SAM Backup and Restore Guide. SafeNet Integration Guide

SAM Backup and Restore Guide SafeNet Integration Guide April 2011

Introduction Copyright 2011 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate. SafeNet, Inc. is not responsible for any direct or indirect damages or loss of business resulting from inaccuracies or omissions. The specifications contained in this document are subject to change without notice. SafeNet, SafeNet Authentication Manager and SafeNet Authentication Client are either registered with the U.S. Patent and Trademark Office or are trademarks of SafeNet, Inc., and its subsidiaries and affiliates, in the United States and other countries. All other trademarks referenced in this Manual are trademarks of their respective owners. SafeNet Hardware and/or Software products described in this document may be protected by one or more U.S. Patents, foreign patents, or pending patent applications. Please contact SafeNet Support for details of FCC Compliance, CE Compliance, and UL Notification. Date of Publication: June 2006 Last update: March 2011 ii

Introduction Contacting SafeNet We work closely with our reseller partners to offer the best worldwide technical support services. Your reseller is the first line of support when you have questions about products and services. However, if you require additional assistance you can contact the SafeNet technical support team help-desk which is available 24 hours a day, seven days a week: Country/Region Telephone USA +1-800-545-6608 International +1-410-931-7520 For further assistance submit additional questions to the SafeNet technical support team at the following web page: http://c3.safenet-inc.com/secure.asp For assistance via email to SafeNet technical support send the request to the following address: support@safenet-inc.com iii

Table of Contents Introduction... 1 Software Prerequisites... 2 SAM 8.0 Backup... 3 SAM 8.0 configuration store located on AD... 3 Server 2003... 3 Server 2008/Server 2008 R2... 8 SAM 8.0 configuration store located on Lightweight Directory Services... 10 Server 2003... 10 Server 2008/Server 2008 R2... 14 SAM 8.0 Server Restore... 17 Restoring SAM 8.0 Server Installed on a Production Domain... 17 Restoring SAM 8.0 Server Installed on ADAM... 19 Restoring SAM 8.0 Server Installed on AD LDS... 22 v

Chapter 1 Introduction Microsoft Backup is used to back up and restore the Active Directory enabling restoring data or system components in the event of some unforeseen or inadvertent failure. Since SAM 8.0 data is stored in the Active Directory database, it is recommend to use the Microsoft Backup tool to back up and restore all the SAM 8.0 components. The Backup tool enables backing up and restoring the following: Entire server Selected files System State data The System State data includes the Active Directory, all other system components and services on which Active Directory has a dependency. On a Windows Server 2003-2008 r2 domain controller, the System State data encompasses the system startup files, system registry, COM+ class registration database, File Replication service (the SYSVOL directory), Certificate Services database (if it is installed), Domain Name System (if it is installed), Cluster service (if it is installed) and Active Directory. The DNS data includes DNS zone information that is Active Directory integrated. The Cluster service data includes any registry checkpoints and the quorum log, containing the most recent cluster database information. For more information regarding the backup and restore process using Microsoft Tools please see the related links: AD LDS Backup and Restore: http://msdn.microsoft.com/library/default.asp?url=/library/enus/adam/adam/backing_up_an_instance.asp Active Directory Backup and Restore: http://technet.microsoft.com/en-us/library/bb727048.aspx http://technet.microsoft.com/en-us/library/cc754097(ws.10).aspx 1

Introduction Software Prerequisites The user is required to have the prescribed knowledge to use the following components: SAM 8.0 Microsoft Server 2003 SP2, Microsoft Server 2008 SP2, Microsoft 2008 R2 SP1 For more information on either product, please refer to the relevant documentation. 2

SAM 8.0 Backup Chapter 2 SAM 8.0 Backup For a SAM 8.0 installation on the Active Directory, back up the Active Directory on which the SAM 8.0 is installed. SAM 8.0 configuration store located on AD This section describes the steps to back up all SAM 8.0 components as part of the Active Directory backup procedure. Server 2003 To back up the Active Directory on a Server 2003: 1. From the Start menu, go to Programs-> Accessories-> Systems Tools>Backup. The Backup or Restore Wizard is displayed. 3

SAM 8.0 Backup 2. Click Next. The Backup or Restore Option dialog box is displayed. 3. Select Back up files and settings, and click Next. The What to Back Up dialog box opens. 4

SAM 8.0 Backup 4. Select Let me choose what to backup, and then click Next. The Items to Back Up dialog box opens. 5. In the left workspace under My Computer select System State, and then click Next. The Backup, Type, Destination and Name dialog box opens. 5

