Getting Started with Microsoft Visual Studio Team Foundation Server 2010

The new Basic configuration for Team Foundation Server gives you an easy to set up version of Team Foundation Server that supports source control, work items, and builds. It is a great place to migrate your Visual SourceSafe assets and pick up new features in the process. I wanted to do a walk through on how to get started using the system.
This post will be most helpful for those of you who have not installed or used Team Foundation Server before. Team Foundation Server can support sophisticated environments that include reporting, integration with SharePoint Products, support across multiple domains, distributed databases, etc. I’m not going to cover any of that here. Instead my goal is to help you understand "why Team Foundation Server" and how you can get started using the system.
First let’s talk about "why Team Foundation Server?" The goal of Team Foundation Server is to create a central repository with a set of tools that make it really easy to collaborate between roles. You could try to stitch together multiple disparate systems as follows:
In this case each system has its own storage, own set of identity for assets, own commands and tools. Getting this going is like trying to hook up a set of custom stereo components: you can pull it off but it’s going to be a lot of work and you are missing out on some stuff.
What I’d rather have is a system which can integrate these items together and then enable my default work flow through the system:
This integration enables some very common scenarios. In a typical day I’m going to edit source code, build the product, test it, file bugs, fix them, lather/rinse/repeat. When the entire work flow is supported with one integrated repository then all items can be related to each other. As an example when I check in bug fixes I’d really like to see those defects resolved with the change set recorded (see sample below).
The Basic configuration of Team Foundation Server allows you to do precisely this which is a big improvement over just having source control. The full version of Team Foundation Server then adds new features including automated testing, virtual lab deployment, and architectural validation (to name a few). This expands your work flow as follows:
You can decide which of these new components you add when you use Visual Studio.
There are many ways to access Team Foundation Server. As an engineer your most typical access point will be a version of Visual Studio. But if you are a tester you can use the new Test Manager product (no Visual Studio install necessary). If you are a project manager, you can also use the Web interface, Microsoft Excel, Microsoft Project, or (new for Visual Studio 2010) Microsoft Office SharePoint Server 2007 support for dashboards. More on this later. (For more information, see Role-Based Tasks for Team Foundation Server 2010 - editor's note).
In the rest of this post I will give you some step by step instructions on how to get going with Team Foundation Server using the basic configuration for your first project.
Getting Started
Now that you have the conceptual level it’s time to hook things up. You should start by doing the steps listed in Brian Harry’s Team Foundation Server post here. This will get all the required software on your machine with a default collection, creatively enough called DefaultCollection.
At this point we can connect to the Team Foundation Server collection from Visual Studio. The easiest way to accomplish this is to use the Team Menu (you can also use the link from the home page):
You will be asked to find the Server where Team Foundation Server lives. In this case my Windows 7 machine is called JLZW7. Add the server to the list using the Add button, then click Close:
At this point you can select the server from the combo box and then the DefaultCollection, then click Connect:
The Team Explorer tab will now have your server connection and DefaultCollection, but we don’t yet have a Team Foundation Server Project to store anything in yet:
For this tutorial I have created a new Windows Form project to act as our sample solution (File, New Project, Windows Forms). If you try to add this new code project to source control, you will get an error. For example:
After you select the "Add Solution to Source Control" menu item you get the error "No team project source control folders are available.":
The error isn’t that intuitive (especially given the word project is used for both Team Foundation Server and inside your Visual Studio code solution but are different things). The error means you must create an actual Team Foundation Server project to contain all of the assets for your work. In Team Explorer, right-click your collection and choose New Team Project:
In this case I’m going to create a Team Foundation Server project for an Accounts Payable system. This project will contain all of the solutions, data, etc required for the overall system. After entering the data, click Next:
The Agile template is the default but you can also select CMMI. You can find more details on MSDN about the project template types. If you are using any agile methodologies (like TDD) this is a fine choice. After making a choice, just click Finish:
You will get various status updates as the project is being created:
After success, click the Close button:
Team Explorer will now have the project ready to hold Work Items, Builds, and Source Control:
At this point you can update the project collection. Let’s add the new solution to Team Foundation Server again. Right-click the project in the Solution Explorer and select Add Solution to Source Control:
At this point you could create a new folder in Team Foundation Server for the solution or just take the default. When you are happy, click the OK button:
Upon success the Solution Explorer will now show the files are under source control (see the ‘+’ symbol in front of the files):
You will also see the list source control actions taken to publish the solution. Add a comment and then click Check-In:
Confirm the check-in by clicking Yes.
At this point your new solution is in Team Foundation Server and ready for Work Items.
Work Items
You can create work items directly inside Visual Studio using the Team Explorer, through the web front end, and the Test Manager tool. To look at your work items, open the Team Explorer and expand Work Items, Team Queries, Iteration 1. You can then double-click any query (such as Active Bugs) to see any items available to you:
Our Team Foundation Server project is empty so there are no active bugs in the list:
Let’s create a new item just to get us in business. Select the Team, New Work Item menu. Here you can create several types of work items to track features, defects, etc. We’ll select Bug to get going:
Enter any data you want for the new bug and click Save Work Item to commit it to the database:
If you now refresh your active bug query list, you will see the new bug:
Let’s add a real bug to fix our project. In my example I just created a default Windows Forms application. We’ll want to update the title:
Now we need to fix the bug. Navigate back to the Solution Explorer, select Form1.cs then choose Check Out for Edit:
Click the Check Out button to confirm:
The file will now have a check mark next to it so you know it is open for edit:
As you update the Text property of the main window, Visual Studio will automatically check out any dependent files for you:
This is a Windows Forms application but it works on all solution/project types. Now that we are happy with the code change, select the Pending Changes tab in the bottom of Visual Studio:
In this case we are fixing a bug, so click the Work Items icon button:
Select bug #2 which tracks our title error. We are going to resolve it with this check-in:
Add any comments you want and click Check-In, then Yes to confirm:

