Active Directory - Backup, Restore
Knowledge Base Questions & Answers
What must be done to backup AD (Active Directory)?
System state’s data backup must be done to backup of AD.
What data contains System State?
System State contains:
-
AD (database including other files in NTDS folder) (only on DC (Domain Controller)).
-
Boot and system files.
-
DFSR (Distributed File System Replication) staging.
-
AD CS (Active Directory Certificate Services) (only if Certificate Authority server is installed).
-
Cluster Service Database (only if Failover Cluster server is installed).
-
COM+ class registration database.
-
File system junctions.
-
Group Policies settings (only on DC).
-
IIS (Internet Information Services) meta-directory (only if IIS server is installed).
-
Registry
-
Netlogon shared folders: default profiles, system policies, logon/logoff/startup/shutdown scripts.
-
SYSVOL (System Volume) folder (only on DC).
What are AD Restore types?
There are two AD Restore types:
-
Non-Authoritative Restore (D2 restore).
-
Authoritative Restore (D4 restore).
What is Non-Authoritative Restore of AD?
-
Non-Authoritative Restore is the default method to restore AD, and it is using when its data lost or corrupted.
-
It restores a DC to its state at the time of backup. After restoring of DC, the local copy of SYSVOL is compared with its replication partners. After restarting DC, SYSVOL replicates any necessary changes to itself, bringing restored DC up-to-date with the other DCs within the domain.
-
To perform a Non-Authoritative restore, DC must be started in DSRM (Directory Services Restore Mode).
What is the Authoritative Restore of AD?
-
Authoritative Restore performs restoring of DC from backup, and after making up necessary configurations, the AD marks the local SYSVOL as authoritative and replicates it to the other DCs within the domain.
-
It has abilities to restore only particular objects.
For example, if OU (Organizational Unit) was deleted. The Authoritative Restore will be able to restore just this object.
-
To perform an Authoritative restore, DC must be started in DSRM.
-
Authoritative Restores need to use ntdsutil utility.
-
Authoritative Restore often needed when human error is involved, such as when an administrator accidentally deletes some objects and that change replicated to the other DCs and the object cannot be recreated easily.
What is DSRM (Directory Services Restore Mode)?
-
DSRM is a special boot mode, which is using for repairing or recovering AD.
-
It is used to login to the computer when AD has failed or needs to be restored on DC.
MS Windows - IIS (Internet Information Services) Server
Knowledge Base Questions & Answers
What is IIS, and what is its primary purpose?
-
IIS is a web server software developed by Microsoft.
-
It serves websites, web applications, and FTP (File Transfer Protocol) sites over the internet or intranet.
What are the features and functionalities of IIS?
The features and functionalities of IIS include:
-
Web server - Handles HTTP (Hypertext Transfer Protocol) and FTP requests and delivers web content or files to users.
-
Sites
-
FTP Server
-
Application Pools
-
Virtual Directory
-
Modules
-
Configuration files.
-
Management tools.
-
Security features.
-
Logging and diagnostics - Assist in monitoring and troubleshooting issues.
What are Sites in IIS?
-
Sites are containers for web pages and related content accessible through a domain name or IP (Internet Protocol) address.
-
It’s configured in IIS to define how to handle web requests, where to find website files and other settings like security and performance.
What is an “FTP (File Transfer Protocol) Server”?
“FTP (File Transfer Protocol) Server” is a feature that enables the server to facilitate file transfers between the server and connected clients over a network using the FTP protocol.
What are “Application Pools”?
“Application Pools” serves as a container for one or more web applications, isolating them for better security, reliability, and performance and allowing separate configuration and resource management for each Pool.
What is a “Virtual Directory”?
“Virtual Directory” is a pointer or a reference to a folder located either on the server’s hard drive or in a different location that is not within the physical directory structure of the site’s home directory.
What are Modules in IIS?
-
Modules are components that enhance the functionality of the web server.
-
They can perform various tasks like authentication, URL (Uniform Resource Locator) rewriting, and request processing.
