Jason Yu
asked on
How to backup active directory image?
I need run some scripts to extend active directory schema. it was provided to me by Oracle support as follows. This is the most important step for this new Oracle EUS project. Before I run the script, I would like to backup my active directory schema, it's a windows 2003 domain level, how could I do it.
Below is the action plan provided by Oracle Support:
1. Make a back-up copy of your Active Directory image. The schema extensions inside of Active Directory are permanent and cannot be canceled. The back-up image enables you to restore all your changes if required.
2. Execute the following command to load the Enterprise User Security required schema, ExtendAD, into Active Directory using the Java classes included in Oracle Unified Directory.
The ExtendAD file is located in the $ORACLE_HOME/config/EUS/Ac tiveDirect ory/ directory (Unix) or ORACLE_HOME\config\EUS\Act iveDirecto ry\ directory (Windows). You can use the java executable in the ORACLE_HOME/jdk/bin directory.
java ExtendAD -h Active_Directory_Host_Name -p Active_Directory_Port
-D Active_Directory_Admin_DN -w Active_Directory_Admin_Pas sword
–AD Active_Directory_Domain_DN -commonattr
Example:
java ExtendAD -h myhost -p 389 -D cn=administrator,cn=users, dc=example ,dc=com -w <pwd> -AD dc=example,dc=com -commonattr
3. Install the Oracle Unified Directory Password Change Notification plug-in, oidpwdcn.dll, by performing the following steps:
1. Complete the following depending on your Windows:
Windows 32-bit
Copy OUD_HOME\config\EUS\Active Directory\ win\oidpwd cn.dll file to the Active Directory WINDOWS\system32 directory.
Windows 64-bit
Copy OUD_HOME\config\EUS\Active Directory\ win64\oidp wdcn.dll file to the Active Directory WINDOWS\system64 directory.
2. Use regedt32 or regedt64 to edit the registry and enable the oidpwdcn.dll. Start regedt32 by entering regedt32 at the command prompt.
3. Add oidpwdcn to the end of the Notification Packages entry in the HKEY_LOCAL_MACHINE\SYSTEM\ CurrentCon trolSet\Co ntrol\Lsa\ registry, for example:
4. RASSFM
5. KDCSVC
6. WDIGEST
7. scecli
8. oidpwdcn
This enables the password DLL and populates orclCommonAttribute attribute with the password verifier required by EUS.
9. Restart the Active Directory system after making these changes.
Below is the action plan provided by Oracle Support:
1. Make a back-up copy of your Active Directory image. The schema extensions inside of Active Directory are permanent and cannot be canceled. The back-up image enables you to restore all your changes if required.
2. Execute the following command to load the Enterprise User Security required schema, ExtendAD, into Active Directory using the Java classes included in Oracle Unified Directory.
The ExtendAD file is located in the $ORACLE_HOME/config/EUS/Ac
java ExtendAD -h Active_Directory_Host_Name
-D Active_Directory_Admin_DN -w Active_Directory_Admin_Pas
–AD Active_Directory_Domain_DN
Example:
java ExtendAD -h myhost -p 389 -D cn=administrator,cn=users,
3. Install the Oracle Unified Directory Password Change Notification plug-in, oidpwdcn.dll, by performing the following steps:
1. Complete the following depending on your Windows:
Windows 32-bit
Copy OUD_HOME\config\EUS\Active
Windows 64-bit
Copy OUD_HOME\config\EUS\Active
2. Use regedt32 or regedt64 to edit the registry and enable the oidpwdcn.dll. Start regedt32 by entering regedt32 at the command prompt.
3. Add oidpwdcn to the end of the Notification Packages entry in the HKEY_LOCAL_MACHINE\SYSTEM\
4. RASSFM
5. KDCSVC
6. WDIGEST
7. scecli
8. oidpwdcn
This enables the password DLL and populates orclCommonAttribute attribute with the password verifier required by EUS.
9. Restart the Active Directory system after making these changes.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It's a function for Oracle EUS interfacing with AC. I don't know if this is the info for your question, I will check the detail and update you later.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I feel the same way. I don't feel safe to extend the schema. However, this project was pending on our system admins team hand. The Oracle DBA team insist us to expand the schema since they need implement this new Oracle product call "EUS" (enterprise user security). I have no way but move forward.
I have cloned one DC to a test env and began to test the expending script. At the same time, I want to backup the schema.
I will read your article and give you an update.
Thanks.