If you refresh bug #2, you will now see the status changed to Resolved and the history is updated:
Notice the change set (the set of source control changes) have been automatically included in the history.
At this point you could continue to create and fix bugs as required to ship your solution.
Other Ways to Explore Team Foundation Server
I mentioned that you don’t have to use Visual Studio itself to access the Team Foundation Server repository. We’ve done a lot of deep integration with other clients like the Web and Microsoft Office. As an example, I can simply pull up my web browser and go right to my server by using the server name (where 8080 is the default port): http:// jlzw7:8080/tfs/
At this point I can explore my collections and projects. If you select the new AccountsPayable project we just created then the Continue button, you get more details. In this case by navigating to the Work Items tab I can find the bugs in the system including our newly resolved bug:
This is a really easy way to explore your project from any machine with no setup required. There is similar support for using Microsoft Excel, Microsoft Project, etc. This kind of access makes it easy for all people working on your project (engineers and project managers) to work together.
At this point you have a very useful set of assets you can use to get your job done. For those of you using Visual SourceSafe today, you might be very happy with just this level of support. You can put down this tutorial now and come back later if you want to try some advanced features, for example the testing scenario I showed using beta 1 in this tutorial.
Build Support
The next typical part of your work flow will be to automate your builds for the product. Assuming you followed Brian’s installation instructions, you now have local build support on your machine with Team Foundation Server. The first step is to navigate to the Team Explorer, right-click Build Definitions, and select New Build Definition:
This will give us a set of definitions to fill out, just like a code project property page:
The Trigger page allows us to decide when builds are kicked off. You have many options to pick from:

• Manual is the default and the option we will use. We will have to kick off our own builds with this option.
  
• Continuous Integration is very helpful when you want to have a new build after every check-in. This allows you to validate new changes right away rather than waiting later when many check-ins get mixed together.
  
• Rolling builds give you a way to batch changes together which is very handy when builds are starting to take a while and you can’t afford to do every one.
  
• Gated Check-ins allow you to ensure all check-ins build before they are committed to Team Foundation Server. This makes sure you never expose a build break to other members of your team.
  
• Scheduled builds are useful for getting a daily build out for the entire team to try out.
  

You can create and use many different build definitions which allow you to employ different build types for different purposes.
You can explore all the tabs at your leisure (each is fully documented with the product). But we need to resolve the yellow warning sign on Build Defaults by giving the build a place to store our new build, in this case a public UNC I created on my machine:
Now you can save the build definition to Team Foundation Server. If we go back to the Team Explorer we can queue a build of the project:
We’ll get a confirmation dialog where we can just select the Queue button:
This will then queue off a build on my machine as shown by the status page:
If you double-click the queued build you will get the detailed status of the build:
From here you can see warnings and errors, view the log file, navigate to the drop, etc. As an example if you select the "View Log File" link you can see the executed build script (subset):
If you select the Open Drop Folder link you will be taken to our drop location:
Now anyone can pick up the build and do their daily testing, release to a customer, etc.
At this point you really have everything you need to make full use of the basic features of Team Foundation Server.

