RE: [ActiveDir] Aelita's ER Disk may render AD not supported

[GRILLENMEIER,GUIDO (HP-Germany,ex1)]

Title: Message

The article now clarifies, that Microsoft is no longer totally against online recovery of AD.  Which doesn't mean they're very happy with ISVs writing directly against the AD ESE database.   However, when the ISVs do take the right precautionary measures to ensure data integrity of the database (as would be done by restoring data in AD natively), Microsoft will even certify the product. As was pointed out earlier, this has just been done for the Aelita ERD tool so nobody should have an issue using it.   Realize, that (appart from being able to restore objects online) ERD even does a slightly better job of recovering objects than the native Authoritative Restore feature of AD does. This is related to how objects are linked in AD (e.g. group-memberships or the "managedBy" attribute) - these are not fully recovered via the native Authoritative Restore methods in AD. ERD also isn't perfect in this respect (e.g. can also not recover memberships of Domain Local Groups in foreign domains), but look out for a solution coming up for these issues as well sometime soon (either from MS, Aelita or HP).    BTW, the article also states, that if you have a truly corrupt AD, you may need to perform a Forest Recovery - although unlikely in any case, this could also happen by false Schema udpates etc. and as such is something any company should be prepared for regardless of the tools used in the infrastructure.   Guido Grillenmeier HP Services - Consulting & Integration From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] Sent: Montag, 16. Juni 2003 21:25 To: '[EMAIL PROTECTED]' Stuart,   What changed in the article?  All I see is a reference to the fact that Microsoft has provided an API for vendors to use in 2003, and that it is still potentially bad to do object level restores in Windows 2000 directories.  In addition, responding to this thread titled Aelita's ER Disk may render AD not supported, could also be taken as Aelita's product is not supported or worse that you don't recommend using it.  If it is the latter, why does Microsoft offer Microsoft Certification of Applications if they only plan to discredit the vendor publicly?    I realize that you have to walk a fine line of what is politically correct / legal to say, what I believe we are concerned with here on this list is what makes sense operationally in Active Directory.  Baring an act of God or poorly managed Active Directory, do object level Active Directory recovery products work, and is this recovery operation on par (Meaning having the same inherited risks as) with modifying the registry, or going into Exchange 5.5's directory in RAW mode and making modifications?   If the operation is not on par with the illustrations I listed, what exactly goes wrong when using them.   Todd Myrick     -----Original Message----- From: Stuart Kwan [mailto:[EMAIL PROTECTED] Sent: Monday, June 16, 2003 11:21 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Aelita's ER Disk may render AD not supported Please note that KB article Q296257 was updated on Friday 06/13.   http://support.microsoft.com/default.aspx?scid=kb;en-us;296257   Cheers, Stuart   [This posting is provided "AS IS" with no warranties, and confers no rights.]   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wilkinson, Stephen (DrKW) Sent: Tuesday, May 20, 2003 6:17 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Aelita's ER Disk may render AD not supported   Anyone who has purchased Aelita's ER Disk may want to check with their Microsoft representative as to whether they will support their AD if ER Disk for Active Directory is used..  As we have received the following response from Microsoft "Please refer to Microsoft Knowledge Base Article - 296257 which outlines 'On-Line Restoration of Active Directory Is Not Supported in Windows 2000'. "Selective on-line restoration is the process of returning one or more specified objects to their state as of a specific time in the past without having to place Active Directory into an off-line repair mode. Because of the potential for irreparable data damage or loss, Microsoft cannot recommend or support ISV products that perform on-line restoration of data by directly accessing the ESE database." The only supported online restore capability today is if ISV's use the tombstone reanimation feature in Windows Server 2003 (not available in Win2k)." I am awaiting a response from Aelita Stephen Wilkinson E-Mail: [EMAIL PROTECTED] ---------------------------------------------------------------------- If you have received this e-mail in error or wish to read our e-mail disclaimer statement and monitoring policy, please refer to http://www.drkw.com/disc/email/ or contact the sender. ----------------------------------------------------------------------