|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
ADAM VSS Backup/Permissions As a Scheduled TaskI am running ADAM on a Windows 2003 member server. Our server backup solution does not support the VSS backups at this time. The ADAM component can only be backed using the VSS backups. To work around the backup issue, I am performing the ADAM backups in two steps. Step 1: Back ADAM up to file on the ADAM server using the Windows Backup utility. Step 2: Our backup solution then backs up the ADAM backup file to tape. For the Step 1 process, I have created a Windows Backup file (.bks) that specifies the ADAM folders, backup type (Normal), and other options. A batch file has been created that calls ntbackup.exe with the Windows Backup switches. The batch file is executed as Scheduled Task and runs under the security context of an Active Directory account. Note: The "run only if logged in" option on the scheduled task has been disabled. The Active Directory account has been granted permissions in ADAM. [Issue] The Windows Backup (executed as a Scheduled task) executes properly, if the Active Directory account has local Administrator rights on the ADAM server. The Windows Backup fails with the following errors, when the Active Directory account has Power User or Backup Operator rights on the ADAM server: Volume shadow copy creation: Attempt 1. ---------------------- The operation did not successfully complete. ---------------------- Note: If the AD account is logged in via a WTS session when the task begins, then it executes properly with the Power User or Backup Operator rights. Our security model does allow me to provide the Active Directory account used for the Scheduled Task to have local Administrator rights on the server. What are the minimum permissions required to backup the ADAM database and transaction logs with Windows Backup as a scheduled task using an AD account that is not interactively logged on? Is there something I need to set or enable? Thanks, Milt Hi
did you see my response to your previous post http://groups.google.co.uk/group/microsoft.public.windows.server.active_directory/msg/1f2d5a339988f355?hl=en Thanks Lee Flight Show quoteHide quote "Milt" <mlb***@ev1.net> wrote in message news:et6wRGUQGHA.5560@TK2MSFTNGP10.phx.gbl... > [Reposting after needed sleep and rewording] > > > > I am running ADAM on a Windows 2003 member server. Our server backup > solution does not support the VSS backups at this time. The ADAM > component can only be backed using the VSS backups. > > > > To work around the backup issue, I am performing the ADAM backups in two > steps. > > Step 1: Back ADAM up to file on the ADAM server using the Windows Backup > utility. > > Step 2: Our backup solution then backs up the ADAM backup file to tape. > > > > For the Step 1 process, I have created a Windows Backup file (.bks) that > specifies > the ADAM folders, backup type (Normal), and other options. A batch file > has been created that calls ntbackup.exe with the Windows Backup switches. > The batch file is executed as Scheduled Task and runs under the security > context of an Active Directory > account. > > Note: The "run only if logged in" option on the scheduled task has been > disabled. The > Active Directory account has been granted permissions in ADAM. > > > > [Issue] > The Windows Backup (executed as a Scheduled task) executes properly, if > the Active Directory account has local Administrator rights on the ADAM > server. > > > > The Windows Backup fails with the following errors, when the Active > Directory account has Power User or Backup Operator rights on the ADAM > server: > > > Volume shadow copy creation: Attempt 1. > > ---------------------- > > The operation did not successfully complete. > > ---------------------- > > Note: If the AD account is logged in via a WTS session when the task > begins, then it executes properly with the Power User or Backup Operator > rights. > > > > Our security model does allow me to provide the Active Directory account > used for the Scheduled Task to have local Administrator rights on the > server. > > > What are the minimum permissions required to backup the ADAM database and > transaction logs with Windows Backup as a scheduled task using an AD > account that is not interactively logged on? > > > > Is there something I need to set or enable? > > Thanks, > Milt > > Hi Lee.
