************************************************************************ PostPath 3.1.2 Release Notes ************************************************************************ Contents ========================== 1. Trademarks, copyrights, disclaimers and support 2. Where to find additional documentation 3. Supported environments 4. Bug fixes/important changes 5. Upgrading 5.1. Supported upgrade paths 6. Basic installation requirements and information 6.1. Minimum hardware requirements 6.2. Environment information that you'll need to collect 6.3. System / Environment configuration 6.4. Packages required for installation 6.5. Ports used by the PostPath Server 7. Known limitations 8. Considerations to be undertaken for backing up the Active Directory ************************************************************************ ************************************************************************ 1. Trademarks, copyrights, disclaimers and support Copyrights © 2006-2008, PostPath, Inc. All rights reserved. © 2006-2008, Microsoft®, Microsoft Exchange™, Active Directory™, Outlook™. Windows®, Windows Server®. All rights reserved. PostPath™, the PostPath Collaboration Server™ and the PostPath Web Client™ are trademarks of PostPath, Inc. PostPath Collaboration Server® is the registered trademark of PostPath, Inc. All other trademarks are the property of their respective holders and are hereby acknowledged. U.S. Government Rights Use, duplication, or disclosure by the U.S. Government is subject to restrictions set forth in the PostPath, Inc. license agreements and as provided in DFARS 227.7202-1(a) and 227.7202-3(a) (1995), DFARS 252.227-7013(c)(1)(ii) (Oct. 1998), FAR 12.212(a) (1995), FAR 52.227-19, or FAR 52.227-14 (ALT III), as applicable. PostPath, Inc. PostPath, Inc. does not warrant, guarantee or make any representation concerning this content or the results of the use of this content. PostPath, Inc. reserves the right to change the contents of this material at any time without obligation to notify anyone of such updates. Contact information: US Office: PostPath, Inc. 1200 Villa Street, Suite 150 Mountain View, CA 94041 USA Phone: (650) 810 8100 Fax: (650) 961 7892 www.PostPath.com Email: info@PostPath.com EMEA Region Contacts: Technical Support: +359 (0)2 9500674 Sales and General Inquiry: +359 (0)2 9500670 Fax: + 359 2 9500671 Sales email: emea-sales@postpath.com Support email: support@postpath.com Address: 18, Macedonia Blvd. Sofia 1606 Bulgaria For product support: By phone: Main Line: (877) 60 EMAIL (877 603 6245) or (650) 810 8100 By fax: (650) 961 7892 By web (for registered customers): https://na4.salesforce.com/sserv/login.jsp?orgId=00D300000001Nsl By email: support@postpath.com As well as traditional support mediums, Postpath provides Discussion Forums. Two forums are available at the following: Support Forum (http://forums.postpath.com/support/discuss/), dedicated to support Installation and configuration issues. Product Forum (http://forums.postpath.com/product/discuss/): dedicated to feature requests, configurations options and product ideas. For general information about our products, please visit: http://www.postpath.com Or write to: info@postpath.com ************************************************************************ ************************************************************************ 2. Where to find additional documentation The following documents are included in the PostPath documentation set: PostPath Server 3.1.2 Administration Guide PostPath Server 3.1.2 Installation Guide PostPath Server 3.1.2 Troubleshooting Guide This documentation (as well as the latest release of our software) is available via anonymous ftp on ftp.postpath.com. If using a browser, please, navigate to ftp://ftp.postpath.com/pub/OfficialReleases/ If using a command-line interface, access ftp.postpath.com (ftp ftp.postpath.com). Login as user anonymous by typing any password, and change the working directory to /pub/OfficialReleases/ ************************************************************************ ************************************************************************ ***List of abbreviations and acronyms used in the document: PPSD - PostPath Email and Collaboration Server PPRUS - PostPath Recipient Update Service PPWM/IMAP - PostPath WebMail/IMAP Server PPADM - PostPath Administration Tool BB - BlackBerry BES - BlackBerry Enterprise Server ************************************************************************ ************************************************************************ 3. Supported environments For this PostPath server release, the following systems are supported: o Operating Systems Red Hat® Enterprise Linux® Server 4.4 32-bit Red Hat® Enterprise Linux® Server 4.5 