Show me the backups (win2k3 sp1)…

It recently came to my attention that repadmin + showbackup had no google hitsWell I’d like to fix that.

First a little back story … around I guess 2003 there had been a growing trend (of PSS whining, er I mean noticing that) customers are not taking any backups,
and many customers didn’t quite understand how application Naming
Contexts (NCs) are not replicated to every Domain Controller (thus the
old adage of “backup one DC from every domain” was stale) … and so
people would be missing critical data at restore time … with restore
being like the 3rd worst time to be missing critical data, but the most
likely time to call PSS, PSS asked if
we could help, and we / AD dev
drunk when they asked, had time on our hands, tired of feeling guilty
about our in-box monitoring tools story, felt like “putting the feature
back in service pack”, maybe we were bored… whoa is this my outside
happily said what can we do to help…

So to address this issue, for Win2k3 SP1 we hashed out adding the ability for DCs
to log an event
(Event ID 2089) if a Naming Context is not being backed up regularly
within a certain latency.  The default latency is 1/2 the tombstone
lifetime (too long IMNHO) … oh and there is a reason this event won’t be logged for an NC, but whatever … this is not
a post about that mechanism / event
(more on it someday), besides we’re not even sure most admins are
capable of reading the event logs (is that too insulting …where is the line?  I can never tell?) …

OK, event logs are fine, but you want to know now!  When I
added the 2089 event to AD, I added the /showbackup command to
repadmin.  This basically can show when backups were taken of
various writable NCs the DC hosts. (this block may make the post wide, probably mess stuff up, but anyway here is the output of the command):

C:\bin\rel\win2k3\sp1\x86fre>repadmin.exe /showbackup mycorp-dc-02

Loc.USN Originating DC Org.USN Org.Time/Date Ver Attribute
======= =============== ========= ============= === =========
329205835 084f51ed-d53e-4bad-83db-28694870fdb9 127958011 2006-02-08 02:51:22 197 dSASignature
329258203 084f51ed-d53e-4bad-83db-28694870fdb9 127958010 2006-02-08 02:51:22 202 dSASignature
330447680 e0cc9580-1546-4da9-af2b-0929c37a378a 68598018 2006-02-09 02:14:56 897 dSASignature
330447359 e0cc9580-1546-4da9-af2b-0929c37a378a 68598017 2006-02-09 02:14:56 898 dSASignature
329205750 084f51ed-d53e-4bad-83db-28694870fdb9 127958006 2006-02-08 02:51:20 205 dSASignature

Obviously the green is showing you can basically see when the DomainDnsZones was last
backup.  You can probably guess from this output how we are tracking the last backup too.  Note: This tracking can only be done if a DC you’re taking backups on is upgraded to Win2k3 SP1.

And of
course “repadmin /showbackup *” should work if you want to capture the
last backup time across all NCs (which means hitting all DCs, thus the
*).  Don’t assume your backup software is smart enough to understand where the NCs are instantiated / replicated to.

It’s funny (or embarressing, depending on who you are) 2 years after coding something, you review it, and immediately see everything you screwed up…

  • The above command should’ve resolved the
    Orig DC invocation IDs into DC names, so you could know where that
    backup was taken.  That’s just fricken
    sloppy, sorry about that.  I really piss me off sometimes.
  • In retrospect it would have been better to add
    another partition test to dcdiag.  That would’ve been way sweeter,
    fails if over timestamp latency, and /v would print out how old the
    last backup is, and what DC it was taken on.
  • Would’ve
    been cool to add to ntdsutil the ability to control the backup latency
    event’s sensitity on a per partition basis.  The feature has this
    ability today it is just not exposed, instead you’ve got to use a reg
    key (which I don’t recommend).
  • This was actually from a corp DC, but I
    changed the names … but it makes me wonder if that’s right our child
    domains aren’t being backed up, or there is a bug in the tool /
    mechanism?  Those are partial replicas though, it might not being working on partial
    replicas … that’s an excercise for the reader … let me know.

So there you have it repadmin /showbackup, as
any self respecting admin, I suggest you move “Try a test restore of our
backups” to the bottom of your TODO list, and play with this repadmin
command instead.  No, no don’t worry the restore will just work if you need it, play with this instead.

Well, that is IMNHO only about 1/2 a post
… I didn’t even get to the Backup FSMO role (some other time hopefully) … but
tis all I have time for now, sorry.

