Re: Preparing AD for the PKI

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 01/04/05

• Next message: Steven L Umbach: "Re: computer history"
• Previous message: Bigbruva: "Re: encription"
• In reply to: Michael Shire: "Re: Preparing AD for the PKI"
• Next in thread: S. Pidgorny : "Re: Preparing AD for the PKI"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 04 Jan 2005 19:11:42 GMT

When you back up the System State on a domain controller you are also
backing up the Active Directory which includes the schema. I have never
confirmed myself that it would roll back the schema with no problem myself
and encourage you to test it out yourself if it is a concern. The Active
Directory newsgroups may have more info on those that have done it. ---
Steve

"Michael Shire" <MichaelShire@discussions.microsoft.com> wrote in message
news:6211E193-0A3D-4444-9FDA-6705F5A57B62@microsoft.com...
> So the change IS reversible, by way of a System State restore?
>
> "Steven L Umbach" wrote:
>
>> It updates the schema to accommodate Windows 2003 domain controllers
>> [obviously]. I am not sure of the exact changes but usually there is not
>> a
>> problem and you have to do it to take full advantage of Windows 2003
>> Certificate Services. By all means back up your Active Directory first by
>> doing a System State backup of domain controllers [ at least a couple,
>> preferably the schema master and pdc fsmo] before you do the change. The
>> links below may be helpful and you may also want to post in an Active
>> Directory newsgroup to see what advice tips/traps they can give you
>> there. --- Steve
>>
>> http://www.petri.co.il/windows_2003_adprep.htm
>>
>>
>> "Michael Shire" <MichaelShire@discussions.microsoft.com> wrote in message
>> news:A2B61671-22FC-4570-926F-97192489FCBA@microsoft.com...
>> > Greetings,
>> > I'm following the Microsoft Solutions for Security "Build Guide for
>> > Securing
>> > Wireless LANs". I've come to a warning before using ADprep for
>> > certificate
>> > services:
>> > "Warning: This is causes an irreversible change to your directory
>> > schema.
>> > Although the procedure is safe, you should ensure that you have read of
>> > the
>> > related documentation thoroughly before commencing"
>> >
>> > Could someone point me in the direction of the "related documentation"
>> > or
>> > suggest reading to understand the side effects/impact of this change?
>> >
>> > Thanks,
>> > Mike
>>
>>
>>

---

• Next message: Steven L Umbach: "Re: computer history"
• Previous message: Bigbruva: "Re: encription"
• In reply to: Michael Shire: "Re: Preparing AD for the PKI"
• Next in thread: S. Pidgorny : "Re: Preparing AD for the PKI"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Disaster Recovery - Virtualized environment ... Starting an Active Directory domain controller whose operating system resides in a virtualized hosting environment such as Microsoft Virtual PC, ... Starting an Active Directory domain controller that is located on a volume where the disk subsystem loads using previously saved images of the operating system without requiring a system state restoration of Active Directory. ... (microsoft.public.windows.server.active_directory) Re: Disaster Recovery - Virtualized environment ... Starting an Active Directory domain controller whose operating system resides in a virtualized hosting environment such as Microsoft Virtual PC, ... Starting an Active Directory domain controller that is located on a volume where the disk subsystem loads using previously saved images of the operating system without requiring a system state restoration of Active Directory. ... (microsoft.public.windows.server.active_directory) Re: Disaster Recovery - Virtualized environment ... Starting an Active Directory domain controller whose operating system resides in a virtualized hosting environment such as Microsoft Virtual PC, ... Starting an Active Directory domain controller that is located on a volume where the disk subsystem loads using previously saved images of the operating system without requiring a system state restoration of Active Directory. ... (microsoft.public.windows.server.active_directory) Re: Disaster Recovery - Virtualized environment ... Starting an Active Directory domain controller whose operating system resides in a virtualized hosting environment such as Microsoft Virtual PC, ... Starting an Active Directory domain controller that is located on a volume where the disk subsystem loads using previously saved images of the operating system without requiring a system state restoration of Active Directory. ... The only supported way to roll back the contents of Active Directory or the local state of an Active Directory domain controller is to use an Active Directory-aware backup and restoration utility to restore a system state backup that originated from the same operating system installation and the same physical or virtual computer that is being restored. ... (microsoft.public.windows.server.active_directory) Re: Active Directory Installation Failed on 3rd Domain Controller ... You will have to extend the schema by running Adprep. ... perform a metadata cleanup to remove this DC from Active Directory. ... I have a domain controller, on a Win2003 server, that is bad situation and I ... (microsoft.public.windows.server.active_directory)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)