TBL Networks » Backing up the vCenter 4.x AD LDS Instance

Backing up the vCenter 4.x AD LDS Instance

Posted by Harley Stagner on August 18, 2010 at 9:43 pm
2 Comments

vCenter is one of the most important components of your vSphere 4.x virtual infrastructure. Many advanced capabilities of vSphere 4 (vMotion, DRS, etc.) are not available without vCenter. Prior to vSphere 4.x, it was sufficient to backup the vCenter database and restore vCenter by building a new vCenter server, restoring the database, and reinstalling vCenter to attach to the restored database.

With the introduction of vSphere 4.x, vCenter 4.x started using Active Directory Application Mode (ADAM) on Windows Server 2003 and Active Directory Lightweight Directory Services (AD LDS) on Windows Server 2008 to accommodate Linked Mode for vCenter. The roles and permissions are stored in the ADAM or AD LDS database. In order to restore the roles and permissions, the ADAM or AD LDS database must be backed up.

VMware KB1023985 tells you that you need to back up the SSL certificates, vCenter Database, and the ADAM/AD LDS database. There are many well-known ways to back up a SQL database. However, backing up an AD LDS instance is a lesser known procedure. The following PowerShell script will back up the the AD LDS VMware Instance on Server 2008 and the SSL folder. As always, test it thoroughly before using it.

#
# Name: VC_ADAM_SSL_Backup.ps1
# Author: Harley Stagner
# Version: 1.0
# Date: 08/17/2010
# Comment: PowerShell script to backup AD LDS
#          and SSL folder for vCenter
#
# Thanks to Tony Murray for the AD LDS portion of the
# script.
#
#
#########################################################

# Declare variables
$BackupDir = "C:\backup\VMwareBackup"
$SSLDir = $env:AllUsersProfile + "\VMware\VMware VirtualCenter\SSL"
$IFMName = "adamntds.dit"
$cmd = $env:SystemRoot + "\system32\dsdbutil.exe"
$flags = "`"activate instance VMwareVCMSDS`" ifm `"create full C:\backup\VMwareBackup`" quit quit"
$date = Get-Date -f "yyyymmdd"
$backupfile = $date + "_adamntds.bak"
$DumpIFM = "{0} {1}" -f $cmd,$Flags
$ServiceVCWeb = "vctomcat"
$ServiceVCServer = "vpxd"

# Main
Stop-Service $ServiceVCWeb
Stop-Service $ServiceVCServer -force
# Create the folder if it doesn’t exist
if(Test-Path -path $BackupDir)
{Write-Host "The folder" $BackupDir "already exists"}
else
{New-Item $BackupDir -type directory}
# Clear the IFM folder (Dsdbutil needs folder to be empty before writing to it)
Remove-Item $BackupDir\* -recurse

# Run Dsdbutil.exe to create the IFM dump file
Invoke-Expression $DumpIFM
# Rename the dump file to give the backup a unique name

Rename-Item $BackupDir"\"$IFMName -newname $backupfile
Copy-Item $SSLDir $BackupDir -recurse
Start-Service $ServiceVCWeb
Start-Service $ServiceVCServer

# End Main

This script utilizes the dsdbutil.exe utility on Windows Server 2008 to backup the AD LDS instance and SSL folder after it stops the vCenter services. By default it backs these items to “C:\backup\VMwareBackup”. Change it to your liking.

Now to restore the AD LDS instance data, follow the directions at Technet.

References

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1023985

http://technet.microsoft.com/en-us/library/cc725665%28WS.10%29.aspx

http://www.open-a-socket.com/index.php/category/ad-lds-adam/

2 Comments to “Backing up the vCenter 4.x AD LDS Instance”

Hersey Cartwright July 6th, 2011 at 2:24 pm

Harley

Great article and script.

Stumbled across it while looking for some best practice info on vCenter backups. The article is nearly a year old and since then VMware released a KB on backing up ADAM. (VMwareKB 1029864 – Manually backing up and restoring the vCenter Server 4.x ADAM instance data). After reading the KB it had me asking a couple of questions.

Is it necessary to stop the vctomcat and vpxd services to get a proper backup? The KB procedure leaves this step out, so I am just curious if you can get a good backup without disrupting access to vCenter.

Also, according to the KB the ADAM database is backed up regularly and stored in the vCenter database. If you taking regular backups of your database would this still be necessary (outside of major environment changes)? How difficult is it to restore ADAM from the backup stored in the vCenter Database?

Any update or insight you can provide would be much appreciated. Thanks again for the great article.

Hersey
http://www.vhersey.com/

Harley Stagner July 6th, 2011 at 4:36 pm

Hello Hersey,

Thanks for reading! When this script was written there was no KB Article . Anything in the KB article that differs should supersede this procedure.

When I tried to script the backup, I had to stop the services. Disrupting access to vCenter is usually not a big deal if planned for.

As for the restore from vCenter; I have never tried it personally. It would be something to test thoroughly before implementing in production.

opinions

about the editor

Harley Stagner

Harley is is the only VMware Certified Design Expert (VCDX) in Central Virginia, and the 46th in the world. He's a published author; his book, "Pro Hyper-V," debuted in 2009.

Complimenting his professional accolades, Harley has amassed an equally impressive collection of rap music, which he can be found listening to almost every day...thankfully on headphones. read full bio

TBL Networks, The Blinky Light

Backing up the vCenter 4.x AD LDS Instance

2 Comments to “Backing up the vCenter 4.x AD LDS Instance”

leave a comment