I’m currently upgrading some Netware 6.5 servers from support pack 5 to support pack 6. I’m also upgrading those same servers from eDirectory 8.7.3 to 8.8.1. Before I make any eDirectory changes, the first thing I do is to run from the server console:
This makes a quick backup of Data Information Base (aka DIB) on that particular server. Now, I hope I never have to use it to recover from some directory services crisis, but it helps me sleep better at night – slightly. The -rc option takes a snapshot of eDirectory at that point and time, so if you use the files to restore in the future, you’ll be losing all transactions that occurred between the current date and the date the snapshot was taken.
Next, I copy the server’s sys:\system\dsr_dib directory to an off server location for safekeeping.
Then I use embox to create a backup file. Note that this is essentially a DIB backup just like dsrepair -rc creates. You can read all about backup and restore using embox in TID10093373.
The specific steps I follow to create the embox backup file are:
1) From the server console, type
This launches embox in interactive mode, rather than batch mode, which is useful for scripting.
2) Now you need to authenticate to eDirectory to ensure you have permissions to create the backup files. The syntax is
login -s server_name_or_IP_address -p port_number -u username.context -w password
for example, this is what I type to authenticate to my server
login -s 10.3.1.19 -p 8009 -u admin.myco -w mypassword
3) At the embox client prompt, use the following syntax to create the backup
backup -b -f backup_filename_and_path -l backup_log_filename_and_path -u include_file_filename_and_path -t -w
this is my exact syntax to perform the backup
backup -b -f sys:\backup\backup.bak -l sys:\backup\backup.log -u sys:\backup\myinclude.txt -t -w
If you choose to not use an include file, the syntax would look like:
backup -b sys:\backup\backup.bak -l sys:\backup\backup.log -t -w
4) Logout from the server by typing logout
5) Exit the embox client by typing exit. You should now be back at the server console. Move the files you just created to a safe location.
Please note that the files created by embox can become quite large. You’ll want to save the backups to a drive with a lot of free space. You can also limit the size of the files embox creates, and you can do different types of backup, such as differential. To see all the backup options embox offers, type:
backup -t list
Hopefully you’ll never need to recover using an embox backup, but if you do, read about it here.
You can also use the dsclone tool as a basic disaster recovery backup and restore utility. Read all about it in this excellent Cool Solution. Note that the solution says if you don’t have a backup of your tree Certificate Authority, you should stop reading and go do it asap, since if you don’t have a functional CA, you can’t use dsclone. While you’re backing up/exporting the CA, read about the Novell Security Domain Infrastructure (SDI) to understand why you need to back it up.
DSbackup, aka Dsbk.nlm is now the suggested eDirectory backup utility, but is not included with versions of eDirectory prior to eDirectory 8.7.3 SP7. You can find the most recent version of dsbk for 8.7.3.x versions of eDirectory here. A simple explanation of the basic functions of DSBK.NLM can be found through “dsbk help”.
To create a backup using dsbk.nlm, from the server console, type:
dsbk backup -f sys:/backup/backup.bak -l sys:/backup/backup.log -t -b -w
You do need to understand that dsbk will work when no servers are available, while embox needs to communicate with an online eDirectory server in order to restore a backup.
I like to also run trustbar against each server volume for just in case. Trustbar backs up volume trustees to a file names trustees.xml located in the volume’s root directory. The syntax for running trust bar is:
trustbar volumename: -b -v
trustbar sys: -b -v
-b means to do a backup, -v is verbose mode. You can type trustbar -h on the server console to see other available switches.
An alternative to trustbar is trustee.nlm. To use trustee.nlm to backup all volume trustees on a server:
trustee save all data:\trustee.txt
will save trustees of all volumes to the trustee.txt file located in the root of the data volume.
In a nutshell, trustbar.nlm tends to be much faster, especially when dealing with volumes with many different trustee assignments. Trustee.nlm is more powerful and can do many things trustbar cannot.
It is also possible to backup eDirectory using iManager, but since the other tools discussed in this post can be easily scripted, I usually don’t bother going into iManager. Plus, it seems like the local admins never have a fully patched iManager with all the plug-ins installed.
Backing up eDirectory using these methods does not replace the need for a regular backup, whether it be tape or disk based. These tools are meant to augment those backup methods. I like to do this for my piece of mind, when I work in environments where I am not responsible for backing up the servers. I can’t tell you how many times I’ve tried to restore from backups that the local admin swears work, only to find they were never verified or test restores were never performed.