SAM 8.0 Backup 6. In Choose a place to save your backup: enter the location to save the backup file, or click Browse and navigate to the required location. 7. Click Next. The Completing the Backup or Restore Wizard dialog box opens. 8. Click Finish. The backup process begins. On completion the following dialog box opens. 6

SAM 8.0 Backup 9. To see detailed information click Report. 10. Click Close. 7

SAM 8.0 Backup Server 2008/Server 2008 R2 To back up the Active Directory on a Server 2008/Server 2008 R2: 1. Through the Add Feature wizard in the server manager add the Windows Server Backup Feature. 2. Finish installing the feature. 3. Ensure that the system is running with administration rights. 4. Click Start-> Run and then run cmd. The command line window opens. 5. To begin the backup, run the command: wbadmin start systemstatebackup - backuptarget:<targetdrive>: -quiet. <targetdrive> identifies the local volume or the physical disk drive letter to receive the backup. A system state backup cannot be stored on a network shared drive. If the -quiet parameter is not specified, there is a prompt to proceed with the backup operation. Click Y to proceed with the backup operation. 6. Wait until the backup finishes. 8

SAM 8.0 Backup Caution: In Windows Server 2008 R2, to run this command, first enable it with the command dism/online/enable-feature/featurename:windowsserverbackup Note: In Windows Server 2008 R2, there is another method to perform the backup thorough the GUI. For more information about this method refer to http://technet.microsoft.com/enus/library/cc754097(ws.10).aspx 9

SAM 8.0 Backup SAM 8.0 configuration store located on Lightweight Directory Services In addition to the Active Directory, the SAM configuration store can be stored on ADAM, under Server 2003 or AD LDS under Server 2008/Server 2008 R2. This section is relevant for a SAM configuration store installed using this method. To back up configuration store instance: Server 2003 1. From the Start menu select Programs-> Accessories-> System Tools-> Backup. The Backup or Restore Wizard opens. 2. In the Backup or Restore Wizard, click the link for Advanced Mode. The Backup Utility window opens 10

SAM 8.0 Backup 3. Select the Backup tab. 4. From the Job menu, select New. A new job appears. 5. On the Tools menu, click Options. The Option dialog box opens. 6. Select the Restore tab. 7. Select Always replace the file on my computer and then click OK. 8. To select an instance of ADAM folders to back up, in the left workspace select the root folder check box for target folders in the expanded view: 11

SAM 8.0 Backup The following table lists default ADAM file directories. Directory Contents \%ProgramFiles%\Microsoft ADAM\instancename where instancename indicates the ADAM instance name Database files and log files \%windir%\adam Program files and administration tools 9. To back up the System State, under My Computer select System State. 12

SAM 8.0 Backup 10. In Backup destination: select one of the following: File To back up files and folders to a file. Tape drive To back up files and folders to a tape. If a tape drive is not connected to the computer, the Backup destination option is unavailable and is automatically set to File. 11. In Backup media or file name: enter the file name and path for the backup location. When backing up files and folders to a file, type a path and file name for the backup (.bkf) file. Alternatively click Browse to find a file or navigate to the required folder. If backing up files and folders to a tape, select the tape to use. Note: To select another backup option, such as the backup type and the backup log type, on the Tools menu, select Options Click Start Backup. The Backup Job Information dialog box opens. 12. Ensure all settings are as required. 13. Click Start Backup. Caution: If data is backed up from an NTFS volume, it is recommended that the data is restored to an NTFS volume of the same version to prevent loss of data. 13

SAM 8.0 Backup Server 2008/Server 2008 R2 1. Through the Add Feature wizard in the server manager add the Windows Server Backup Feature. The Select Features dialog box opens. 2. Finish installing the feature. 3. Run the Windows Server Backup. The Windows Server Backup window opens. 4. On the Actions menu select Backup Once. 5. The Backup options dialog box opens. 14

SAM 8.0 Backup 6. Select Different options and then click Next. The Select backup configuration page opens. 7. Select Custom and then click Next. The Select backup items page opens. 15

SAM 8.0 Backup 8. Add the volume or volumes containing the AD LDS database through the Add Items, and then click Next. 9. Select Local drives or Remote shared folder, depending on whether the backup is stored locally or remotely and then click Next. The Select backup destination page opens. 10. Specify the appropriate drive where the backup must be stored and then click Next. The confirmation page opens. 11. Complete the wizard and begin the backup by choosing the Backup button. Caution: If data is backed up from an NTFS volume, it is recommended that the data is restored to an NTFS volume of the same version to prevent loss of data. 16