32-bit Red Hat® Enterprise Linux® Server 4.4 64-bit Red Hat® Enterprise Linux® Server 4.5 64-bit CentOS 4.4 32-bit CentOS 4.5 64-bit Novell® SUSE® Linux Enterprise Server 10 32-bit Novell® SUSE® Linux Enterprise Server 10 64-bit o Microsoft® products AD supported and tested - Windows 2000 SP4 and 2003 SP2; Domain functional level should be Windows 2000 native or higher Microsoft® Exchange - 2000, all 2003 editions - SBS, Standard, Enterprise, and 2007 Microsoft® Outlook® - 2000, 2003, XP and 2007 o IMAP desktop clients Mozilla® Thunderbird™ Novel® Evolution™ Qualcomm® Eudora® Microsoft® Outlook® 2007 Microsoft® Outlook® 2003 Microsoft® Outlook® Express o IMAP mobile clients Palm™ VersaMail™ Apple® iPhone™ 's default email client Microsoft® Outlook® Mobile (Windows Mobile® 5 and 6) ************************************************************************ ************************************************************************ 4. Bug fixes/important changes == Bug fixes == Installer o False warnings appear when upgrading PPSD to version 3.1.2 Description: Warning messages indicating that modules are not supported for upgrade are displayed throughout the upgrade procedure. PostPath Reference: B3762, B3765 o False warnings appear when installing PPSD Description: Warning messages indicating that modules are not supported for upgrade are displayed throughout the installation procedure. PostPath Reference: B3764 o The installer doesn't create the /etc/logrotate.d/ppwm file during PPWM upgrade Description: The installer doesn't create the /etc/logrotate.d/ppwm file during PPWM upgrade. PostPath Reference: B3947 PPSD o Corrupted messages cause errors to appear in maillog Description: PPSD returns bad messages to WebMail which causes error messages to appear in maillog. PostPath Reference: B1318 o PPSD Memory leak when WM does a login/logout Description: PPSD constantly expands its memory footprint if repetitive login/logouts are performed. PostPath Reference: B3614 o Outlook drops the server connection if Scheduling a meeting request in Outlook Description: Outlook cannot access Free/Busy data if access to the GAL is restricted. PostPath Reference: B3845 o Corrupted message when updating recurring appointments on BlackBerry Description: Message corruption occurs when manually updating recurring appointment occurrences on BlackBerry. PostPath Reference: B3857 WebMail o No text is shown in the bubble preview of messages on a random bases. Description: The bubble preview of certain messages may contain the string instead of a message body preview. PostPath Reference: B965 o Feature request: Add an Alias column to the Select Address dialog Description: An Alias column should be added to the Name and Email columns already present in the Select Address dialog in WebMail. PostPath Reference: B1313 o Clicking the Get Mail button always changes the view to the Inbox folder Description: Clicking the Get Mail button always changes the view to the Inbox folder instead of refreshing the currently displayed view. PostPath Reference: B1329 o The View configuration is reset when a folder is clicked Description: The View configuration is reset to the one configured in the preferences whenever a folder is clicked in the folder tree. PostPath Reference: B2016 o An unnecessary search string remains when using the mini-calendar to view email messages for a selected day Description: Right-clicking a day of the month in the mini-calendar and then selecting Email Messages, displays the search query text in the Search box at the top of the window. PostPath Reference: B2529 o Messages cannot be sorted by importance in WebMail Description: Sorting messages by importance using the Sort by Importance column header is not possible. PostPath Reference: B2683 o Removing appointment attachments does not work Description: Deselected attachments will not be removed if new attachments are added before saving the changes. PostPath Reference: B2737, B3760 o The Reminder window is not closed when the WebMail session has expired Description: Closing the session does not close all open dialog boxes thus preventing the user from logging in again. PostPath Reference: B2738 o WebMail becomes slow and unresponsive after a period of time Description: The UI can lose the request sequence order after an session expiration, causing errors. PostPath Reference: B2987 o Runtime error occurs in IE7 when logging out of WebMail Description: Runtime error occurs in IE7 when logging out of WebMail if a Compose window is open at the same time. PostPath Reference: B3016 o WebMail shows the end date of a saved appointment incorrectly Description: WebMail shows the end date of a saved appointment incorrectly although end dates are stored correctly