When exchange Domain Controller or Global Catalog servers?

Similar Messages

• Exchange 2007 with Global catalog servers

  exchange 2007 connects with 2 global catalog servers
  when it connects GC server A, and A is down, there is user connection error at Outlook side.
  any setting to allow Exchange 2007 immediately switching to GC server B without waiting?
  Thanks a lot.

  Hi
  As per the information and details provided by you, please follow these steps: -
  If you are running a version of Exchange Server that is earlier than Exchange Server 2010, use the following steps to force Outlook to identify and use the closest global
  catalog server yourself.
  Click
  Start, and then click Run.
  In the
  Open box, type regedit.exe, and then click
  OK.
  Locate and then click the following key in the registry:
  HKEY_CURRENT_USER\Software\Microsoft\Exchange\Exchange Provider
  On the
  Edit menu, click Add Value, and then add the following registry value:
  Value name: Closest GC
  Data Type: REG_DWORD
  Radix: Hexadecimal
  Value Data: 0x0000000
  Quit
  Registry Editor.
  I hope this information will be helpful for you.
  Thanks and regards
  Shweta@G 

• Exchange Management Shell Cannot Find Global Catalog Servers

  Hello,
  I have a client with a single Exchange 2013 RU2 multi role server.  Exchange works fine with no issues.  However, when I open EMS and try to do anything (example get-mailbox) it returns the following error.  It was working up until about a
  week ago.
  "Could not find any available Global Catalog in forest domain.com"
  I haven't tried rebooting the server yet because Exchange is running fine, it's just PowerShell is jacked up.  I have even tried Remote PowerShell from another server and same results.  Has anyone ever seen this?
  Thanks,
  John

  can you check what  your nslookup returns you... are you able to connect to your DNS without any error.
  the above error is generally towards network connectivity issues.
  guess you have two lan cards on exchange. what is the DNS on both lan cards. i guess should b same.
  MARK AS USEFUL/ANSWER IF IT DID
  Thanks
  Happiness Always
  Jatin

• When the domain controller locator process happened

  HI Guys
    I read lots of articles about how domain controller located. And so far i thougth i knew most of the process, but still have some question.
  1.when the DC locator happend ,just start during computer boots up ,or started after user press CTRL+ALT+DEL and input username and credential.
  2.Based on following Technet article , step 7, what's the difference between  "If the client has found a DC in the site in which the DC claims the client is located" and "If the returned domain controller is in the cloest site "
  ? And step 8, if the domain that is being quried is same as the domain that the computer joined, was the first domain means the domain the user belongs to ? like xxx\username ?

  Hi Jacky,
  I assume that you are talking about this article:
  Active Directory: Using Catch-All Subnets in Active Directory
  http://technet.microsoft.com/en-us/forefront/2009.06.subnets.aspx
  >when the DC locator happend ,just start during computer boots up ,or started after user press CTRL+ALT+DEL and input username and credential.
  The DC locator initiates after we input domain credentials and press Enter.
  >what's the difference between "If the client has found a DC in the site in which the DC claims the client is located" and "If the returned domain controller is in the closest site "?
  “If the client has found a DC in the site in which the DC claims the client is located” means that the client and a DC are located in the same site. “If the returned domain controller is in the closest site” means that a DC which
  is located in the closest site is found (based on site link cost).
  >if the domain that is being queried is same as the domain that the computer joined, was the first domain means the domain the user belongs to ? like xxx\username ?
  Yes you are right that the first domain means the user account which tries to log on belongs to.
  More information for you:
  Enabling Clients to Locate the Next Closest Domain Controller
  http://technet.microsoft.com/en-us/library/cc733142(v=WS.10).aspx
  I hope this helps.
  Amy

• Group Policy Management Console Failes to open when one Domain Controller is powered down

  Hi All,
  This was an accidental discovery, but here's my dilemma. I have a site with 2 domain controllers(Windows 2008 R2), and if I shut down my second domain controller, when I try to open the Group Policy Management  Console on the 1st domain controller,
  it fails to open and I get the following error, "The specified domain either does not exist or could not be contacted" with 3 options to "retry", "choose another domain controller", or remove.   If I go to chose another domain
  controller and select the 1st domain controller it still fails.  Unless the 2nd DC is turned on, I have no issues opening the GP management console. Not sure, why this is happening, I've done it in the pass without issue.
  Any help would be appreciated.
  Thanks

  Well it seems that some how the PDC emulator is set to be the 2nd DC instead of the 1st DC on the 1st DC which explains why the failure after the 2nd DC went down. Why or should I say how could the PDC get switched from the primary DC without human intervention.
  Does the PDC automatically switch for any reason?