SAM 8.0 Server Restore Chapter 3 SAM 8.0 Server Restore Restoring SAM 8.0 Server Installed on a Production Domain When the SAM 8.0 is installed on a production domain, the restore process needs to make sure the SAM 8.0 objects are restored while other Active Directory objects are managed by general Active Directory maintenance. This section explains how to perform an authoritative restore. An authoritative restore process returns a designated object or container of objects, in this case the SAM 8.0 objects, to its state at the time of the backup. Use authoritative restore to mark all the SAM 8.0 objects as authoritative and let the replication process restore it to all the other domain controllers in the domain. Caution: Follow all steps from 1 to 11. Do not restart your machine at the end of the Restore process!!! Click No when requested to restart the computer. In the case where the computer was accidentally restarted, this is performing a regular nonauthoritative restore. To restore a SAM 8.0 server installed on a production domain: 1. Restart the machine in a DSRM (Directory Services Restore Mode), in the command line run: bcdedit /set safeboot dsrepair 2. Restart the machine and logon as a local administrator. 3. Click Start, click Run, and then type ntdsutil. 4. Press Enter. The Ntdsutil: prompt will appear. 5. At the Ntdsutil: prompt, type: ac i ntds, and then press Enter. 6. Type authoritative restore, and then press Enter. To restore SAM 8.0 components, type the following command and press Enter: restore subtree CN=TMS_DB,DC= domain_name,dc= domain name prefix 17

SAM 8.0 Server Restore For example, if the domain is corp.banana.com the following is typed: restore subtree CN=TMS_DB,DC=corp,DC=banana,DC=com A prompt is displayed Are you sure you want to perform this Authoritative Restore? 7. Click Yes. Ntdsutil attempts to mark the object as authoritative. The output message indicates the operation status. 8. At the authoritative restore: and ntdsutil: prompts, enter quit, and then press Enter. 9. In the command line, run bcdedit /deletevalue safeboot. 10. Restart the domain controller in normal operating mode. 11. Synchronize replication with all partners. 18

SAM 8.0 Server Restore Restoring SAM 8.0 Server Installed on ADAM To restore SAM 8.0 intalled on ADAM 1. In Administrative Tools select Services and stop the ADAM instance. 2. Use the Windows Backup interface to perform the restore operation. Click Start-> Programs-> Accessories-> System Tools->Backup. The Backup or Restore Wizard opens. 3. Click the link for Advanced Mode. The Advance Mode window opens. 4. Select the Restore and Manage Media tab. 19

SAM 8.0 Server Restore The Restore and Manage Media tab opens. 5. Select the backup file for the instance to restore by selecting the file s check box. 6. In the Restore files to field, select Original location. 7. On the Tools menu, select Options. The Options window opens. 8. Select the Restore tab. The Restore tab opens. 9. Select Always replace the file on my computer and then click OK. 10. Click Start Restore. On completion the Confirm Restore dialog box opens. 11. Click OK. 20

SAM 8.0 Server Restore 12. When the restore is completed, click Close in the Restore Progress dialog box. 21

SAM 8.0 Server Restore Restoring SAM 8.0 Server Installed on AD LDS To restore SAM 8.0 server installed on AD LDS 1. In Administrative Tools select Services and stop the ADAM instance. 2. From Start-> All Programs-> Accessories-> System Tools Run the Windows Server Backup. 3. On the Action menu, select Recover. 22

SAM 8.0 Server Restore The Recovery Wizard opens. Choose where the backup files are located and choose Next. 4. Choose the date and the hour of the backup and choose Next The Select Recovery Type page appears. 23

SAM 8.0 Server Restore 5. Select Files and folders, and then click Next. The Select items to recover page opens. 6. Browse to and select the folder containing the instance data files. By default, AD LDS database and log files are located in %ProgramFiles%\Microsoft ADAM\instance_name\data, where instance_name is the AD LDS instance name. 7. Click Next. 24

SAM 8.0 Server Restore The Specify recovery options page opens. 8. Select Original location and Overwrite existing files with recovered files, and then click Next. The Confirmation page opens. 9. To complete the restore, click Recover. 10. After the restore is complete, close the Windows Server Backup window. 11. In Administrative Tools select Services and start the ADAM instance. 25