cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Active Directory database location change?

Gob
Level 3

‎01-16-2012 06:33 AM

Hello,

On a Windows 2008 R2 domain controller running as a VM under Hyper-V I see the following informaitonal event in the Application Log: "lsass (496) A database location change was detected from 'C:\windows\NTDS\ntds.dit' to '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy5\Active Directory\NTDS\ntds.dit."

I was hoping someone could tell me why I received this message and if it is of any concern? This message was recorded while perfoming a backup of the VM using Backup Exec 2010 R3 with the Hyper-V Agent installed on the host machine and the remote Windows agent installed inside the guest machine.

I have used ntdsutil to confirm that my database and log files are still where I installed them (C:\Windows\NTDS). Does the database get moved temporarily when a backup is performed?

I also posted this on MS Technet forum and was advised to make sure Backup Exec uses the NTDS VSS writer. Any other writer, I was informed, could leave the database in a dirty state.

Can someone confirm if Backup Exec does indeed use the proper VSS writer and if the informational message I am receiving about the database changing location is problematic?

Thank you!

4 REPLIES 4

RahulG
Level 6
Employee

‎01-16-2012 10:04 AM

Do you have shadow copies enabled on the server?  Does the event only occur during the backup or is there any other instance where this error is logged .

0 Kudos

Gob
Level 3

‎01-18-2012 10:20 AM

Yes it was only during a backup with Backup Exec. Can anyone confirm if this is normal behavior?

0 Kudos

RahulG
Level 6
Employee

‎01-18-2012 08:12 PM

Well the message is not problematic at all as you can see the location where the AD database file is  moved is for the shadowcopies .

0 Kudos

Jayb
Level 4
Employee Accredited

‎02-17-2012 01:02 PM

This is very normal and it is not problematic.

Every time the backup runs the shadow copy makes it to a temp location and it is cleared off after the backup completes or a reboot.

 

Try : VSSADMIN LIST SHADOWS

c:\>vssadmin list shadows
vssadmin 1.0 - Volume Shadow Copy Service administrative command-line tool
(C) Copyright 2001 Microsoft Corp.

No shadow copies present in the system..

 

Try the same when the backup job runs , you will find the some shadow copies sets but they might not look helpfull, you can also see the devices by running, say "VSHADOW -q" which enumerates them directly through the VSS API.

Also if you would like to assign a drive letter to these shadow copies , you can use DOSDEV.EXE.

Eg :

c:\>dosdev z:'\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy5.

and then try the dir to find the content.

Hope this helps !

 

 

 

 

0 Kudos