Role-Based Tasks for Team Foundation Server 2010

---

When a team gets started with Visual Studio Application Lifecycle Management (ALM), the administrator sets up the server, the project manager creates a team project, and the other team members set up their working environments. The links in the rest of this topic guide you through the tasks of getting started with Team Foundation Server based on the following software development roles:

• Administrator for Team Foundation Server
  
• Project managers
  
• Source control and build managers
  
• Individual team members
  

Tasks for the Administrator of Team Foundation

1. If you followed the tutorial earlier in this topic, you installed Team Foundation Server by using the basic configuration. However, you may need to perform different installation tasks, including upgrading a previous installation of Team Foundation Server or performing a custom installation of Team Foundation Server or one of its prerequisites.
   For more information, see this topic on the Microsoft Web site: Installation Guide for Team Foundation.
   
2. If you followed the tutorial earlier in this topic, you were automatically granted all the required permissions for project creation during installation of Team Foundation Server. You may want to grant additional users the permissions that they need to act as administrators, project administrators, and other roles.
   For more information, see Configuring Users, Groups, and Permissions.
   
3. Create a maintenance plan that will help ensure that your data is backed up in case of a hardware failure or other event. For more information, see Backing up and Restoring Your Deployment.
   
4. If any of your teams will use Visual Studio Lab Management, install Microsoft System Center Virtual Machine Manager, configure Lab Management, and create your virtual environments.
   For more information, see Configuring Lab Management for the First Time.
   
5. If any of your teams will deploy builds and run tests remotely, install test controllers and test agents on physical or virtual machines.
   For more information, see Setting Up Test Machines to Run Tests or Collect Data.
   
6. If you followed the tutorial earlier in this topic, you installed Team Foundation Build by using the basic configuration. However, you may need to perform certain management tasks to get the build environment that you require.
   For more information, see Administering Team Foundation Build.
   
7. Review the options for changing or modifying your deployment as your operational needs change. For more information, see Managing the Server Configuration.
   

Tasks for the Project Manager

1. Install the client or clients of Team Foundation that you will use.
   For more information, see Installing Visual Studio.
   
2. Determine your project resource requirements and the project collection in which you will create a team project.
   For more information, see Quick Start Guide to Launching a Team Project.
   
3. Choose a process template.
   For more information, see Choose a Process Template.
   
4. In Team Explorer, create a team project.
   For more information, see Create a Team Project.
   
5. (Optional) Define the product areas and milestones for your team project.
   For more information, see Create and Modify Areas and Iterations.
   
6. Grant team members the permissions that they need to work in the team project.
   For more information, see Add Users to Team Projects.
   
7. (Optional) Grant additional permissions to specific team members.
   You or another administrator may need to provide additional permissions to team members who will be responsible for managing the source code under Team Foundation version control, managing builds, managing tests and the lab environment for testing, and other project-level activities. Specific permissions can be assigned to individual team members or groups.
   For more information, see the following sections in Team Foundation Server Permissions:
   
   • Build-level permissions
     
   • Project-level permissions
     
   • Area and iteration-level permissions for work item tracking
     
   • Version control permissions
     
   • Lab management permissions
     
8. (Optional) Grant report authors additional permissions.
   To create or modify reports that access data that is stored in the data warehouse, team members must have read access to the databases that make up the data warehouse. For more information, see Grant Access to the Databases of the Data Warehouse for Visual Studio ALM
   
9. Notify team members of team project resources and enrollment activities.
   For more information, see Notify Team Members of Team Project Resources.
   
