Active Directory is doing a whole ton more than what
Exchange directory had to do. Being an Exchange directory is but one function.
However that being said, you can export/import many of the attributes, you just
have to know which ones can't be directly reimported such as GUIDs, SIDs,
passwords, and other security items. As for Exchange information, I don't think
there is anything you can't reimport.
But as Al said, I would recommend taking a DC, put it in
its own site, set that site's replication frequency to a couple
of days and probably for good measure use repadmin to stop its replication. Then
tell the ADC to smack that DC. Then go through it looking for issues.
If you are still nervous I would recommend tearing down
your lab and redoing it all just to verify there isn't some step you did in the
heat of R&D and forgot about later... Or if you have a QA environment
already....
I recall a quote on a company quotes sheet that went
something like
server support: If you don't test in QA, why do you use
it?
customer: Because you won't let us roll straight from Dev
to Prod...
joe
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Strand, Ted
Sent: Wednesday, August 04, 2004 7:04 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] AD Backup - Sort of
Thanks for the suggestions Al, I will admit that it really
makes me nervous to change replication on AD since (knock on wood) it is working
so well. I have done testing in the lab for a couple of weeks now and I
think I have it all worked out, I just want to feel comfortable knowing that I
can take an export and be able to put the data back in from the export
file. This was so easy in Exchange 5.5 you would think AD would offer
similar features.
-Ted-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Tuesday, August 03, 2004 3:54 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] AD Backup - Sort of
A popular way to do what you discuss is to change
replication parameters during the upgrade. Basically, have the ADC talk to
an Active Directory isolated server, check for errors and then bring it back
into the replication cycle.
Another alternative I've seen work is to take a DC off-line
during the upgrade. I've seen some introduce a new one first and then
bring it off-line during the upgrade. After the all clear, it's then
removed from the domain else brought back on-line.
The first option is much better as it offers you a chance
to check it out prior to moving forward. The second option works if you
can flatten all DC's but the one with the good data, in essence creating a hot
backup. I suppose you could just mark all the records authoritative and
then reintroduce it, but....
I've never seen a successful ADC deployment that didn't
spend a lot of time in the lab getting it right.
Al
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Strand, Ted
Sent: Tuesday, August 03, 2004 3:34 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] AD Backup - Sort of
I am
about to turn on a connection agreement for my first AD connector. I have
backed up the exchange directory and also exported the directory to csv for
recovery. I would like to do the same thing with the AD data to have a
roll-back plan if the CA does something I didn't expect. I have played
with LDIFDE and the CSV equivalent, and although I have been able to export with
both, I have not been able to import back in to change the data. Are there
any other (preferably free) methods to capture this ad data, and then reuse it
to undo changes? I would hate to have to do an authoritative restore from
tape to fix any issues.
Thanks
-Ted
Strand-
