Active Directory - Backup, Restore
Knowledge Base Questions & Answers
What must be done to backup AD (Active Directory)?
System state’s data backup must be done to backup of AD.
What data contains System State?
System State contains:
-
AD (database including other files in NTDS folder) (only on DC (Domain Controller)).
-
Boot and system files.
-
DFSR (Distributed File System Replication) staging.
-
AD CS (Active Directory Certificate Services) (only if Certificate Authority server is installed).
-
Cluster Service Database (only if Failover Cluster server is installed).
-
COM+ class registration database.
-
File system junctions.
-
Group Policies settings (only on DC).
-
IIS (Internet Information Services) meta-directory (only if IIS server is installed).
-
Registry
-
Netlogon shared folders: default profiles, system policies, logon/logoff/startup/shutdown scripts.
-
SYSVOL (System Volume) folder (only on DC).
What are AD Restore types?
There are two AD Restore types:
-
Non-Authoritative Restore (D2 restore).
-
Authoritative Restore (D4 restore).
What is Non-Authoritative Restore of AD?
-
Non-Authoritative Restore is the default method to restore AD, and it is using when its data lost or corrupted.
-
It restores a DC to its state at the time of backup. After restoring of DC, the local copy of SYSVOL is compared with its replication partners. After restarting DC, SYSVOL replicates any necessary changes to itself, bringing restored DC up-to-date with the other DCs within the domain.
-
To perform a Non-Authoritative restore, DC must be started in DSRM (Directory Services Restore Mode).
What is the Authoritative Restore of AD?
-
Authoritative Restore performs restoring of DC from backup, and after making up necessary configurations, the AD marks the local SYSVOL as authoritative and replicates it to the other DCs within the domain.
-
It has abilities to restore only particular objects.
For example, if OU (Organizational Unit) was deleted. The Authoritative Restore will be able to restore just this object.
-
To perform an Authoritative restore, DC must be started in DSRM.
-
Authoritative Restores need to use ntdsutil utility.
-
Authoritative Restore often needed when human error is involved, such as when an administrator accidentally deletes some objects and that change replicated to the other DCs and the object cannot be recreated easily.
What is DSRM (Directory Services Restore Mode)?
-
DSRM is a special boot mode, which is using for repairing or recovering AD.
-
It is used to login to the computer when AD has failed or needs to be restored on DC.
Windows DNS (Domain Name System) Server - Query, Forwarding
Knowledge Base Questions & Answers
What is “DNS Conditional Forwarding”?
-
“DNS Conditional Forwarding” is a feature that allows DNS servers to forward queries for specific domains to designated forwarder DNS servers based on certain conditions.
-
Their settings consist of a domain name and the IP (Internet Protocol) address of one or more DNS servers.
-
“DNS Conditional Forwarding” is commonly used with private domain DNS servers.
-
It takes precedence over “DNS Forwarding.”
-
“DNS Conditional Forwarding” decreases DNS traffic and increases the speed of resolving queries.
Experience-Based/Practical Questions & Answers
What are the default query settings on the Windows DNS server?
The recursion. It is enabled by default.
What can be done when there is a requirement for DNS clients in separate domains to resolve each other's names without having to query DNS servers on the internet, such as in the case of a company merger?
You can use the following:
-
DNS Forwarding
-
DNS Conditional Forwarding
How do you locate “DNS Forwarding” settings?
-
“DNS Forwarding” is configured on the DNS server level.
-
The path is as follows: “DNS Manager,” MMC (Microsoft Management Console) snap-in -> DNS - > Server-Name -> Properties -> Forwarders.
How do you locate the “DNS Conditional Forwarding” settings?
-
“DNS Conditional Forwarding” is configured on the DNS server level.
-
The path is as follows: “DNS Manager,” MMC snap-in -> DNS - > Server-Name -> “Conditional Forwarders” -> “Conditional Forwarders” DNS domain.
Do you need to configure forwarders in DNS?
No. By default, Windows DNS Servers use the “Root Hint” servers on the internet. However, you can configure forwarders and conditional forwarders to send DNS queries directly to particular DNS servers to speed up name resolution.