on the PPSD server. PostPath Reference: B3053 o The Compose dialog displays a superfluous horizontal scroll bar Description: The Compose dialog displays a horizontal scroll bar even when not required PostPath Reference: B3055 o Deleting another person's shared calendar in WebMail in not possible Description: Undersized memory causes an error to occur when deleting shared calendars. PostPath Reference: B3080 o A 'Could not complete operation' error occurs when logging in WebMail Description: When WebMail tries to complete an operation from a previously opened dialog, the user is prevented from logging. PostPath Reference: B3099 o WebMail freezes under high load Description: WebMail stops responding for up to 1.5 hours during stress testing. PostPath Reference: B3142 o Changing the font size in a reply message causes "unresponsive script" warning Description: Changing the font size in a reply messages sometimes causes repetitive "unresponsive script" warnings to be displayed. PostPath Reference: B3161 o A draft HTML message saved in Outlook cannot be opened in WebMail Description: In WebMail, opening a draft HTML message saved in Outlook results in a grayed-out window. PostPath Reference: B3180 o The Reading pane->Right option doesn't work in Conversation view Description: The View->Reading pane->Right option doesn't work in Conversation view. PostPath Reference: B3349 o Top of Information Store appears in Mail folders Description: A Top of Information Store folder appears in Mail folders PostPath Reference: B3374 o 'No such message exists' when opening an email message in WM Description: Under certain circumstances, a deleted message can still be visible in WebMail, causing an error when clicked. PostPath Reference: B3409 o Editing an appointment using BlackBerry doesn't have any effect in WebMail Description: The changes made to a single occurrence of an appointment using BlackBerry are not displayed by WebMail after synchronization. PostPath Reference: B3504 o An Error message appears when changing a Contacts folder's color Description: The folder's color is successfully altered but a 'Null' is null or not an object' message appears. PostPath Reference: B3567 o The attendees names for a meeting are not displayed in the cancellation letter Description: The names of the attendees for a meeting are not displayed in the cancellation letter if edited. PostPath Reference: B3572 o An error is displayed when moving a contact from Contacts to a Public Folder Description: Although the contact is moved correctly, an error message is displayed when moving a contact from Contacts to a Public Folder of 'contacts' type. PostPath Reference: B3613 o PPWM crashes when saving recurring appointment data Description: Under certain circumstances PPWM crashes when saving recurring appointment data. PostPath Reference: B3630 o Email messages' body is displayed as a single bogus symbol in WebMail Description: WebMail shrinks the body text of an email massage and all its replays to a single symbol. PostPath Reference: B3672, B3673 o Reminder windows for single events don't select the event by default Description: When a reminder window lists an event, only the event should be automatically selected. PostPath Reference: B3674 o User cannot log into WebMail Description: There is an issue when sending RPC data to PPSD. PostPath Reference: B3686 o WebMail connot send messages containing very long subjects Description: The 'PPSD Server Unavailability' error message appears when trying to send messages containing very long subjects. PostPath Reference: B3689 o WebMail displays the login screen in the compose window after session expiration Description: If the WebMail session has expired while composing a new message, the login screen will be displayed incorrectly in the same window when the message is sent. PostPath Reference: B3693 o On Ppwm_AuthTokenLifetimeInMins expiration an error message is displayed instead of expiring the session Description: If the Ppwm_AuthTokenLifetimeInMins parameter is set in ppwm.ini an 'unexpected condition' error appears instead of session expiration. PostPath Reference: B3706 o The wrong user's session expires Description: The wrong user's session expires if several users are logged in WebMail simultaneously in multiple Firefox tabs. PostPath Reference: B3707 o It's impossible to delete a Declined meeting request in WebMail Description: Deleting a meeting request in WebMail results in an unneeded 'Declined: Cancellation' message in the organizers calendar. PostPath Reference: B3708 o No reminder appears in the attendee's Calendar if the request is created in WebMail Description: The meeting request appears in the attendee's Calendar folder without a Reminder. PostPath Reference: