Active Directory Offline Mining

Topics | How To

Overview

Offline Mining Methods

Prerequisites

• Planning
• License Requirements
• Client Requirements

Configuration

Operations

Best Practices

Important Considerations

Overview

The Active Directory mining allows you to browse and recover directory server database objects and their attributes from an offline copy of one of the following offline directory database copies:

• Active Directory Server
• Active Directory Lightweight Directory Server
• ADAM Server

The Active Directory Offline Mining feature builds on the capabilities of the Active Directory iDataAgent by providing the capability to recover individual objects and attributes without having to recover an entire Active Directory Server, ADAM Server, or Active Directory Lightweight Directory Server database. By recovering only select objects and/or attributes, recovery speed is enhanced, network resources are preserved, and directory server downtime is reduced.

The Active Directory Offline Mining feature also provides the capability to browse multiple versions of the directory server database from different points in time, which is useful if you want to compare different versions of a single object or attribute. Unlike directory server database backups performed with the Active Directory iDataAgent, the value of each attribute is visible in the offline copy, which allows you to easily compare attributes and recover the exact version you need.

Terminology

• References to Directory Server database in this documentation are inclusive of the Active Directory Server database, Lightweight Directory Server database, and ADAM Server database unless stated otherwise. Note, however, that not all directory server databases are supported with all offline mining options. See Client Requirements for more information.
• References to Source computer in this documentation refer to the computer from which the data will be backed up. This computer will be the computer on which the Active Directory Server, Lightweight Directory Server, and/or ADAM Server resides.
• References to Destination computer in this documentation refer to the computer on which the offline copy will be created.

Offline Mining Methods

The Active Directory Mining feature provides three methods for creating offline copies of the directory server database.

• System State Backup Method
• Replication Method

The method that you choose depends on your preference and the software/hardware that is available in your environment. The following sections describe each method in detail.

System State Backup Method

The System State Method provides the facility to mine directory server database objects and attributes from a system state backup. This method is useful if you are already performing system state backups for data protection operations in your environment.

Replication Method

The Replication Method provides the facility to mine directory database objects and attributes from replicated copies of the directory database. The Replication Method utilizes the ContinuousDataReplicator software module to provide continuous replicated copies of the directory database to the destination computer. This method is useful if you are already using ContinuousDataReplicator for data replication in your environment.

Support Requirements for Each Method

The following table illustrates the operating systems and directory server databases for each method:

Prerequisites

The following are prerequisites to using this feature:

Planning

Plan your offline mining environment by performing the following tasks:

• Identify the directory server databases you wish to use for offline mining.
• Choose a method for creating the offline copy. See Offline Mining Methods above for details on the methods available.

License Requirements

The Active Directory Mining feature requires the Offline Mining Enabler for Active Directory license.  This license is consumed when Enable Offline Mining is selected in the General tab of the Active Directory iDataAgent's Agent Properties dialog box.

Review general license requirements included in License Administration.

Client Requirements

The following requirements must be met prior to performing offline mining operations:

• The adLdapTool.exe utility must be run on the source computer. See Run the adldaptool.exe Utility for step-by-step instructions.
• The destination computer must be running a Microsoft Windows Server 2008 operating system.
• The Active Directory iDataAgent must be installed on the destination computer. During the installation, the LDS role is automatically enabled. The LDS role should never be turned off.

Space and Memory Requirements

The following table enumerates the database size and memory requirements for the destination computer:

Configuration

Once you have decided which offline mining method best suits your offline mining objectives, perform the following tasks to prepare the offline copy of the directory server database:

• If using the system state backup method, perform an out-of-place restore of the system state backup to the destination computer. See Restore Out-of-Place, Cross-Platform or Cross-Application for step-by-step instructions.
• If using the replication method, replicate the directory server database to the destination computer.

Operations

After preparing the offline directory database on the destination computer, objects and attributes are ready for mining and recovery. The following unique operation can be performed for Active Directory Offline Mining:

• Browse Data from the Offline Directory Database

• Restore Data from the Offline Directory Database

Important Considerations

Consider the following prior to configuring and using this feature:

General Considerations

• By default, the directory server databases are always located in the following location on the source computer:

  Active Directory Server Database:

  <drive_letter>:\WINDOWS\NTDS\ntds.dit

  ADAM/LDS Directory Server Database:

  <drive_letter>:\Program Files\Microsoft ADAM\<instance_name>\DATA\adamntds.dit

  If a different location for the directory server database is specified when installing the Active Directory iDataAgent on the source computer, then the directory server database must be browsed when performing offline mining operations on the destination computer.

• If performing offline mining with ADAM or LDS directory serverdatabases, the following requirements apply:
  • The adLdapTool.exe utility must be run on the source computer separately for each ADAM/LDS instance.
  • The destination computer must reside within the same domain as the source computer.
  • The domain administrator credentials must be supplied during installation of the Active Directory iDataAgent.
  • Each ADAM/LDS instance must include the domain administrator account as a local instance administrator.

    If the ADAM/LDS Administrator credentials are different than the domain administrator credentials, then each ADAM/LDS instance must be configured to include the domain administrator account as an administrator for the instance. This account must then be added to the ADAM/LDS database.

    Refer to the ADAM/LDS user documentation for step-by-step instructions.

• Objects and attributes can only be restored to an ADAM database if the original partition from which they were backed up exists. Data from partitions that have been deleted cannot be restored.
• Parent and child domains, as well as other domains within the same forest, share schema and configuration partitions. However, within a forest there is only one domain controller that serves as the schema/configuration owner. Only this owner can make changes or write to a schema or configuration partition. Thus, to restore any objects in schema or configuration partitions, the restore must be conducted by the domain controller serving as the schema or configuration partition owner.
• The rootDSE object and/or its attributes are for read-only purpose and cannot be restored.

Replication Method Considerations

• If the source computer contains more than one ADAM Server instance, separate replication sets must be created for each instance.
• When configuring replication set(s), only the application directories associated with the directory server database should be added. Do not select databases for any other applications.
• When creating consistent recovery points, the mount point selected should consist of the next available drive on the destination computer and be formatted as follows:

  <drive_letter>:\<mount_point>

  Note that, when configuring the mount point, ensure that the mount point is not configured at the root of the drive letter on the destination computer. Doing so will require the entire location of the directory database to be entered manually when performing browse operations. Instead, configure the mount point to be a directory within the drive (such as <drive_letter>:\<directory_on_drive>).

Best Practices

Best practice guidelines include the following:

• Do not perform offline mining on a live production database. Offline mining should always be performed with offline copies of the database.

Back to Top