Howto: Quick and dirty eDirectory backups

I’m currently upgrading some Netware 6.5 servers from support pack 5 to support pack 6. I’m also upgrading those same servers from eDirectory 8.7.3 to 8.8.1. Before I make any eDirectory changes, the first thing I do is to run from the server console:

dsrepair -rc

This makes a quick backup of Data Information Base (aka DIB) on that particular server. Now, I hope I never have to use it to recover from some directory services crisis, but it helps me sleep better at night – slightly. The -rc option takes a snapshot of eDirectory at that point and time, so if you use the files to restore in the future, you’ll be losing all transactions that occurred between the current date and the date the snapshot was taken.

Next, I copy the server’s sys:\system\dsr_dib directory to an off server location for safekeeping.

Then I use embox to create a backup file. Note that this is essentially a DIB backup just like dsrepair -rc creates. You can read all about backup and restore using embox in TID10093373.

The specific steps I follow to create the embox backup file are:

1) From the server console, type

edirutil -i

This launches embox in interactive mode, rather than batch mode, which is useful for scripting.

2) Now you need to authenticate to eDirectory to ensure you have permissions to create the backup files. The syntax is

login -s server_name_or_IP_address -p port_number -u username.context -w password

for example, this is what I type to authenticate to my server

login -s -p 8009 -u admin.myco -w mypassword

3) At the embox client prompt, use the following syntax to create the backup

backup -b -f backup_filename_and_path -l backup_log_filename_and_path -u include_file_filename_and_path -t -w

this is my exact syntax to perform the backup

backup -b -f sys:\backup\backup.bak -l sys:\backup\backup.log -u sys:\backup\myinclude.txt -t -w

If you choose to not use an include file, the syntax would look like:

backup -b sys:\backup\backup.bak -l sys:\backup\backup.log -t -w

4) Logout from the server by typing logout

5) Exit the embox client by typing exit. You should now be back at the server console. Move the files you just created to a safe location.

Please note that the files created by embox can become quite large. You’ll want to save the backups to a drive with a lot of free space. You can also limit the size of the files embox creates, and you can do different types of backup, such as differential. To see all the backup options embox offers, type:

backup -t list

Hopefully you’ll never need to recover using an embox backup, but if you do, read about it here.

You can also use the dsclone tool as a basic disaster recovery backup and restore utility. Read all about it in this excellent Cool Solution. Note that the solution says if you don’t have a backup of your tree Certificate Authority, you should stop reading and go do it asap, since if you don’t have a functional CA, you can’t use dsclone. While you’re backing up/exporting the CA, read about the Novell Security Domain Infrastructure (SDI) to understand why you need to back it up.

DSbackup, aka Dsbk.nlm is now the suggested eDirectory backup utility, but is not included with versions of eDirectory prior to eDirectory 8.7.3 SP7. You can find the most recent version of dsbk for 8.7.3.x versions of eDirectory here. A simple explanation of the basic functions of DSBK.NLM can be found through “dsbk help”.

To create a backup using dsbk.nlm, from the server console, type:

dsbk backup -f sys:/backup/backup.bak -l sys:/backup/backup.log -t -b -w

You do need to understand that dsbk will work when no servers are available, while embox needs to communicate with an online eDirectory server in order to restore a backup.

I like to also run trustbar against each server volume for just in case. Trustbar backs up volume trustees to a file names trustees.xml located in the volume’s root directory. The syntax for running trust bar is:

trustbar volumename: -b -v

as in

trustbar sys: -b -v

-b means to do a backup, -v is verbose mode. You can type trustbar -h on the server console to see other available switches.

An alternative to trustbar is trustee.nlm. To use trustee.nlm to backup all volume trustees on a server:

trustee save all data:\trustee.txt

will save trustees of all volumes to the trustee.txt file located in the root of the data volume.

In a nutshell, trustbar.nlm tends to be much faster, especially when dealing with volumes with many different trustee assignments. Trustee.nlm is more powerful and can do many things trustbar cannot.

It is also possible to backup eDirectory using iManager, but since the other tools discussed in this post can be easily scripted, I usually don’t bother going into iManager. Plus, it seems like the local admins never have a fully patched iManager with all the plug-ins installed.

Backing up eDirectory using these methods does not replace the need for a regular backup, whether it be tape or disk based. These tools are meant to augment those backup methods. I like to do this for my piece of mind, when I work in environments where I am not responsible for backing up the servers. I can’t tell you how many times I’ve tried to restore from backups that the local admin swears work, only to find they were never verified or test restores were never performed.

2 Responses to “Howto: Quick and dirty eDirectory backups”

  1. Jenny Says:

    Hi Julie,

    Yet another good posting!

    I have been reading about the online backup industry for a while now.

    Online backup is maturing and slowly getting the attention of the general consumer.

    One website worth mentioning is the backup review site:

    This very informative site, not only posts up to date news and articles from the industry, but also lists about 400 online backup companies and ranks the top 25 on a monthly basis and features a CEO Spotlight page, where senior management people from the industry are interviewed.

    May be you could review this site so that your readers will be aware of its services.

    I enjoy reading your posts. Keep it up!

  2. the back room tech emBox login error:com.novell.eMBoxSDK.ConnectFailedException: Login failed « Says:

    […] Login failed August 2nd, 2007 — Julie Yesterday I wrote about creating eDirectory backups using eMBox and other utilities. Today I was trying to make an eDirectory backup on a Windows 2000 […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: