Microsoft KB Archive/315536

= System-State Backup Does Not Include Active Directory When You Use Directory Synchronization Services =

PSS ID Number: 315536

Article Last Modified on 11/20/2003

-

The information in this article applies to:


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Datacenter Server

-



This article was previously published under Q315536



SYMPTOMS
A system-state backup that was created on a domain controller (DC) that has Microsoft Directory Synchronization Services installed on it does not include the Active Directory of the domain. The remaining items that make up the system state will be backed up. A system state consists of the following items:
 * Active Directory
 * The boot files
 * The COM+ class registration database
 * The registry
 * The system volume (Sysvol)



CAUSE
To synchronize passwords with Novell Directory Services, Microsoft Directory Synchronization Services makes a change to the Active Directory policy so that passwords are stored in a reversible hashed form. When Active Directory is running, the password data is protected by access control lists (ACLs) that prevent unauthorized access to the reversible password hashes. When Active Directory is backed up, the data in the backup dataset is out of the control of Active Directory. This removes the ability of Active Directory to protect the password confidentiality. To prevent reversible password hashes from being included in a backup dataset, Active Directory is not included in the backups.



STATUS
This behavior is by design.



MORE INFORMATION
For additional information about how to make a system-state backup, click the article number below to view the article in the Microsoft Knowledge Base:

301254 HOW TO: Back Up Windows 2000 System Files with the Backup Program in Windows 2000

Keywords: kbenv kbprb KB315536

Technology: kbwin2000AdvServ kbwin2000AdvServSearch kbwin2000DataServ kbwin2000DataServSearch kbwin2000Search kbwin2000Serv kbwin2000ServSearch kbWinAdvServSearch kbWinDataServSearch

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© 2004 Microsoft Corporation. All rights reserved.