Apologies. I did not see your previous response. I am using the Network Service account for ADAM. I checked the event logs and the backup log when I encountered the error. The event logs did not contain any errors. The backup log contained the error that I included in my post. I will try the KB article fix and post my results. Thanks for your help, Milt Show quoteHide quote "Lee Flight" <l**@le.ac.uk-nospam> wrote in message news:OMFZMtWQGHA.964@tk2msftngp13.phx.gbl... > Hi > > did you see my response to your previous post > > http://groups.google.co.uk/group/microsoft.public.windows.server.active_directory/msg/1f2d5a339988f355?hl=en > > > Thanks > Lee Flight > > "Milt" <mlb***@ev1.net> wrote in message > news:et6wRGUQGHA.5560@TK2MSFTNGP10.phx.gbl... >> [Reposting after needed sleep and rewording] >> >> >> >> I am running ADAM on a Windows 2003 member server. Our server backup >> solution does not support the VSS backups at this time. The ADAM >> component can only be backed using the VSS backups. >> >> >> >> To work around the backup issue, I am performing the ADAM backups in two >> steps. >> >> Step 1: Back ADAM up to file on the ADAM server using the Windows Backup >> utility. >> >> Step 2: Our backup solution then backs up the ADAM backup file to tape. >> >> >> >> For the Step 1 process, I have created a Windows Backup file (.bks) that >> specifies >> the ADAM folders, backup type (Normal), and other options. A batch file >> has been created that calls ntbackup.exe with the Windows Backup >> switches. The batch file is executed as Scheduled Task and runs under the >> security context of an Active Directory >> account. >> >> Note: The "run only if logged in" option on the scheduled task has been >> disabled. The >> Active Directory account has been granted permissions in ADAM. >> >> >> >> [Issue] >> The Windows Backup (executed as a Scheduled task) executes properly, if >> the Active Directory account has local Administrator rights on the ADAM >> server. >> >> >> >> The Windows Backup fails with the following errors, when the Active >> Directory account has Power User or Backup Operator rights on the ADAM >> server: >> >> >> Volume shadow copy creation: Attempt 1. >> >> ---------------------- >> >> The operation did not successfully complete. >> >> ---------------------- >> >> Note: If the AD account is logged in via a WTS session when the task >> begins, then it executes properly with the Power User or Backup Operator >> rights. >> >> >> >> Our security model does allow me to provide the Active Directory account >> used for the Scheduled Task to have local Administrator rights on the >> server. >> >> >> What are the minimum permissions required to backup the ADAM database and >> transaction logs with Windows Backup as a scheduled task using an AD >> account that is not interactively logged on? >> >> >> >> Is there something I need to set or enable? >> >> Thanks, >> Milt >> >> > > Hi Lee.
Great information. Your recommendation corrected my issue. Thanks again for your help, Milt Show quoteHide quote "Lee Flight" <l**@le.ac.uk-nospam> wrote in message news:OMFZMtWQGHA.964@tk2msftngp13.phx.gbl... > Hi > > did you see my response to your previous post > > http://groups.google.co.uk/group/microsoft.public.windows.server.active_directory/msg/1f2d5a339988f355?hl=en > > > Thanks > Lee Flight > > "Milt" <mlb***@ev1.net> wrote in message > news:et6wRGUQGHA.5560@TK2MSFTNGP10.phx.gbl... >> [Reposting after needed sleep and rewording] >> >> >> >> I am running ADAM on a Windows 2003 member server. Our server backup >> solution does not support the VSS backups at this time. The ADAM >> component can only be backed using the VSS backups. >> >> >> >> To work around the backup issue, I am performing the ADAM backups in two >> steps. >> >> Step 1: Back ADAM up to file on the ADAM server using the Windows Backup >> utility. >> >> Step 2: Our backup solution then backs up the ADAM backup file to tape. >> >> >> >> For the Step 1 process, I have created a Windows Backup file (.bks) that >> specifies >> the ADAM folders, backup type (Normal), and other options. A batch file >> has been created that calls ntbackup.exe with the Windows Backup >> switches. The batch file is executed as Scheduled Task and runs under the >> security context of an Active Directory >> account. >> >> Note: The "run only if logged in" option on the scheduled task has been >> disabled. The >> Active Directory account has been granted permissions in ADAM. >> >> >> >> [Issue] >> The Windows Backup (executed as a Scheduled task) executes properly, if >> the Active Directory account has local Administrator rights on the ADAM >> server. >> >> >> >> The Windows Backup fails with the following errors, when the Active >> Directory account has Power User or Backup Operator rights on the ADAM >> server: >> >> >> Volume shadow copy creation: Attempt 1. >> >> ---------------------- >> >> The operation did not successfully complete. >> >> ---------------------- >> >> Note: If the AD account is logged in via a WTS session when the task >> begins, then it executes properly with the Power User or Backup Operator >> rights. >> >> >> >> Our security model does allow me to provide the Active Directory account >> used for the Scheduled Task to have local Administrator rights on the >> server. >> >> >> What are the minimum permissions required to backup the ADAM database and >> transaction logs with Windows Backup as a scheduled task using an AD >> account that is not interactively logged on? >> >> >> >> Is there something I need to set or enable? >> >> Thanks, >> Milt >> >> > > 
Other interesting topics
Problem creating DFS roots
using windows2003 R2 to be a domain controller in exsiting w2k3 do Promote NT 4.0 BDC to Windows 2000 Active Directory Delegation of Control Looking for a good AD restore utility Event 1000 and AD inconsistencies GPO does not apply PDC and Exchange - [WildPacket] joining domain by short name... DNS - scavenging cycled but no nodes were visited |
|||||||||||||||||||||||
