| Author |
Deja's Mon 70-217 Question of the Day
|
|
| Deja-vue 2003-01-05, 9:13 pm |
| Here we go again, this years first question:
Your company's Windows 2000 network consists of a single domain. You are the enterprise administrator of the domain. Two administrators named Ann and Bill make changes to Active Directory at approximately the same time at two different domain controllers named ServerA and ServerB. Ann deletes an empty OU named Branch1 from ServerA. Before this deletion is replicated to ServerB, Bill moves five existing users from the Brach2 OU to the Branch1 OU at ServerB. Ten minutes later, Bill discovers that the Branch1 OU is deleted from Active Directory. You want to reinstate the configuration that Bill attempted to accomplish.
What should you do?
A. Perform an authoritative restore of the Brach1 OU at ServerA.
B. Perform a nonauthoritative restore of the Branch1 OU at ServerA.
C. Perform an authoritative restore of the five users at ServerB
D. At ServerB, move the Branch1 OU from the LostAndFound container to its original location.
E. At ServerA, create a new Branch OU. Move the five users from the Branch2 OU to the new Branch1 OU.
F. At ServerB, create a new Branch1 OU. Move the five users from the LostAndFound container to the new Branch1 OU.
We'll see ya tomorrow with the Answer! | |
| ruscorp 2003-01-05, 9:34 pm |
| A?  | |
| Slinky 2003-01-05, 9:42 pm |
| It's F. Saw this one on the test and I think I got it wrong. | |
| jknuckle 2003-01-05, 10:19 pm |
| quote:
Originally posted by Deja-vue
Here we go again, this years first question:
This was on my test 2, problably didn't get it right. Im curious what's the ans. | |
| kopman 2003-01-06, 2:58 am |
| Welcome back Deja-vue.
Going with F here. I know the users go into lost and found if the OU was deleted on another DC at same time as move. Seems simpliest solution.
Kopman | |
| robertmillar 2003-01-06, 8:55 am |
| F | |
| Deja-vue 2003-01-06, 10:49 am |
| quote:
Originally posted by Slinky
It's F. Saw this one on the test and I think I got it wrong.
Nice to see you back, Slinky.
And, of course, all of you!
 | |
| ruscorp 2003-01-06, 10:52 am |
| Can anyone explain to me the diff between a authoritative restore and a nonauthoritative restore? When would you use either? | |
|
|
| Slinky 2003-01-06, 12:37 pm |
| quote:
Originally posted by Deja-vue
Nice to see you back, Slinky.
And, of course, all of you!
Thanks, glad to be back. Hope everyone had a good X-mas. | |
| ruscorp 2003-01-06, 12:40 pm |
| quote:
Originally posted by Slinky
I'm not going to explain it but I'll let my peeps over at M$ handle it.
http://www.microsoft.com/windows200...tore
.htm
Hummm, so a nonAuthoritative restore involes only using Windows back-up whereas and Authoritative restore involves striking F8 upon boot and going to Dir Restore Mode. Still don't see the diff other than that though. | |
| kopman 2003-01-06, 1:10 pm |
| An authoritative restore is basically a restore of AD whereby the restore says I am the correct copy of AD, all DC's will sync to my copy.
A non-authoritative restore is simply a restore of AD onto a DC but as it is not the latest version of the AD newer changes will be replicated to it.
Kopman | |
| ruscorp 2003-01-06, 1:27 pm |
| quote:
Originally posted by kopman
An authoritative restore is basically a restore of AD whereby the restore says I am the correct copy of AD, all DC's will sync to my copy.
A non-authoritative restore is simply a restore of AD onto a DC but as it is not the latest version of the AD newer changes will be replicated to it.
Kopman
So I guess a non-authoritative restore is pretty useless. | |
| Slinky 2003-01-06, 1:28 pm |
| Let me try to give an example. Lets say that you have 2 DCs in the same site called Server1 and Server2. Lets say you delete a user account called ruscorp on Server1 and the change has ALREADY replicated to Server2. Since the change has already replicated to the other DC you will need to perform an authoritative restore to bring rus' account back. If you just did a non authoritative restore the account would be deleted because the Update Sequence Number on the tombstoned record on the other domain controller has a higher number and therefore the account you just restored will be deleted again. So to get around that you will need to run the NTDSUTIL and increment the USN on the restored data so that it has a higher version than on the other domain controller so that way it will replicate and not get deleted.
Non authoritative restores allow the data on the restored server to be updated through normal replication from the others. For example, if you update some information in rus' account and you accidently delete it on another domain controller and replication has NOT occured then you will peform this type of restore. You restore the account on the DC that you deleted it from and replication will update the info on the other one.