10. Plan your product.
    If your team project is based on the process template for MSF for Agile Software Development v5.0, you can create your product backlog by using the Product Planning workbook. You can use the Product Planning workbook to manage the backlog of user stories and balance the workload across several iterations, also known as sprints. For more information, see Product Planning Workbook.
    If your team project is based on the process template for MSF for CMMI Process Improvement v5.0, you can use the Product Requirements team query to start to plan your product. You can open this query in Office Excel, add requirements, and then publish them to Team Foundation. You can also use Office Project to plan and schedule your project. For more information, see the following topics:
    
    • Requirement (CMMI)
      
    • Managing Work Items Using Microsoft Excel Bound to Team Foundation Server
      
    • Performing Top-Down Planning Using a Tree List of Work Items (In Excel)
      
    • Scheduling Tasks and Assigning Resources Using Microsoft Project
      

Tasks for the Version Control and Build Managers

1. Configure version control.
   For more information, see Administering Team Foundation Version Control.
   
2. If you are using Team Foundation Build, create build definitions for each of your team projects.
   For more information, see Building the Application.
   

Tasks for Individual Team Members

1. Install the client or clients of Team Foundation that you will use.
   For more information, see Installing Visual Studio.
   
2. Set up your workspace for version control.
   For more information, see Create a Workspace to Work with your Team Project and Placing Files under Version Control.
   
3. Familiarize yourself with creating, modifying, and finding tasks and other work items.
   For more information, see Getting Started Tracking Work.
   
   MSDN

Configure the Team Foundation Build Service of TFS 2010

Configure the Team Foundation Build Service of TFS 2010

1. Open the Team Foundation Server Administration Console from Start Menu –> Microsoft Team Foundation Server 2010 Beta 2.
2. In the Team Foundation Server Administration Console select Team Foundation Build Configuration from the left panel and then click Configure Installed Features on the right.

3. On the Team Foundation Server Configuration screen click Start Wizard.

4. On the Team Foundation Build Service Configuration Wizard start screen click Next.

5. On the Team Project Collection screen click Browse… to select the team project collection that this build machine will serve.

6. On the Connect to Team Project Collection dialog click Servers… to select the Team Foundation Server where the team project collection is located.

7. On the Add/Remove Team Foundation Server dialog click Add… to add your Team Foundation Server to your server list.

8. On the Add Team Foundation Server dialog enter localhost for the server name (we installed TFS on the same Windows 7 machine where we are configuring the Team Build Service) and leave the other fields with the default values. Then click OK and then Close in the previous dialog.


9. Back in the Connect to Team Project Collection dialog, select localhost in the server drop down list and DefaultCollection on the directory list. Then click Connect.

10. Back in the Team Project Collection screen of the wizard you can see you have now selected DefaultCollection for your team project collection. Click Next.

11. On the Configure Team Foundation Service screen, select Use the default setting and select 1 (recommended) from the drop down list. This is appropriate as we are configuring a build service for a Windows 7 laptop, so we don’t want to affect the performance of the machine with more than one build agent. Click Next.

12. On the Configure Build Machine screen select Use a user account and then enter your user credentials. I didn’t select Network Service because in the verification step (a couple of steps after this) I got a warning stating that Network Service was not part of the project collection. So for now just enter the same administrator account that you used to install TFS 2010. Make sure you specify your account as <machinename>\<username> because if you don’t specify the machine name and click Test it will pass the validation here but will
fail in the middle of the configuration process later (I suppose this is a bug, hopefully fixed for RTM). Leave the default port selected (9191) and then click Next.

13. On the Configuration Summary screen click Next.

14. On the Readiness Checks screen wait for all validations to pass and then click Configure.

15. On the Configuration Process screen wait until the all the configuration is done and then click Next.

16. Your Team Foundation Build Service is now ready to use. Click Close to end the wizard.

17. From now on you can check and/or change your Team Foundation Build configuration from the Team Foundation Server Administrator Console.

I must say that, besides user account problem I related in step 12, it was a pretty easy configuration and I am now curious about this new Build Controller + Build Agent environment that you have in 2010. I think it will make much more sense in a more complex environment.
I’d like to cover the actual creation of a new Team Project in the next post. I’m pretty excited to see the innovations in the process templates, specially for MSF 5.0, so keep checking the blog for some updates soon.

Julio

Install Team Foundation Server 2010

The installation of Microsoft's latest beta release of Team Foundation Server 2010 has apparently been quite a hot topic in IT lately. My Twitter page isn't that popular and when I first started tweeting my progress, shortly after I was receiving messages regarding my documentation and progress. Here is the shortly awaited documentation on what I've done to install TFS.

Here's what my environment looks/will look like:

- Windows Server 2008 Enterprise (with hyper-v but that's irrelevant)

- SQL Server 2008 Standard

- WSS 3.0

- Sharepoint 2007 Enterprise

- Team Foundation Server 2010 Beta 1 (of course)

There are a few ways this environment can be changed around (which versions such as Enterprise or Standard can be used). Check out Microsoft's TFS installation documentation for this information (a convenient .chm file...check my blog post on this if you have issues opening this file).

Additionally, this post documents a single-server installation on a 64-bit machine.

Here's a summary of the order of software installation that will be taking place.

1.) Windows Server 2008 (we have to have an operating system)

2.) IIS 7

3.) SQL Server 2008

4.) Team Foundation Server 2010 Beta 1 (with WSS 3.0)

If it isn't obvious yet, this is going to be a long post. I've taken screenshots of many of the steps which won't help the length. Is everyone buckled in? Good. Let's get started.

Installing Windows Server 2008

The install of Windows Server really isn't that complicated. There are not special requirements for this. However, post-install, my server was added to a domain so I could use domain service accounts. It isn't necessary to have the server added to a domain though.

Installing IIS 7.0

This part really isn't too bad (thankfully). In the server management, on the left click Roles. On the right, click Add Role Services.

On the window that comes up, at the bottom check Web Server (IIS) and click Next.

Here some default values are selected. You need to add HTTP Redirection, ASP.Net, Windows Authentication, and IIS 6 Management Compatibility and all subordinate check boxes. Click Next.

Here your selections are reviewed. If everything is correct, click Install. Once the install has completed, you'll see another review window. If everything was successful, click Close.

Installing SQL Server 2008

Here's where the real fun begins. This install isn't too bad. The real ticket is to know if you have any service accounts you want to use for the SQL services. Since I did a single-server install on a server dedicated to my team, I used NT Authority/Network Service for mostly everything, but I'll get to that a little later.

First off, insert the SQL installation media (I used an ISO file mounted through Hyper-V for mine).

From here, run the setup executable on the disk. Mine did an autorun. From that window, I selected installation on the left navigation pane. On the screen that loads on the right, select New SQL Server stand-alone installation or add features to an existing installation.

The screen that comes up will run five tests. If your installation is clean than most likely all five will pass with a green check mark. Mine threw a warning to me on Windows Firewall because mine was turned on with default settings. Since the server is behind two firewalls, I elected to disable the Windows firewall completely. Re-running the test after that resolved the warning. Click Okay.

Here we are at the obligatory Product Key screen. Enter your product key and hit Next.

If you accept the license terms (License Terms page), check the box and click Next.

The next screen wants to install setup support files. Go ahead and click Install to continue. The following screen will yet again, run some more tests (eleven to be precise). Again, if this is a clean install, every test should pass.

Here's one of the crucial screens: Feature Selection. On this screen, you should select to install Database Engine Services (for TFS), Full Text search (for reporting), Reporting Services (for reporting), Analysis Services, Client Tools Connectivity, and Management Tools Basic. Once those are checked, click Next.

Hit Next to continue to the Instance Configuration screen. If you want to, you can rename this SQL instance to whatever you want it to be. I chose the default MSSQLSERVER since it will be used for TFS only and nothing else will be connecting to it. Click Next.

Click Next on the Disk Space Requirements screen.

Here we are at the Server Configuration section. Unless you have any specific domain accounts set up for running SQL, NT AUTHORITY\Network Service will suffice for all of the accounts listed. No password is required to use this username. Also be sure to change SQL Server Agent to start up automatically (by default it is manual). Click Next.

The Microsoft documentation suggests on the Database Engine Configuration page that Windows authentication mode be checked. I have had some pretty nasty experiences with this in the past and selected Mixed mode authentication. Following this, you need to type in a password for the SQLSA user. Also, don't forget to add all of the users you want to have access to the DB engine. Once you're done with that, click next.

The next page is the Analysis Services Configuration page. Add any users you want to have access to the analysis services that your SQL instance will supply. Click Next.

On the Reporting Services Configuration page, select Install the native mode default configuration. Click Next.

Here's the obligatory Error and Usage Reporting screen. Check whether or not you want Microsoft to receive anonymous usage statistics regarding your SQL instance and click Next.