• Domain Controller Ratio to Lync servers

  For Lync 2013/2010, is there some formula that dictates the number of domain controllers that are required for each FE/pool? I see that Exchange 2013 has a requirement that for every 8 mbx servers, one DC is needed.
  This could potentially be dealing with 100K users.
  Thanks,
  Chris
  Christian Frank

  I have not come across any Lync documentation specifying a number of Front Ends limit to a DC. Usually a DC per site is the only mentioned requirement. Thats not what you are after though. I would assume that if Exchange were deployed with the numbers you
  have stated that Lync would be quite happy with that. 
  In any event, I don't think you are going to get a straightforward answer as scoping DC's come into play. So it all depends on a huge number of variables. You probably alredy see this but I'll add it anyway
  http://social.technet.microsoft.com/wiki/contents/articles/14355.capacity-planning-for-active-directory-domain-services.aspx
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
  Lync Sorted blog

• When promoting Domain Controller I get an error

  I just did a fresh install of Server 2012 R2 when I try and promote it I get the attached Error:

  I have a remote desktop connection to it. It is a Virtual Machine on VMWare ESXi server. There was no errors during the installation until I did the promotion process. I just confirmed the roles it still isn't working 
  Active Directory is installed and the following features are installed:
  - Active Directory module for Windows Powershell -Installed
  - AD DS Tools (Active Directory Administrative Center, AD DS Snap-Ins and Command-Line Tools)
  - AD LDS Snap-Ins and Command-Line Tools
  New DC Promotion Error:
  When I try to remove the Active Directory Role:
  Any Other suggestions would be great

• Global Catalog Server?

  I am upgrading three domain controllers by replacing old '03 DCs with new '12 DCs. The set is a parent domain with two sub domains for child organizations. No users in the sub domains should be able to log into the other domains or see the GAL for the exchange servers in the other orgs. Each of the three has their own exchange server. The same IT team manages all three, so we want to have them in the same forest. (correct term?)Should any of the domain controllers be a Global Catalog server? That is an option when upgrading the DC server from '03 to '12."Servers running Microsoft Exchange Server rely on access to the global catalog for address information. Users use global catalog (GC) servers to access the global address list (GAL).Because a domain controller that acts as a global catalog server stores objects for all domains in the...
  This topic first appeared in the Spiceworks Community

  CFLDAP requires a domain controller to be specified. It can't
  use find the root dsn of the domain and start from there.
  The best workaround is to "know" every domain controller on
  your domain. Then, run a very simple LDAP query using the first
  domain controller. If an error occurs, then try the LDAP query with
  the second domain controller. Keep this up until you run out of
  domain controllers. If this happens, then you are in worse trouble
  because your domain will start to fall apart.
  Use CFTRY/CFCATCH to test for any LDAP errors when a domain
  controller is not responding. You can even wrap this into a simple
  CFLOOP that loops over a list of domain controllers.
  All it has to do is return a simple query that should take
  very little time to process. All you are doing is testing to make
  the sure domain controller is responding.

• Global Catalog and IFM files

  What is the difference between when you "Install Domain Controller as a Global Catalog or without a Global Catalog"?

  When the first domain controller is installed on the network by default it becomes the global catalog server, when you install the additional domain controllers then you will have to manually specify the global catalog server in case if you want.
  The global catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain
  in a multidomain Active Directory Domain Services (AD DS) forest. The global catalog is stored on domain controllers that have been designated as global catalog servers and is distributed through multimaster replication. Searches that are directed
  to the global catalog are faster because they do not involve referrals to different domain controllers
  http://technet.microsoft.com/en-us/library/cc728188(v=ws.10).aspx
  http://www.arabitpro.com

• Force acs v.5 to join domain with a certain Domain Controller

      Hi everybody,
  I try to join an ACS v. 5.3 to the domain.  For my acs in Location A, I can join without problems using my account. When I try to join the ACS in location B to the same domain with the same account, it doesnt work.
  I looked at the debug log files for the ad client, and noticed, that the ACS in location B goes to a certain Domain Controller. However, I would have expected the ACS to contact another DC, which is located on  the same location as the ACS ... this doesnt happen.
  My question:  How does the ACS determine what DC to contact ? Is it possible to force the AC to join by connecting a certain DC ?
  Thanks for any help or ideas ?!?
  Ida              