OK, they CAN NOT be serious, I only have a
single sans-serif
font to choose from!?  Oh, and that font (Arial) even has a sertif on lower case-t.  Verdana
has serifs on upper case I, but it is mostly serifless.  Guh, I’m not sure I can actually live with
blogging in
this medium, alright Verdana it is,
god I miss my Mac …

Oh and if you’re wondering it was Mr “Grillenmeier, Guido” that was the unintentional catalyst to my first post, not the more derisive elements of my life.

BrettSh [msft]
Building #7 Garage Door Operator

P.S. – I still am not quite happy with my categories yet, and I
still don’t have my Orange theme back, (remorseful voice) it was a
really good theme.  But at least I can complain now as I’m

Comments (79)

  1. michkap says:

    Woo hoo! Brett’s blogging! You can do fascinating things with a bit of blog pimping in the CSS and other places, too….

  2. Dana Epp says:

    Who the hell are you, and what did you do with the real Brett?

  3. Guido says:

    hey Brett – good to see that a question of mine combined with the lack of google hits to its answer initiated you to post your first blog entry :-)

    I checked out the /showbackup function right away and it works nicely!

    > but it makes me wonder if that’s right our

    > child domains aren’t being backed up, or

    > there is a bug in the tool / mechanism?  

    > Those are partial replicas though, it might

    > not being working on partial replicas …

    > that’s an excercise for the reader … let

    > me know.

    nope, no bug – it’s just that by default, the dSASignature schema attribute is not in the PAS – so it won’t replicate to GCs.  Certainly nothing you could have changed in the SP, but I’ve added dSASignature to the PAS and now a single GC will inform me of the replication status of any AD domain partition (and the DC that last backed up the respective partition), which is cool.

    Naturally, app partitions such as DNS are only backed up (and reported) on those DCs, which host the app partition.

    I’ll send you some results of my tests offline. Still have to check out a few other things around this feature.

    Thanks for the valuable post.


  4. Guido says:

    btw, google has already found your post as well :-)

    sorry to say that information on repadmin showbackup still can’t be found via MSNsearch :-(

  5. AdiOltean says:

    >> So there you have it repadmin /showbackup, as any self respecting admin, I suggest you move "Try a test restore of our backups" to the bottom of your TODO list, and play with this repadmin command instead.  No, no don’t worry the restore will just work if you need it, play with this instead.

    Could you do a partial test by restoring your domain controllers to a series of Virtual Server guest instances? (with an isolate, private net connecting all of them).

    That would work of course if your "restore set" does not have dependencies on other computers on the network…

  6. Antimail says:

    Finally! The wait is over. Brett Shirley started to blog. As I expected, Brett started with a highly…

  7. alicain says:

    could be good to have a "repadmin /showbackup *" to be added into the DirSvc version of MPSReports?

    Keep up the blogging – it’s great!

  8. 出会い says:


  9. カワイイ子ほど家出してみたくなるようです。家出掲示板でそのような子と出会ってみませんか?彼女たちは夕食をおごってあげるだけでお礼にHなご奉仕をしてくれちゃったりします

  10. 右脳左脳 says:


  11. 逆援助 says:

    セレブ達は一般の人達とは接する機会もなく、その出会う唯一の場所が「逆援助倶楽部」です。 男性はお金、女性はSEXを要求する場合が多いようです。これは女性に圧倒的な財力があるから成り立つことの出来る関係ではないでしょうか?

  12. 救援部 says:


  13. 家出 says:


  14. 当サイトは、みんなの「勝ち組負け組度」をチェックする性格診断のサイトです。ホントのあなたをズバリ分析しちゃいます!勝ち組負け組度には、期待以上の意外な結果があるかもしれません

  15. 素人 says:


  16. エロ漫画 says:


  17. 高級チェリーの夏は童貞卒業の夏です。セレブ達も童貞を卒業させたくてウズウズしながら貴方との出会いを待っています。そんなセレブ達に童貞を捧げ、貴方もハッピーライフを送ってみませんか

  18. 助けて〜! says:

    何回かメールして会える人一緒に楽しいことしょ?お給料もらったばかりだからご飯くらいならごちそうしちゃうょ♪ とりあえずメールくださぃ★

  19. セレブラブではココロとカラダに癒しを求めるセレブ達と会って頂ける男性を募集しています。セレブ女性が集まる当サイトではリッチな彼女たちからの謝礼を保証、安心して男性はお金、女性は体の欲求を満たしていただけます。無料登録は当サイトトップページからどうぞ

  20. SOS少女 says:


  21. 精神年齢 says:


  22. マダムと甘い時間を過ごしてみませんか?性欲を持て余しているセレブたちは出張ホストサービスで男性を探し、セックスを求めているのです。ホスト希望の方なら容姿や年齢は一切不問!ご近所の女性を探して、多額の報酬をゲットしよう

  23. 楽しく、気持ちよく絶頂を味わえることで若い女性から熟女の女性まで幅広い世代で爆発的な人気がある、スローセックス。当サイトはプレイに興味がある、あるいは試してみたいけれど相手がいない…といった方の支援サイトです。当サイトでSEXパートナーを探してみませんか

  24. メル友募集 says:


  25. 逆円助 says:


  26. 精神年齢 says:


  27. 童貞卒業 says:


  28. 素人 says:


  29. 熟女 says:

    熟女だって性欲がある、貴方がもし人妻とSEXしてお金を稼ぎたいのなら、一度人妻ワイフをご利用ください。当サイトには全国各地からお金持ちのセレブたちが集まっています。女性から男性への報酬は、 最低15万円からと決めております。興味のある方は一度当サイト案内をご覧ください

  30. メル友募集 says:


  31. オナニー says:


  32. SOS娘 says:


  33. 話題の小向美奈子ストリップを盗撮!入念なボディチェックをすり抜けて超小型カメラで撮影した神動画がアップ中!期間限定配信の衝撃的映像を見逃すな

  34. 高額報酬 says:


  35. mixi says:


  36. 素人 says:


  37. メル友募集 says:

    最近してないし欲求不満です。一緒にいやらしいことしませんか?エッチには自信あるよ(笑) メール待ってるよ☆

  38. ホスト says:


  39. 家出 says:


  40. 動物占い says:


  41. 救援部 says:


  42. 家出 says:


  43. セレブ女性との割り切りお付き合いで大金を稼いでみませんか?女性に癒しと快楽、男性に謝礼とお互い満たしあえる当サイト、セレブラブはあなたの登録をお待ちしております。

  44. 夏フェス!! says:

    誰か満足させてくれる人いませんか?めんどくさいこと抜きでしよっ♪ とりあえずメールして☆

  45. 逆円 says:


  46. 家出 says:


  47. あなたのゲーマー度を無料ゲーム感覚で測定します。15個の質問に答えるだけの簡単測定で一度遊んでみませんか?ゲームが得意な人もそうでない人もぜひどうぞ。

  48. 素人 says:


  49. 出会い系 says:


  50. 逆援助 says:


  51. 友達募集 says:


  52. 出会い says:


  53. あなたの真のH度を診断できるHチェッカー!コンパや飲み会で盛り上がること間違いなしのおもしろツールでみんなと盛り上がろう

  54. 逆円 says:


  55. 人妻 says:


  56. 素人 says:


  57. 熟女 says:


  58. 家出 says:


  59. 逆援助 says:


  60. 出会い says:


  61. 救援部 says:


  62. メル友 says:


  63. 出会い says:


  64. 家出 says:


  65. 当サイトは、みんなの「玉の輿度」をチェックする性格診断のサイトです。ホントのあなたをズバリ分析しちゃいます!玉の輿度チェッカーの診断結果には、期待以上の意外な結果があるかも

  66. 毎月10万円を最低ラインとする謝礼を得て、セレブ女性に癒しを与える仕事があります。無料登録した後はメールアプローチを待つだけでもOK、あなたもセレブラブで欲求を満たしあう関係を作ってみませんか

  67. よーやくプロフ持ちになれました。私の事気になった方がいましたら気軽にメールください。恋バナとか好きなんでよろしくでぇす。

  68. 女性会員様増加につき、当サイトの出張ホストが不足中です。女性の自宅やホテルに出向き、欲望を満たすお手伝いをしてくれる男性アルバイトをただいま募集していますので、興味のある方はTOPページから無料登録をお願いいたします

  69. 家出 says:


  70. あなたのモテ度数を診断できる、モテる度チェッカー!日頃モテモテでリア充のあなたもそうでないヒキニートの貴方も隠されたモテスキルを測定して今以上にモッテモテになること間違いなし

  71. 逆援助 says:


  72. 倶楽部 says:


  73. プロフ作りました。興味ある方連絡まってま〜す。メアドを乗せておくので連絡ください。色んな人の色んな話聞きたい感じですのでヨロシク

  74. Thunder says:

    No repadmin /showbackup on sp2, but the event keeps appearing.

    Any updates about what changed on this subject on sp2?