-
IIS features two types of modules: Native Modules, which are built into IIS, and Managed Modules, designed for .NET applications.
-
Administrators can configure which Modules are active for each application or site, allowing for customized and efficient handling of web requests.
What are the important configuration files on the IIS server?
There are the following important configuration files on the IIS server:
-
applicationHost.config - Contains settings that apply to all websites and applications on the server, including settings for application pools, sites, global modules, and security settings. Location is C:\Windows\System32\inetsrv\config.
-
web.config - These files configure settings for individual applications or websites. Each web.config file applies to its containing application or directory and can override some settings from the applicationHost.config file. It allows granular control over authentication, custom error pages, or HTTP handlers for specific application settings. Changes to web.config take effect immediately without needing to restart IIS.
-
machine.config - This file contains settings that are applied to all ASP.NET applications on a computer. It is part of the .NET framework rather than IIS itself but is important for IIS as it often hosts ASP.NET applications. Location is C:\Windows\Microsoft.NET\Framework\%Version%\Config.
-
administration.config - This file contains settings for IIS management, including the configuration of “IIS Manager” and other management tools. Location is C:\Windows\System32\inetsrv\config.
What are the management tools on the IIS server?
Management tools are various utilities and interfaces for administering and configuring the IIS server and its hosted websites and applications. There are the following:
-
“IIS Manager” is the GUI (Graphical User Interface) for IIS that allows administrators to configure and manage IIS web server settings, such as creating websites, configuring “Application Pools,” managing security settings, and setting up URL rewrite rules.
-
“Configuration Editor” in “IIS Manager” is a tool that provides direct access to the configuration settings of IIS. It allows administrators to view and edit detailed settings in IIS configuration files (like applicationHost.config and web.config) with a high level of granularity. This tool is essential for advanced configuration tasks and fine-tuning IIS behavior and settings.
-
AppCmd.exe and “PowerShell cmdlet” command-line tools allow IIS tasks’ management and automation via the command line.
What are the security features provided by IIS?
IIS provides several security features, including:
-
Authentication methods.
-
Authorization rules.
-
SSL/TLS (Secure Sockets Layer/Transport Layer Security) - Supports encrypted sessions.
-
IP security - To allow or block access based on IP addresses.
-
“Request Filtering” - To prevent attacks like SQL (Structured Query Language) injection.
-
“Application Pools” isolation - Separating web applications into distinct “Application Pools.”
What is Authentication in the IIS, and what are the standard Authentication methods used?
-
Authentication is the process of verifying the identity of a user or entity.
-
In IIS, it determines if a user’s credentials are valid.
-
Standard methods include Anonymous, Basic, Digest, Windows (Integrated), and “ASP.NET Forms” Authentications.
What is Authorization in the IIS, and how is it managed for accessing resources?
-
Authorization is the process that occurs after authentication, determining if the authenticated entity has permission to access a resource.
-
In IIS, Authorization rules can be set to allow or deny access to resources based on user identity, user groups, or HTTP verbs.
What is the purpose of a “Host Header” (Host Name)?
-
“Host Header” (Host Name) is used to allow multiple websites to share the same IP (Internet Protocol) address and port number.
-
It identifies which website will handle an incoming request by matching the request’s host field with the configured “Host Header” value for a website.
What are Modes in IIS “Application Pools,” and how do they differ in processing HTTP requests?
There are two different pipeline Modes for processing HTTP requests for web applications:
-
“Classic Mode” - Uses two separate pipelines for IIS and ASP.NET, mirroring the behavior of IIS 6.0. It is provided mainly for backward compatibility, allowing older applications to run without modification.
-
“Integrated Mode” - Integrates the IIS and ASP.NET request processing pipelines into a unified pipeline. This integration improves performance, reduces complexity, and makes all IIS features available to ASP.NET applications.
What are ISAPI (Internet Server Application Programming Interface) extensions in IIS, and how do they function?
-
ISAPI (Internet Server Application Programming Interface) extensions are DLL (Dynamic Link Library) files that extend the capabilities of IIS, allowing for custom handling of web requests and responses within the server’s process for better performance.