  Hi,
  Please check your sites and services in your DNS configuration to see if the right Domain controllers are being sent to the ACS when it attempts to connect to the domain. This feature is critical and will optimize the connections that the ACS chooses in order to join the domain.
  The way this works is that ACS attempts to resolve some dns records for global catalog servers and domain controllers to the dns server configured in the initial installation script. Then the dns makes a decision based on the source ip address of the dns query and thinks that the ACS is at a specific site and returns the result of which DCs and GCs are configured in that specific site.
  let me know if that helps.
  Tarik Admani
  *Please rate helpful posts*

• New Domain Controller does not show in our different site's Domain controller's Sites and Services

  Hi,
  we have two sites in our AD environment. OMA site and NY site. we have three domain controllers in our OMA site and two domain controllers in our NY site. All our DCs are windows server 2008R2 except one in our OMA site that is 2003R2 the domain
  functional level is also 2003R2.
  We decided to raise our functional level to 2008R2. I added a new domain controller in our OMA site and transferred all FESMOS from the DC that was running 2003R2 to this new domain controller.
  the issue now is that our NY site does not make any connection with the new domain controller in OMA site. it does not even show it under sites and services. I have checked the DNS settings and everything. if you try to replicate the connections
  from NY site it gives the following error: "The naming context is in the process of being removed or is not replicated from the specific server."
  can anyone plz tell me why this is happening mt brain is just frozen at this moment and cant figure out why is this happening

  Just noticed this replication issue has been going on for a while now but we never noticed until I added new DC. here is the error log for the NY site DC.
  Log Name:      Directory Service
  Source:        Microsoft-Windows-ActiveDirectory_DomainService
  Date:          1/4/2014 8:11:40 AM
  Event ID:      2042
  Task Category: Replication
  Level:         Error
  Keywords:      Classic
  User:          ANONYMOUS LOGON
  Computer:      NORDC1.vertrue.com
  Description:
  It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded the tombstone lifetime. Replication has been stopped with this source.
   The reason that replication is not allowed to continue is that the two DCs may contain lingering objects.  Objects that have been deleted and garbage collected from an Active Directory Domain Services partition but still exist in the writable partitions
  of other DCs in the same domain, or read-only partitions of global catalog servers in other domains in the forest are known as "lingering objects".  If the local destination DC was allowed to replicate with the source DC, these potential lingering object
  would be recreated in the local Active Directory Domain Services database.
  Time of last successful replication:
  2013-05-16 15:26:38
  Invocation ID of source directory server:
  9236ac56-d046-4632-b072-acbe823c5f6c
  Name of source directory server:
  accde843-11b2-476c-9783-9b29252d0ba5._msdcs.vertrue.com
  Tombstone lifetime (days):
  90
  The replication operation has failed.
  User Action:
    The action plan to recover from this error can be found at
  http://support.microsoft.com/?id=314282.
   If both the source and destination DCs are Windows Server 2003 DCs, then install the support tools included on the installation CD.  To see which objects would be deleted without actually performing the deletion run "repadmin /removelingeringobjects
  <Source DC> <Destination DC DSA GUID> <NC> /ADVISORY_MODE". The eventlogs on the source DC will enumerate all lingering objects.  To remove lingering objects from a source domain controller run "repadmin /removelingeringobjects <Source
  DC> <Destination DC DSA GUID> <NC>".
   If either source or destination DC is a Windows 2000 Server DC, then more information on how to remove lingering objects on the source DC can be found at
  http://support.microsoft.com/?id=314282 or from your Microsoft support personnel.
   If you need Active Directory Domain Services replication to function immediately at all costs and don't have time to remove lingering objects, enable replication by setting the following registry key to a non-zero value:
  Registry Key:
  HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Allow Replication With Divergent and Corrupt Partner
   Replication errors between DCs sharing a common partition can prevent user and compter acounts, trust relationships, their passwords, security groups, security group memberships and other Active Directory Domain Services configuration data to vary between
  DCs, affecting the ability to log on, find objects of interest and perform other critical operations. These inconsistencies are resolved once replication errors are resolved.  DCs that fail to inbound replicate deleted objects within tombstone lifetime
  number of days will remain inconsistent until lingering objects are manually removed by an administrator from each local DC.  Additionally, replication may continue to be blocked after this registry key is set, depending on whether lingering objects are
  located immediately.
  Alternate User Action:
  Force demote or reinstall the DC(s) that were disconnected.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS Replication" />
      <EventID Qualifiers="49152">2042</EventID>
      <Version>0</Version>
      <Level>2</Level>
      <Task>5</Task>
      <Opcode>0</Opcode>
      <Keywords>0x8080000000000000</Keywords>
      <TimeCreated SystemTime="2014-01-04T13:11:40.963263500Z" />
      <EventRecordID>38018</EventRecordID>
      <Correlation />
      <Execution ProcessID="660" ThreadID="1596" />
      <Channel>Directory Service</Channel>
      <Computer>NORDC1.vertrue.com</Computer>
      <Security UserID="S-1-5-7" />
    </System>
    <EventData>
      <Data>2013-05-16 15:26:38</Data>
      <Data>9236ac56-d046-4632-b072-acbe823c5f6c</Data>
      <Data>accde843-11b2-476c-9783-9b29252d0ba5._msdcs.vertrue.com</Data>
      <Data>90</Data>
      <Data>Allow Replication With Divergent and Corrupt Partner</Data>
      <Data>System\CurrentControlSet\Services\NTDS\Parameters</Data>
    </EventData>
  </Event>