B3709 o Reminders stop appearing in WebMail Description: Reminders stop appearing in WebMail and an error message is generated. PostPath Reference: B3710 o An empty reminder window in WebMail Description: An empty reminder window pops up after all events have been snoozed. PostPath Reference: B3712 o An opened cancellation notice should not show Accept/Tentative/Decline Description: The Accept/Tentative/Decline options for cancelled meeting notifications should not be displayed. PostPath Reference: B3721 o 'Select all\Deselect all' doesn't operate as expected in reminders Description: The 'Select all\Deselect all' options operate inconsistently in multi-event reminder windows. PostPath Reference: B3727 o Attachments are lost when changing the time of a recurring appointment Description: When moving an appointment occurrence to a different start/end time the attachment for this occurrence is lost. PostPath Reference: B3730, B3755 o All previously opened dialogs are still active despite the expiration of the session Description: On session expiration all previously opened dialog boxes' controls are left visibly operational although using them doesn't result in any action. PostPath Reference: B3756 o Reminders about past recurring appointments keep popping up Description: Recurring appointments continue to appear after the number of occurrences has been exhausted. PostPath Reference: B3761 o Reminders fail to open Description: Appointment reminders do not always appear. PostPath Reference: B3768 o WebMail doesn't automatically check the next event in the Reminder window Description: WebMail doesn't automatically check the next event in the Reminder window when the previously checked event has been Dismissed. PostPath Reference: B3777 o It is not possible to sort messages by From address in the conversation view Description: Sorting messages by clicking the From column header in a conversation view does not work. PostPath Reference: B3802 o An Error message appears when creating notes in WebMail Description: 'PPSD server unavailability' error message appears when creating notes in WebMail. PostPath Reference: B3805 o An Error appears when selecting a message in Conversations view Description: An error message appears when selecting a message in the Conversation view for the first time. PostPath Reference: B3861 o Prevent WebMail from creating excessive logging Description: WebMail logs too much information in catalina.out. PostPath Reference: B3876 o Recurring appointment created in WebMail is not displayed in Outlook Description: Recurring appointments created in WebMail are not always displayed in Microsoft Outlook PostPath Reference: B3879 o Clicking Get Mail in a mail subfolder results in error generation Description: Clicking the Get Mail button in a mail subfolder results in an error message generation. PostPath Reference: B3943 Content Conversion o On Ppwm_AuthTokenLifetimeInMins expiration an error message is displayed instead of expiring the session Description: If the Ppwm_AuthTokenLifetimeInMins parameter is set in ppwm.ini an 'unexpected condition' error appears instead of session expiration. PostPath Reference: B3706 RPC Proxy o RPC Proxy causes errors under high load Description: Folders may become inaccessible when used through RPC over HTTP(S) due to this bug. PostPath Reference: B2796 o Outlook fails to sync while using RPC over HTTP in cached mode Description: Syncing an PPSD account is impossible while error messages appear in the localhost log file. PostPath Reference: B3381 o RPC over HTTP is not working with Outlook 2007 Description: Changes in the way Outlook 2007 uses RPC over HTTP prevents it from working with PPSD. PostPath Reference: B3474 ************************************************************************ ************************************************************************ 5. Upgrading 5.1. Supported upgrade paths Upgrading from the following PPSD versions is supported: o PostPath Email and Collaboration Server 3.1 o PostPath Email and Collaboration Server 3.1.1 o PostPath Email and Collaboration Server 3.1.1.A If you have a previous version please upgrade to any of the above releases before upgrading to 3.1.2. Previous versions can be obtained from ftp://ftp.postpath.com/pub/OfficialReleases/ ************************************************************************ ************************************************************************ 6. Basic installation requirements and information =================================================== For more information see the Installation Guide. =================================================== 6.1. Minimum hardware requirements For the PostPath Server: o 1 x CPU P-IV system with 2GB memory and 150GB HDD are the minimum hardware requirements o For test installations use loadsim for performance testing or in environments with more than 500 users, it is advisable to have the following hardware requirements: 2 x CPU P-IV system with 4GB memory and 150GB HDD. o We recommend a minimum of 20GB for the system partition of the mail server. 300MB are required for the PPSD installation. o At least 50GB for the email message store partition (larger if testing message stores of more than 100 users) For PostPath SyncServer one or more of the following needs to be available: o Windows Mobile 5 compatible devices o Palm Smartphone with VersaMail 3.0 or higher Clients: o Microsoft Outlook 2000, XP, 2003 or 2007 are supported o If using RPC over HTTPS you'll need accessible PCs with Microsoft Outlook available outside your firewall If you plan to use RPC over HTTPS: o We highly recommend that you use a second Linux server to host Tomcat and our RPC over HTTPS servlet 6.2. Environment information that you'll need to collect o The NetBIOS name and fully qualified Active Directory name of your domain o DNS Server name and DNS Server IP address used by your Active Directory domain controller (note: the primary DNS server may itself be a domain controller within the domain) o Hostnames and IP Address of your Active Directory Domain controller o If installing and integrating into an environment with existing Exchange servers or PostPath servers - The Hostnames and IP Address of the first existing Exchange or PostPath Server in your domain o The name of your Exchange Organization (if it already exists-or choose it if not). o NetBIOS host ("machine") name for the Linux server on which you will Install the PostPath software (if it already exists, or choose a name if not). o The host fully qualified domain name (FQDN) and fixed IP address for the Linux server on which you will install the PostPath software o Root password for the machine on which the PostPath server will be installed o The Active Directory passwords / credentials needed for installation 1. For environments where an Exchange Server already exists: o "Root Domain Admin" - account name / password 2. For an Exchange Server Free environments: o "Enterprise Admin" - account name / password o Alternative - "Schema Admin" - account name / password 6.3. System / Environment configuration The following is what you'll need to do: o Have access to a Linux installation of the English language version of a supported OS. Install the base installation with Developer packages or make sure to configure the server with the minimum package list below (see table below) o Red Hat Enterprise Linux 4.4 or 4.5 (32- or 64-bit) o CentOS 4.4 or 4.5 (32-bit) o Novel SUSE Linux Enterprise Server 10 (32- or 64-bit) o Open the appropriate ports in the firewall for the system that the server software will be installed on (see the port usage table below) o Configure networking with a fixed IP address for the PPSD server o A working Internet connection and a registered version of your operating system where you will install the PostPath Server (see OS support above). If using a commercial version, at the same time - make sure the system update service is active and working - it is required for installation of the PostPath server o Active Directory (AD) mode - For PostPath-only (sans Microsoft Exchange) operation, the Active Directory mode for either Windows Server 2000 or 2003 must be "Native" mode (not "mixed" mode) o DNS configuration - o AD integrated DNS server o A type A record for the PPSD server o An MX Record for that server if you'll be receiving data for a specific domain / test domain from outside the organization o NTP (Network Time Protocol) installed and active on the system o For highest performance implementations we recommend: o Server hardware and OS: 64 bit version o Message store storage: If using local storage - RAID 10 o A separate physical device (disk or array) from the message store to store PostPath journal entries. Information on how to enable this will be available at installation time o If using RPC HTTP (s) or PostPath SyncServer: o If you will be accessing the email server from the Internet, publish a "type A" record for that server in your global DNS. o Purchase a TLS (SSL) certificate for the server. Preferably from one of the certificate authorities that is implicitly trusted by Microsoft Outlook clients (Verisign, for example). Reason: Client access problems may result from using self-signed certificates, or certificates obtained from other certificate authorities. o In addition for RPC HTTP (s) We highly recommend that you prepare a second Linux server to host Tomcat and PostPath's RPC HTTP (s) servlet. The following ports need to be open between the second Linux server and the PostPath server : o 1280 - for MAPI o 1281 - for NSPI (the global catalog access protocol) o 1048 - for RFR (directory services proxy referral) o 53 - DNS queries (if the server is installed in the DMZ and no DNS server is located there, or if installed on a secondary server inside your firewall) 6.4. Packages required for installation The PostPath Server Installation program will use your OS distribution's update tool to pull down any additional packages required from the OS vendor. Here is what is required to run the installer: o python o python-ldap o pyxml 6.5. Ports used by the PostPath Server To be allowed/opened in the server's system firewall. Port Service 1048 RFR - Referrer service 1228 Exchange Store Admin service 1025* NSPI service 1280 MAPI 25 SMTP 1281 NSPI for RPC HTTP(s) 80/443 Outlook Web Access clients using HTTP and HTTPS 110 POP3 53 DNS (both TCP and UDP) 135 Endpoint Mapper 389 LDAP access to Active Directory 3268 LDAP access to the Global Catalog 636 LDAP access to Active Directory of SSL/TLS There is an asterisk (*) next to the NSPI server port as the actual port number used may vary unless the nspiPort parameter is set in the ppsd.ini file. Default behavior for PPSD is to listen on the same NSPI port on which the Global Catalog server is listening for NSPI requests. PPSD discovers this port number by making a request to the Endpoint Mapper service on the Global Catalog server. ************************************************************************ ************************************************************************ 7. Known limitations Installer o Monit must be installed manually on 64-bit Red Hat platforms; refer to Section 3.25 in the Troubleshooting Guide for details. o Occasionally, the installer will not stop the PPSD server during an upgrade and PPSD will end up running from the old binary after the restart. See Section 3.26 in the Troubleshooting Guide for details. WebMail/IMAP Server Limitations o When a non-SMTP user creates a new personal distribution list (PDL) in Microsoft Outlook and then updates it in WebMail, the address type is reset to SMTP. o When a contact is updated (for example the email address or the display name is changed) in the PAB or GAL, associated information is not updated in the PDL. o When moving (to another folder for example) or deleting existing contacts or PDLs, that are members of another PDL, the links to the moved or deleted items in this PDL become broken. o Cannot create PDLs with empty names. o Cannot search for contacts within PDL's. o When creating or updating a PDL note via WM, the note format is reset to Plain/text. Currently, the UI does not allow note editing in HTML format. o The polling interval (configured in Options, Mail), is not applied correctly in all circumstances; to view the new messages in their mailboxes, users must click the Get Mail button. o The WebMail and the WebMail Help Japanese translations have not been updated for this release; inconsistencies are expected. The supported languages are English, German and French. o Occasionally, visited links' text in WebMail Help does not darken to mark that the link has been visited. Only the underline is darkened. o Only mail-type folders can be subscribed to when using the IMAP protocol to connect to the PPSD server. See Section 5.23.3 in the Administration Guide for more information. Mail-enabled Public Folders Limitations The following scenarios are not expected to work in the current release (v.3.1.2) o An administrator creates a new public folder using Exchange System Manager that is configured to be stored (replicated) only on PostPath servers. Not only will PPSD users be unable to send mail to this public folder, but Outlook users connected to PPSD will probably be unable to browse the contents of the folder. o Mail-enabled public folders on a PPSD 2.2.x or 3.0.x server that is upgraded to v.3.1.2 will not receive mail Free/Busy Limitations o Postpath hosts only its own users’ Free/Busy data o Free/Busy information can be replicated to a Microsoft Exchange server but can not be replicated to PPSD o Users from two PPSD servers (where no Microsoft Exchange servers are installed in the organization) do not share Free/Busy data o PPSD does not redirect Microsoft Outlook and Microsoft Outlook-compatible clients to other servers to read Free/Busy information o If Microsoft Exchange and PPSD reside in different Administrative Groups they cannot share Free/Busy data o Not every PPSD installation creates the SCHEDULE+FREE BUSY directory hierarchy and therefore Free/Busy will not always work PPADM Issues o To log into PPADM using an Administrator's UPN, a logon name first needs to be created for this account. See