-
They are mapped to specific file types and are invoked when a matching request is received.
Experience-Based/Practical Questions & Answers
What is the first step in setting up an IIS web server on a Windows server?
You need to install the “Web Server” (IIS) role.
What is the first step in setting up an FTP server on an IIS web server?
-
You need to install the “FTP Server” role.
-
FTP Server can be installed after you install the “Web Server” role. You can also can install them together.
How do you create a new website using “IIS Manager”?
To create a website in IIS:
-
Open “IIS Manager”.
-
Right-click on “Sites” and choose “Add Website.”
-
Enter a name for your site in “Site name.”
-
Point “Physical Path” to your website’s files directory.
-
Set the “IP Address” to your server’s IP or leave it as “All Unassigned.”
-
Type “80” for the HTTP port or “443” for HTTPS.
-
Click “OK” to create the website.
How can you set up SSL (Secure Sockets Layer) for a website in IIS?
To configure SSL (Secure Sockets Layer) for a website in IIS:
-
Obtain an SSL certificate.
-
In “IIS Manager,” go to “Server Certificates” and import your certificate.
-
Select your website, open “Bindings,” and add an HTTPS binding.
-
Choose your SSL certificate and set the port (typically 443).
-
Save the binding and test access via https://
How do you configure “Request Filtering” in IIS to enhance website security?
To set up “Request Filtering” in IIS for enhanced security, follow these steps:
-
Open “IIS Manager”.
-
Select the site to configure “Request Filtering” in the Connections pane.
-
In the middle pane, double-click on “Request Filtering”.
-
In the “Request Filtering” pane, use the Actions menu on the right to add rules. You can set rules for:
-
“File Name Extensions” - Block requests with specific file extensions.
-
“Hidden Segments” - Block access to specific segments of your site, like system folders.
-
URLs (Uniform Resource Locators) - Prevent requests containing specific sequences or patterns.
-
“Query Strings” - Block requests with particular query strings.
-
“HTTP Verbs” - Allow or deny specific HTTP verbs.
-
Headers - Restrict requests with certain HTTP Headers.
-
“IP Address Restrictions” - Block requests from particular IP addresses or ranges.
-
-
After setting up your rules, click Apply in the Actions pane to save the changes.
What steps are involved in migrating websites from one IIS server to another?
Migrating websites from one IIS server to another involves:
-
Back up the website content, IIS configuration, and databases from the source server.
-
Copy the website files and databases to the target server.
-
Recreate the IIS configuration on the target server, including “Application Pool” and site settings.
-
Restore databases on the target server if applicable.
-
Update DNS (Domain Name System) records to point to the new server.
-
Test the websites on the new server to ensure they function correctly.
What are some strategies for optimizing the performance of an IIS server?
To optimize IIS server performance:
-
Adjust “Application Pool” settings to optimize resource usage.
-
Enable content caching to reduce load times for frequent requests.
-
Implement compression for static and dynamic content to reduce bandwidth.
-
Turn off unused features or services to free up resources.
-
Update IIS and the underlying system regularly for improvements and fixes.
-
Monitor performance and logs to identify and address bottlenecks.
-
Use a CDN (Content Delivery Network) for static resources to decrease load on the server.
What are some steps to troubleshoot common issues in IIS, such as HTTP error codes?
To troubleshoot common IIS issues such as HTTP error codes:
-
Check the error code - Look up the HTTP error code to understand the issue.
-
Review IIS logs - Check the logs for detailed error information.
-
Examine the “Event Viewer” - For related system or application events.
-
Verify “Application Pool” - Ensure the correct pool is running and has the proper settings.
-
Check permissions - Ensure IIS has access to the necessary files and directories.
-
Inspect web.config - Check for misconfigurations in the web.config file.
-
Restart IIS - Sometimes restarting IIS can clear up the issue.
-
Use tools - Employ “IIS Manager” and “Failed Request Tracing” for more in-depth analysis.