In domain applications, users can log on to domain servers on different computers and use the same environment; for network administrators, centralized management and control of services can be achieved through domain management. Because of the centralized storage of account database and user management in the domain server, if it has problems, it will affect the operation of the entire network, so the backup of domain data is a very important and necessary work. There are two methods of backup. Manual backup.
Manual backup can be completed by specifying the content of backup Active Directory under the Backup and Restore Wizard through the operation of “System Tools-Backup”. Automatic backup. Although manual backup can backup the data of the domain, the obvious problem is that manual backup can not realize the real-time backup of the data. In addition, if the domain controller fails, even if the data can be recovered from the backup, the cost of waiting for the network will also be paid. Therefore, in the application of important networks, automatic backup is generally used, even if additional domain controllers are used to ensure the immediate backup and recovery of data.
The importance of deploying additional domain controllers is that if a second or more domain controllers are deployed in the domain, there will be an Active Directory database in each domain controller. The important thing is that these databases are automatically updated synchronously, which enhances the security of server data. Additional domain controllers are domain controllers that are re-installed when the system has installed (primary) domain controllers.
According to the characteristics of domain controllers, if there are multiple domain controllers in the domain, the content of Active Directory database on each domain controller is automatically synchronized dynamically.
That is to say, if any domain controller modifies Active Directory database, other domain controllers will copy this modification automatically to their Active Directory database to ensure Acti Directory database. The integrity and uniqueness of VE Directory data enable automatic backup of data. The installation of additional domain controllers is almost the same as that of (main) domain controllers, so I will not elaborate on it here.
It is important to ensure that the domain controllers can communicate with each other and that the data can be backed up automatically. Can you use B controller to recover data? No. Because of the automatic synchronization of the domain controller, after deleting the data on the A controller, the B controller automatically deletes the corresponding data to maintain the consistency with the data of the A controller. So there is no data deleted by mistake on the B controller. Can the data backed up manually by A controller be used to recover the deleted data? Because of the automatic synchronization of the domain controller, after deleting the data on A controller, B controller will automatically delete the corresponding data to maintain the consistency with the data of A controller. Therefore, although the network can be disconnected and the data of controller A can be recovered manually, there is a problem when controller A is connected to the network, that is, the data of controller A and controller B are inconsistent.
Can you restore the data of controller A by manually backing up the data of controller B? First disconnect the network to restore the data of controller B manually, and then connect the controller B to the network. At this time, there is still an obvious problem that the data of controller A and controller B are inconsistent. As mentioned earlier, in a network with multiple domain controllers installed, the data between domain controllers is dynamically and automatically synchronized. But if the content of Active Directory database is inconsistent, which domain controller content is the basis? The priority of Active Directory is the basis. Version number. Version number refers to the number of modifications to the Active Directory object, and the higher version number takes precedence. If two domain controllers find that their version numbers are inconsistent, the low version domain controllers will copy the database contents of the high version domain controllers to the local machine to realize the automatic backup of data, and at the same time achieve the same version number. Time.
In the case of the same version number, the domain controller compares the time factor again, checking which domain controller completes the modification later, and the latter takes precedence. GUID. GUID is compared when the first two comparison factors are the same, but among the three priority comparison parameters, it is very rare that the first two parameters are identical in general, so GUID is only an alternative. Taking the third solution as an example, the data recovered by B controller should be taken as the standard so that the A controller can automatically synchronize the B controller. According to the principle of priority, only the version number can be modified artificially, so that the priority of the B controller after recovery is better than that of A controller, so that the data of A controller can automatically synchronize with the data recovered by B controller, and then the purpose of recovering the deleted data can be realized. Its operation process is divided into several steps: (1) enter the directory service restore mode of B controller to restore the backup data of B controller; (2) run the command “NTDSUTIL” at the command prompt of B to modify the version number artificially; (3) restart B controller; (4) connect B controller to the network, thermostatic element at this time, because the priority of B controller is artificially modified to be better than A controller, A controller will automatically maintain with B controller. Synchronization, thus recovering the deleted data in A controller. This paper only discusses how to use the automatic synchronization function of multiple domain controllers to achieve data backup and recovery. In order to meet the needs of network management and security, the function of Active Directory should be further studied in detail.