• New Domain Controller DNS Issues

  Hello,
  We currently have 2 root Domain Controllers (ROOTDOM) and 4 child Domain Controllers (MYDOM). ROOTDOM is an empty domain, everything on our network uses the MYDOM domain.
  These existing DCs were running Server 2003, so we upgraded the schema and added 2 Server 2008 DCs in ROOTDOM and 4 Server 2008 DCs in MYDOM. All servers are DNS servers and Global Catalog servers.
  The AD replication status tool shows replication is working perfectly between the new and old DCs, and everything looks up to date in AD and DNS on all servers.
  The new servers have a SYSVOL and NETLOGON share as they should.
  The servers are all in the Domain Controllers AD group and have correct static IP addresses, forwarders are pointing to the 2 old 2003 ROOTDOM DCs which in turn point to an internet source which works fine.
  The problem is that when I change the DNS server address of a machine in MYDOM to one of my new 2008 DCs, the machine appears to lose connectivity with the domain. As soon as I put the DNS server back to one of the existing 2003 DCs, connectivity resumes
  as normal.
  I really don't understand what else I'm missing on those 2008 DCs, could you give me any pointers of where to look?
  ROOTDOM          MYDOM
  2003RDC1         2003DC1
  2003RDC2         2003DC2
  2008RDC1         2003DC3
  2008RDC2         2003DC4
                          2008DC1
                          2008DC2
                          2008DC3
                          2008DC4
  The issue is slightly complicated by the fact that 2008DC2 has a hardware failure so DCDIAG (understandably) reports replication issues to that at the moment.
  Any pointers greatly appreciated.
  EDIT - DCDIAG results as follows:
  Directory Server Diagnosis
  Performing initial setup:
  Trying to find home server...
  Home Server = 2008DC1
  * Identified AD Forest.
  Done gathering initial info.
  Doing initial required tests
  Testing server: Central-Site\2008DC1
  Starting test: Connectivity
  ......................... 2008DC1 passed test Connectivity
  Doing primary tests
  Testing server: Central-Site\2008DC1
  Starting test: Advertising
  ......................... 2008DC1 passed test Advertising
  Starting test: FrsEvent
  ......................... 2008DC1 passed test FrsEvent
  Starting test: DFSREvent
  ......................... 2008DC1 passed test DFSREvent
  Starting test: SysVolCheck
  ......................... 2008DC1 passed test SysVolCheck
  Starting test: KccEvent
  ......................... 2008DC1 passed test KccEvent
  Starting test: KnowsOfRoleHolders
  ......................... 2008DC1 passed test KnowsOfRoleHolders
  Starting test: MachineAccount
  ......................... 2008DC1 passed test MachineAccount
  Starting test: NCSecDesc
  ......................... 2008DC1 passed test NCSecDesc
  Starting test: NetLogons
  ......................... 2008DC1 passed test NetLogons
  Starting test: ObjectsReplicated
  ......................... 2008DC1 passed test ObjectsReplicated
  Starting test: Replications
  ......................... 2008DC1 passed test Replications
  Starting test: RidManager
  ......................... 2008DC1 passed test RidManager
  Starting test: Services
  ......................... 2008DC1 passed test Services
  Starting test: SystemLog
  ......................... 2008DC1 passed test SystemLog
  Starting test: VerifyReferences
  ......................... 2008DC1 passed test VerifyReferences
  Running partition tests on : DomainDnsZones
  Starting test: CheckSDRefDom
  ......................... DomainDnsZones passed test CheckSDRefDom
  Starting test: CrossRefValidation
  ......................... DomainDnsZones passed test
  CrossRefValidation
  Running partition tests on : ForestDnsZones
  Starting test: CheckSDRefDom
  ......................... ForestDnsZones passed test CheckSDRefDom
  Starting test: CrossRefValidation
  ......................... ForestDnsZones passed test
  CrossRefValidation
  Running partition tests on : MYDOM
  Starting test: CheckSDRefDom
  ......................... MYDOM passed test CheckSDRefDom
  Starting test: CrossRefValidation
  ......................... MYDOM passed test CrossRefValidation
  Running partition tests on : Schema
  Starting test: CheckSDRefDom
  ......................... Schema passed test CheckSDRefDom
  Starting test: CrossRefValidation
  ......................... Schema passed test CrossRefValidation
  Running partition tests on : Configuration
  Starting test: CheckSDRefDom
  ......................... Configuration passed test CheckSDRefDom
  Starting test: CrossRefValidation
  ......................... Configuration passed test CrossRefValidation
  Running enterprise tests on : ROOTDOM.mycompany.co.uk
  Starting test: LocatorCheck
  ......................... ROOTDOM.mycompany.co.uk passed test
  LocatorCheck
  Starting test: Intersite
  ......................... ROOTDOM.mycompany.co.uk passed test
  Intersite