Nearing the end, click Next on the Installation Rules screen.

Finally, we're at the Ready to Install screen. Review the features to be installed and click Install.

Once the installation is complete, click Next and Close.

Installing Team Foundation Server 2010 Beta 1

Here we are at the final software install. This part really isn't too bad (surprisingly enough).

To begin, insert the installation media (once again, I mounted an ISO through Hyper-V). If autorun is enabled, a standard window should come up giving you the option to explore the newly inserted media. If this does not happen, just open up Computer and navigate to the disk.

Inside the disk there are three folders. Depending on your processor architecture, choose either the TFS-x64 or TFS-x86 folders. From within that folder, run the Setup.exe file.

Here we're at the first screen. Click Next to proceed.

Once again, the ever-present Licensing Terms page. If you accept, check the box and hit Next.

The Microsoft documentation suggests that only Team Foundation Server be checked. I actually need the build server to be on the Team Foundation Server as well so I checked all three. Either will work though. Click Install.

During your installation, the server will need to be restarted. Click restart now. Upon restart, the configuration option will become available to you.

Pat yourself on the back. You just installed TFS. This is a long enough blog post for now. I'll post here very shortly the configuration steps I took for TFS (still haven't taken all of the screenshots I need for it).

Aaron - aaronwball.blogspot.com

Công ty cổ phần công nghệ VSD

Công ty cổ phần công nghệ VSD ( http://vsd.com.vn) thành lập năm 2012. VSD được thành lập với mục tiêu cung cấp cho khách hàng những sản phẩm, giải pháp CNTT đáng tin cậy và hiệu quả cao.

 VSD luôn có những ý tưởng và tầm nhìn bắt kịp với sự phát triển về công nghệ thông tin, có những giải pháp để đáp ứng với nhu cầu thực tế. Với lực lượng cán bộ chuyên nghiệp, được đào tạo bài bản và có nhiều kinh nghiệm hoạt động trong lĩnh vực CNTT, chúng tôi luôn tự tin có thể mang đến cho các bạn sự hài lòng nhất thông qua các giải pháp, sản phẩm và dịch vụ của chúng tôi.
       Bằng sự nỗ lực của lãnh đạo và tập thể cán bộ VSD, chúng tôi sẽ phấn đấu hết mình vì sự phát triển CNTT của nước nhà, vì sự hài lòng của quý khách hàng. VSD cam kết sẽ luôn đem lại các sản phẩm, dịch vụ hiệu quả nhất, hỗ trợ vận hành, nhiệt tình giải đáp các thắc mắc của khách hàng 24/7.

Sản phẩm và dịch vụ của công ty VSD
Sản phẩm

Dịch vụ

ISA 2006 Authentication over HTTP

I implemented different ISA 2006 Reverse Proxy servers in conjunction with Microsoft Exchange 2003 or Windows Exchange 2007.
Today I configured ISA 2006 with Exchange 2007. I configured the Reverse Proxy server as I did always. And the connection from outside the network works perfectly. On the internal Exchange server I configured Basic and Integrated Authentication on the OWA virtual directory. The problem is that internal users now automatically log in to their webmail box when entering the URL from the Exchange server.
This is not the desired configuration, because internal users should be able to open other people’s mailboxes by logging in as that user. The customer also has an ISA 2006 on the internal network for forwarding proxy purposes.
I decided to publish Exchange 2007 on the internal ISA 2006 server as well. The configuration should use Form Based Authentication (FBA) over HTTP. After configuring and trying the connection, the user can’t access the ISA logon page. In the logging you find that Authentication over HTTP isn’t allowed.

Error Code: 403 Forbidden. ISA Server is configured to block HTTP requests that require authentication. (12250)

This is a default setting in ISA 2006 which can be disable. To allow Authentication over HTTP go to the Listener configuration. Go to the Authentication tab and Select Advanced. In the next tab enable the option Allow client authentication over HTTP. This option enables the using FBA over HTTP.

