Topics | How To
The Active Directory mining allows you to browse and recover directory server database objects and their attributes from an offline copy of one of the following offline directory database copies:
The Active Directory Offline Mining feature builds on the capabilities of the Active Directory iDataAgent by providing the capability to recover individual objects and attributes without having to recover an entire Active Directory Server, ADAM Server, or Active Directory Lightweight Directory Server database. By recovering only select objects and/or attributes, recovery speed is enhanced, network resources are preserved, and directory server downtime is reduced.
The Active Directory Offline Mining feature also provides the capability to browse multiple versions of the directory server database from different points in time, which is useful if you want to compare different versions of a single object or attribute. Unlike directory server database backups performed with the Active Directory iDataAgent, the value of each attribute is visible in the offline copy, which allows you to easily compare attributes and recover the exact version you need.
The Active Directory Mining feature provides three methods for creating offline copies of the directory server database.
The method that you choose depends on your preference and the software/hardware that is available in your environment. The following sections describe each method in detail.
The System State Method provides the facility to mine directory server database objects and attributes from a system state backup. This method is useful if you are already performing system state backups for data protection operations in your environment.
The Replication Method provides the facility to mine directory database objects and attributes from replicated copies of the directory database. The Replication Method utilizes the ContinuousDataReplicator software module to provide continuous replicated copies of the directory database to the destination computer. This method is useful if you are already using ContinuousDataReplicator for data replication in your environment.
The following table illustrates the operating systems and directory server databases for each method:
Supported Operating System |
Supported Directory Server Databases |
System State Backup Method | |
Microsoft Windows Server 2003 | Active Directory Server |
Microsoft Windows Server 2008 | Active Directory Server |
Replication Method | |
Microsoft Windows Server 2003 | Active Directory Server; ADAM |
Microsoft Windows Server 2008 | Active Directory Server; Active Directory Lightweight Directory Server |
The following are prerequisites to using this feature:
Plan your offline mining environment by performing the following tasks:
The Active Directory Mining feature requires the Offline Mining Enabler for Active Directory license. This license is consumed when Enable Offline Mining is selected in the General tab of the Active Directory iDataAgent's Agent Properties dialog box.
Review general license requirements included in License Administration.
The following requirements must be met prior to performing offline mining operations:
The following table enumerates the database size and memory requirements for the destination computer:
Database Size |
Available Memory |
Estimated Database Mount Time |
3.5 GB | 1GB | Approximately 4 minutes |
7 GB | 2 GB | Approximately 8 minutes |
15 GB | 4 GB | Approximately 16 minutes |
Once you have decided which offline mining method best suits your offline mining objectives, perform the following tasks to prepare the offline copy of the directory server database:
After preparing the offline directory database on the destination computer, objects and attributes are ready for mining and recovery. The following unique operation can be performed for Active Directory Offline Mining:
Consider the following prior to configuring and using this feature:
Active Directory Server Database:
<drive_letter>:\WINDOWS\NTDS\ntds.dit
ADAM/LDS Directory Server Database:
<drive_letter>:\Program Files\Microsoft ADAM\<instance_name>\DATA\adamntds.dit
If a different location for the directory server database is specified when installing the Active Directory iDataAgent on the source computer, then the directory server database must be browsed when performing offline mining operations on the destination computer.
If the ADAM/LDS Administrator credentials are different than the domain administrator credentials, then each ADAM/LDS instance must be configured to include the domain administrator account as an administrator for the instance. This account must then be added to the ADAM/LDS database.
Refer to the ADAM/LDS user documentation for step-by-step instructions.
<drive_letter>:\<mount_point>
Note that, when configuring the mount point, ensure that the mount point is not configured at the root of the drive letter on the destination computer. Doing so will require the entire location of the directory database to be entered manually when performing browse operations. Instead, configure the mount point to be a directory within the drive (such as <drive_letter>:\<directory_on_drive>).
Best practice guidelines include the following: