S 6.107 Creation of data backups for directory services

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: Administrator

The data backup of a directory service should be integrated into the organisation's global data backup policy.

To obtain consistent data backups of the directory service data held on a server, a special backup tool should be used. As well as a full backup of the directory, the tools also offer the option of backing up only parts of the directory service. To archive or restore individual directory service objects, the complete distinguished name of the object must be specified. To back up the entire tree, the relevant tree object must be specified. The schema can also be backed up separately. For this purpose, the schema object must be selected. Finally, parts of a directory service tree can also be backed up. This requires that the appropriate container of the tree is selected. All the objects below this container are then backed up.

Partition information cannot be backed up using these backup tools. In the case of restoration, the appropriate parts must then be partitioned afterwards. Therefore, the partitioning of the directory service must be documented in writing in such a manner that it can be reconstructed manually following a system failure. For this purpose, it is essential that hard copies of the tree structure and partitions are prepared and updated at regular intervals.

Review questions:

• Has the partitioning of the directory service been documented in writing in such a manner that it can be reconstructed manually following a system failure?