 booches.nl

Active Directory restores: How to restore deleted objects

Windows Server 2008 and Windows Server 2008 R2 allow you to restore deleted objects back to the Active Directory. In this article, I will demonstrate an Active Directory restore with a combination of authoritative and non-authoritative techniques.
A non-authoritative restoration is a process in which the domain controller is restored, and then the Active Directory objects are brought up to date by replicating the latest version of those objects from other domain controllers in the domain.
An authoritative restore is an operation in which the data that has been restored takes precedence over the data that exists on other domain controllers in the domain. When you perform an authoritative restore, the current versions of objects in the Active Directory are overwritten by the versions of the objects which were restored.
This process works the same way regardless of how you made the backup or where the data is being restored from. The Active Directory objects that have been restored are assigned a new version number, which ensures that the Active Directory replication process will overwrite the existing Active Directory objects with the objects that have been restored. This process is completely automated and it affects all of the domain controllers in the domain.
Performing the restoration
The restoration process is performed from the command line. To begin, you’ll need to know the name of the object that you plan to restore, as well as that object’s location within the Active Directory.
Because we are restoring an object that has been previously overwritten or deleted, we will have to perform an authoritative restore. That way the item that you have restored will not be overwritten by a newer copy during the Active Directory replication process.
However, we can’t just jump right in to an authoritative restoration, because the entire Active Directory would be rolled back to a previous state and defeat the purpose of performing a granular restoration.
To keep that from happening, we’ll perform a non-authoritative restore of the entire Active Directory. After doing so, we can make the restoration authoritative for the specific object that needs to be restored.
Performing a non-authoritative restoration
There are a variety of methods for performing the initial non-authoritative restore. The easiest way to complete this process is to stop the Active Directory Domain Services and then restore a valid system state. To stop the Active Directory Domain Services you will need to open an elevated command prompt and then enter the following command:
Net Stop NTDS
As you can see in Figure A, shutting down the Active Directory Domain Services causes several other dependency services to stop as well. The dependency services that are affected by this operation include:

Kerberos Key Distribution Center
Intersite Messaging
DNS Server
DFS Replication
Once the Active Directory Domain Services have been stopped, you can restore a System State backup. When the restoration process completes, you will likely be prompted to reboot your server. You should avoid rebooting because doing so will cause the Active Directory Domain Services to be restarted, which will cause your restoration to be overwritten.
Performing an authoritative restore
Before the server is rebooted, we need to tell Windows which Active Directory object needs to be restored authoritatively. This can be accomplished by using the NTDSUTIL utility. You can begin the process by entering the following commands:
Ntdsutil
Activate Instance NTDS
Authoritative Restore
Although not technically required, I recommend entering the LIST NC CRs command at this point. This command will list the various Active Directory partitions and their cross references. It allows you to validate that you are about to perform an authoritative restore within the correct Active Directory partition, as shown in Figure B.

Now it’s time to specify the object that needs to be restored. You can do so by using the Restore Object command. For example, suppose that you wanted to restore a user account named User1 that existed in the Users container in a domain named Contoso.com. To perform such a restoration, you would use the following command:
Restore Object “CN=User1,CN=Users,DC=Contoso,DC=com”
Wrapping it up
Now that you have marked the object that needs to be restored, the only thing that is left do is to restart the Active Directory Domain Services. This can be accomplished by entering the following command:
Net Start NTDS
When the Active Directory Domain Services start, the object that you restore will be replicated to the other domain controllers in the domain.
About the author: Brien M. Posey, MCSE, has previously received Microsoft's MVP award for Exchange Server, Windows Server and Internet Information Server (IIS). Brien has served as CIO for a nationwide chain of hospitals and has been responsible for the Department of Information Management at Fort Knox. You can visit Brien's personal website at www.brienposey.com.

How to Backup and Restore Active Directory on Server 2008

Have you ever accidentally deleted a user account or an OU in Active Directory and wished you could restore it?
I recently had a client call me after they installed updates and rebooted their server. They noticed after the reboot that there was a message that said “Active Directory is rebuilding indices. Please wait”.
Their Active Directory database had become corrupted from the updates. So what do you do? How can you restore AD?
Let’s talk about how to backup AD in Windows Server 2008 and how to restore it. Today I’ll show you:

• what you need to do to get your Server 2008 ready for backup
• how to backup Active Directory on Server 2008
• how to perform an Authoritative Restore of Active Directory
• how to perform Active Directory Snapshots

Prerequisites: Getting Server 2008 Ready for Backup

Before you can backup Server 2008 you need to install the backup features from the Server Manager.
1. To install the backup features click Start → Server Manager.