Section 5.1.3.1 in the Administration Guide for more information. o Public Folders Email addresses seemingly disappear when the Refresh command is used o Mail-enabled Public Folders stop receiving mail when the Refresh command is used to forcefully update a Public Folder's contents display o PPADM cannot be started on machines other than the machine where the PPSD server is installed Restore Issues o There is a defect in the ppsd-restore tool that prevents the tool from creating the Restored Items folder during Cold Restore. See Section 5.4 in the Troubleshooting Guide for details. o There is a known limitation in the PPSD server that prevents restored items from being displayed in Microsoft Outlook for newly created users until the server is restarted. See Sections 5.5, 5.6 in the Troubleshooting Guide for details. o Due to a dump/restore native limitation, the PostPath restore tool cannot restore message stores residing on LVM volumes from backups created using the dump tool. o When restoring a particular user’s items in the default "hot" restore mode, the user’s client application (e.g. Microsoft Outlook) must be closed or disconnected from the PPSD server. See the Troubleshooting Guide for details. ************************************************************************ ************************************************************************ 8. Considerations to be undertaken for backing up the Active Directory The backup tool in the Windows 2000 / 2003 Server supports multiple types of backup: normal, copy, incremental, differential, and daily. However, because the Active Directory is backed up as part of the system state, the only type of backup available for Active Directory is normal. A normal backup creates a backup of the entire system state while the domain controller is online. Additionally, the backup tool marks each file as a backed-up file, which removes the archive attribute of the file. To ensure a successful restore from backup, consider the following: o Domain controllers to back up Back up at least two domain controllers in each domain. One of these should be an operations master role holder (excluding the relative ID (RID) master, which should not be restored). Note that backup data from a domain controller can only be used to restore that domain controller. A backup of one domain controller cannot be used to restore another. o Contents Backup at least the system state and the contents of the system disk. Backing up the system disk ensures that all the required system files and folders are present so the data can be successfully restored. o Performance Best performance practice states that the Active Directory's logs and database files should be on separate disks. If your domain controllers are configured in this manner, the Active Directory components will be spread out on multiple drives, such as D:\Winnt\NTDS for logs and E:\Winnt\NTDS for databases. The location of these logs and databases does not need to be specified for them to be backed up. The backup utility will automatically locate and include them when you back up the system state. o Age A backup older than the tombstone lifetime set in the Active Directory will result in an inferior backup. At a minimum, perform at least two backups within the tombstone lifetime. The default tombstone lifetime is 60 days. Active Directory incorporates the tombstone lifetime into the backup and restore processes as a means of protecting itself from inconsistent data. Deleting an object from the Active Directory is a two-step process. When an object is deleted in the Active Directory, the object is converted into a tombstone, which is then replicated to the other domain controllers in the environment to inform them of the deletion. Active Directory purges the tombstone when the tombstone lifetime is reached. If a domain controller is restored to a state prior to the deletion of an object, and the tombstone for that object is not replicated to the restored domain controller before the tombstone expires, the object remains present only on the restored domain controller, resulting in inconsistent data. Therefore, restoration of the domain controller prior to tombstone expiration is required, and inbound replication from a domain controller containing the tombstone must be completed prior to expiration of the tombstone. The Active Directory protects itself from restoring data older than the tombstone lifetime by prohibiting such a restore. As a result, the useful life of a backup is equivalent to the tombstone lifetime setting for the enterprise. To back up the Active Directory and its associated components on a domain controller, either the system state or both the system state and the system disk can be backed up.