Suppose there is no specification on the DC (Domain Controller)/DNS server of internet DNS servers (on network adapter or forwarding). How does it resolve names such as microsoft.com on the internet?
The DNS server uses the “Root Hint” servers.
By default, if the DNS name is not found in the computer’s DNS cache or local Host file, what is the first step the client takes to resolve the FQDN (Fully Qualified Domain Name) name into an IP address?
Send a recursive query to the primary DNS server specified on the network interface configuration.
Give me an example of how DNS queries work if:
-
The DNS name it.itguidespro.com needs to be resolved.
-
The local DNS server uses default query settings.
-
The requested DNS name is not your company domain name.
-
There are no configured forwarders on the local DNS Server.
-
Type in the internet browser DNS name it.itguidespro.com.
-
The computer tries to find a DNS record on its DNS cache or Host file.
-
If a DNS record cannot be found, then the computer sends a recursive query to the local DNS server. Local DNS Server is looking for DNS record in its DNS zones or cache. The local DNS server sends DNS information to the client if the record is found.
-
If a DNS record is not found, then the local DNS server sends the query to the root DNS server.
-
Root DNS Server sends information about .com DNS servers to the local DNS server.
-
The local DNS server sends a query to the .com DNS server.
-
.com DNS server sends information about the authoritative DNS servers of itguidespro.com to the local DNS server.
-
The local DNS server sends a query to itguidespro.com DNS server.
-
itguidespro.com DNS server sends DNS record information (it.itguidespro.com) to the local DNS server.
-
The local DNS server sends resolved DNS information to a client (IP address of it.itguidespro.com website).
Give me an example of how DNS queries work if:
-
The DNS name it.itguidespro.com needs to be resolved.
-
The local DNS server uses default query settings.
-
The requested DNS name is not your company domain name.
-
Forwarders are configured on the local DNS server.
-
Type in the internet browser DNS name it.itguidespro.com.
-
The computer tries to find DNS records on its DNS cache or Host file.
-
If a DNS record cannot be found, then the computer sends a recursive query to the local DNS server. The local DNS Server is looking for DNS records in its DNS zones or cache. The local DNS server sends DNS information to the client if the record is found.
-
If a DNS record cannot be found, the local DNS server queries the DNS servers specified in the “DNS Forwarding” settings.
-
The local DNS server receives the answer from the “DSN Forwarding” server.
-
The local DNS server sends resolved DNS information to the client (IP address of it.itguidespro.com website).
-
Note: if the forwarders cannot resolve the query, the local DNS server might use “Root Hints” to resolve the name through an iterative query process.
Give me an example of how DNS queries work if:
-
The DNS name it.itguidespro.com needs to be resolved.
-
Recursion and forwarding on the local DNS server are disabled.
-
The requested DNS name is not your company domain name.
-
Type in the internet browser DNS name it.itguidespro.com.
-
The computer tries to find a DNS record on its DNS cache or Host file.
-
If a DNS record cannot be found, then the computer sends a recursive query to the local DNS server. Local DNS Server is looking for DNS record in its DNS zones or cache. If the record is not found, the local DNS server responds to the client, indicating it cannot resolve the DNS name.
-
The client may display an error message or fail to access the desired resource associated with the DNS name.
How can you prevent DNS query hijacking or DNS spoofing attacks?
-
Implement DNSSEC (Domain Name System Security Extensions) for data integrity and authentication.
-
Configure your DNS resolvers to use secure and reputable DNS servers.
-
Implement a DNS Firewall (DNS Filtering) to detect and block DNS spoofing attempts. These solutions can help identify and prevent DNS queries to known malicious domains or IP addresses.
What are the steps to troubleshoot DNS query issues?
-
Test DNS Resolution. Use tools like nslookup to perform DNS queries and check the responses.
-
Check the DNS cache. Clear the DNS cache on the client or DNS server to eliminate the possibility of stale or incorrect records causing resolution problems.
-
Check if the DNS server is accessible.
-
Check network settings and firewall rules on the local computer.
-
Review the DNS server configuration, including forwarders, caching settings, and zone information.
-
Verify that the DNS server can communicate with other DNS servers in the hierarchy.
-
Test with alternative DNS Servers. Try using different DNS servers to perform the query and compare the results.