Make sense or did I completely lose you? | |
| ruscorp 2003-01-06, 1:38 pm |
| quote:
Originally posted by Slinky
Let me try to give an example. Lets say that you have 2 DCs in the same site called Server1 and Server2. Lets say you delete a user account called ruscorp on Server1 and the change has ALREADY replicated to Server2. Since the change has already replicated to the other DC you will need to perform an authoritative restore to bring rus' account back. If you just did a non authoritative restore the account would be deleted because the Update Sequence Number on the tombstoned record on the other domain controller has a higher number and therefore the account you just restored will be deleted again. So to get around that you will need to run the NTDSUTIL and increment the USN on the restored data so that it has a higher version than on the other domain controller so that way it will replicate and not get deleted.
Non authoritative restores allow the data on the restored server to be updated through normal replication from the others. For example, if you update some information in rus' account and you accidently delete it on another domain controller and replication has NOT occured then you will peform this type of restore. You restore the account on the DC that you deleted it from and replication will update the info on the other one.
Make sense or did I completely lose you?
You lost me after you said "Let me try to give an example." | |
| Slinky 2003-01-06, 9:55 pm |
| Oh man, you need help. | |
| ruscorp 2003-01-06, 10:20 pm |
| quote:
Originally posted by Slinky
Oh man, you need help.
Cave man say "authoritative restore good, nonauthoritative bad."  | |
| Deja-vue 2003-01-07, 3:25 am |
| quote:
Originally posted by Deja-vue
Here we go again, this years first question:
Your company's Windows 2000 network consists of a single domain. You are the enterprise administrator of the domain. Two administrators named Ann and Bill make changes to Active Directory at approximately the same time at two different domain controllers named ServerA and ServerB. Ann deletes an empty OU named Branch1 from ServerA. Before this deletion is replicated to ServerB, Bill moves five existing users from the Brach2 OU to the Branch1 OU at ServerB. Ten minutes later, Bill discovers that the Branch1 OU is deleted from Active Directory. You want to reinstate the configuration that Bill attempted to accomplish.
What should you do?
A. Perform an authoritative restore of the Brach1 OU at ServerA.
B. Perform a nonauthoritative restore of the Branch1 OU at ServerA.
C. Perform an authoritative restore of the five users at ServerB
D. At ServerB, move the Branch1 OU from the LostAndFound container to its original location.
E. At ServerA, create a new Branch OU. Move the five users from the Branch2 OU to the new Branch1 OU.
F. At ServerB, create a new Branch1 OU. Move the five users from the LostAndFound container to the new Branch1 OU.
We'll see ya tomorrow with the Answer!
Answer F was correct!
The LostAndFound container stores objects (with properties intact) that have been created in, or moved to, a container that no longer exists after replication. | |
| charlie69 2003-01-12, 7:36 pm |
| Ruscorp
Let's see if I can clarify for you.
Non-authoritative restore - use when you need to restore the AD database because it is messed up. You can let File Replication Service take care of updating any changes made to Active Directory since the last backup of that computer.
Authoritative restore - use this when you or someone else messed up. In other words if someone went in and deleted an OU with a whole mess of users in it and when it replicated to everyone else your little OU was gone. If you had a backup with that OU on it for one machine, you could go into Directory Services Restore Mode so you are not currently in Active Directory and using ntds.util and use a command that will say my little OU is correct and the other machines have it wrong so keep this OU and the OU and the many users in it will magically re-appear.
If you specify that single OU in the command, then you will only keep that OU's info and the rest of AD will be replicated from the other Domain Controllers so their correct updated info will still get to that machine except that OU that you are basically saying keep this OU as the most current.
We used this in class and it really works!
Hope that made some sense! | |
| ruscorp 2003-01-12, 7:40 pm |
| quote:
Originally posted by charlie69
Ruscorp
Let's see if I can clarify for you.
Non-authoritative restore - use when you need to restore the AD database because it is messed up. You can let File Replication Service take care of updating any changes made to Active Directory since the last backup of that computer.
Authoritative restore - use this when you or someone else messed up. In other words if someone went in and deleted an OU with a whole mess of users in it and when it replicated to everyone else your little OU was gone. If you had a backup with that OU on it for one machine, you could go into Directory Services Restore Mode so you are not currently in Active Directory and using ntds.util and use a command that will say my little OU is correct and the other machines have it wrong so keep this OU and the OU and the many users in it will magically re-appear.
If you specify that single OU in the command, then you will only keep that OU's info and the rest of AD will be replicated from the other Domain Controllers so their correct updated info will still get to that machine except that OU that you are basically saying keep this OU as the most current.
We used this in class and it really works!
Hope that made some sense!
Makes a little for sense. Thanks charlie69. | |
| charlie69 2003-01-12, 7:47 pm |
| Your quite welcome.
One catch to authoritative restore. If your backup is older that 60 days, you cannot use it! |
|
|
|