2. Next click Features → Add Features



3. Scroll to the bottom and select both the Windows Server Backup and the Command Line Tools



4. Click Next, then click Install

Backing up Server 2008 Active Directory

Now that we have the backup features installed we need to backup Active Directory. You could do a complete server backup, but what if you need to do an authoritative restore of Active Directory?
As you’ll notice in Server 2008, there isn’t an option to backup the System State data through the normal backup utility.



So what do we do? We need to go “command line” to backup Active Directory.
1. Open up your command prompt by clicking Start and type “cmd” and hit enter.
2. In your command prompt type “wbadmin start systemstatebackup -backuptarget:e:” and press enter.
Note: You can use a different backup target of your choosing
3. Type “y” and press enter to start the backup process.



When the backup is finished running you should get a message that the backup completed successfully. If it did not complete properly you will need to troubleshoot.



Now you have a system state backup of your 2008 Server!

Authoritative Restore of Active Directory

So now what if you accidentally delete an OU, group, or a user account and it’s already replicated to your other servers? We will need to perform an authoritative restore of the Active Directory object you accidentally deleted.
1. To do this you will need to boot into DSRM (Directory Services Restore Mode) by restarting your server and pressing F8 during the restart.
2.Choose Directory Services Restore Mode from the Advanced Boot menu.



3. Login to your server with your DSRM password you created during Active Directory installation.
4. Once you’re logged into your server and in DSRM safe mode, open a command prompt by clicking Start, type “cmd“, and press enter.
5. To make sure you restore the correct backup it’s a good idea to use the “wbadmin get versions” command and write down the version you need to use.



6. Now we need to perform a non-authoritative restore of Active Directory by typing “wbadmin start systemstaterecovery -version:04/14/2009-02:39“.
Note: The version of backup will vary depending on your situation. Type “y” and press enter to start the non authoritative restore.
7. Go grab some coffee and take a break while the restore completes.



8. You can mark the sysvol as authoritative by adding the –authsysvol switch to the end of the wbadmin command.



9. But if you want to restore a specific Active Directory object then you can use the ever familiar ntdsutil.
For this example we are going to restore a user account with a distinguished name of CN=Test User,CN=Users,DC=home,DC=local. So the commands would be:

ntdsutil
activate instance ntds
authoritative restore
restore object “cn=Test User,cn=Users,dc=home,dc=local”

Note: The quotes are required



10. Reboot your server into normal mode and you’re finished. The object will be marked as authoritative and replicate to the rest of your domain.

Using Active Directory Snapshots

There is a really cool new feature in Windows Server 2008 called Active Directory Snapshots. Volume Shadow Copy Service now allows us to take a snapshot of Active Directory as a type of backup. They are very quick to create and serve as another line of defense for your backup strategy.
With your server booted into normal mode open a command prompt by clicking Start, type “cmd“, and press enter.
We are going to use the ntdsutil again for creating the Active Directory snapshots. The commands are:

ntdsutil
snapshot
activate instance ntds
create
quit
quit

So now that you have a snapshot of AD, how do you access the data? First we need to mount the snapshot using ntdsutil. The commands are:

ntdsutl
snapshot
list all
mount 1 — (Note: You should mount the correct snapshot you need; for this example there is only 1.)
quit
quit

Your snapshot is mounted, but how do you access the data? We need to use the dsamain command to accomplish this. Then we need to select an LDAP port to use. The command is as follows:

dsamain –dbpath c:\$SNAP_200905141444_VOLUMEC$\WINDOWS\NTDS\ntds.dit –ldapport 10001

The result should look like this:



Now we need to go to Start, Administrative Tools, then Active Directory Users and Computers.
Right click Active Directory Users and Computers and select Change Domain Controller.



In the area that says < Type a Directory Server name [:port] here > enter the name of your server and the LDAP port you used when running the dsamain command.
For my example it would be: WIN-V22UWGW0LU8.HOME.LOCAL:10001



Now you can browse the snapshot of Active Directory without affecting anything else negatively.

Your AD Backup Strategy

It’s always good to have a solid backup plan for your Active Directory. You can use a combination of backup strategies or just one of these methods for backing up your Active Directory.
Make sure you tailor your Active Directory backup strategy to meet your company’s needs and make it easy to recover if disaster does strike.

Trainsignal.com