci
>> 2003, 2000 (Early Achiever), NT
>>
>> http://www.pbbergs.com
>>
>> Please no e-mails, any questions should be posted in the NewsGroup
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>>
>
>


Top