  Hi Kev,
  >>The problem is that when I change the DNS server address of a machine in MYDOM to one of my new 2008 DCs, the machine appears to lose connectivity with the domain.
  Before going further, does the 2008 DC belong to MYDOM domain? For AD-integrated DNS servers and if these servers belong to the same domain, they should hold the same set
  of DNS records.  
  Besides, we can check DNS event logs to see if some related events were logged.
  Best regards,
  Frank Shen

• Lync Server 2013 dropping global catalog in forest

  I have an interesting issue. My Lync 2013 Server is connected to an AD network running at 2012. All my Lync 2013 clients can connect without issue, all the inherent Lync capabilities are functional (except desktop sharing, but that is another question for
  later), and I get no general errors from my server.
  However, when I go to administer to the system through PowerShell, or the Lync Command Console, I get the error:
  "Cannot find any global catalog in the forest "xxxxx.yyy""
  Therefore I cannot manage the server very well, if at all. Here is the real kicker. If I reboot the server, everything works great and I get no errors running admin powershell commands, or executing the Lync Command Console. This connectivity seems to work
  for random lengths of time from 1-6 hours or so before "losing" the global catalog again.
  Any thoughts on what is happening here?

  We are using Standard Edition, and the deployment wizard will not complete when I am getting this error message. However, it works fine when I reboot the Lync Server system and it "reconnects" with the global catalog.
  What I can't figure out is why it is "losing"the catalog, or really even where to start looking. Is that an Active Directory issue (Sites or other issue)? Is it a networking issue with DNS?
  When the server "loses" the global catalog Lync clients still function normally, I can ping the server (by IP, FQDN, and machine name) from another system. Lync continues to communicate with Exchange and archive conversations, etc.. It just won't
  run Lync powershell commands for admin, and the Lync Management Control Panelwon't recognize any login. It gives out a error stating "The application cannot verify your credentials" message.
  This makes me think there is an issue with AD, but not sure where to start since users are not affected at all. Could there be a replication issue or something?

• Active Directory integrated LION with offline Domain Controller

  Hi,
  I have some OS X Lion machine, and all of them joined into the Win2008 AD. There is no any issue when the Domain Controller is reahcable, but when it is not reahcable, or the machine is not in the same network as the DC, then I am not able to login with my AD user.
  In Windows the last credential is stored on the local machines. So if the machine is OFFLINE from the DC, then it is able to let the AD user to login.
  Is there any trick or option how I can implement it with my LION clients? Or there is no way to use AD user when the AD is not reachable?
  Thanks in advance!

  He actually didn't specify much about dynamic updates requirements for old domains, if they don't need secure dynamic updates then a primary zone would work:
  The DNS Server service allows dynamic update to be enabled or disabled on a per-zone basis at each server that is configured to load
  either a standard primary or directory-integrated zone.
  REF: Understanding Dynamic updates
  This post is provided AS IS with no warranties or guarantees, and confers no rights.
  ~~~
  Questo post non fornisce garanzie e non conferisce diritti

• Upgrading domain controller from Server 2003 to Server 2012 R2, how will this affect Exchange 2010?

  Hi All,
  Below is an AD and Server related post that I had submitted last week. While I did receive valid responses for the post, I was advised to check with the Exchange forums for the Exchange related  question in
  bold. All responses are welcomed, thank you!
  ===========================================================
  Hi All,
  I am hoping that someone could perhaps provide some insight on this topic as I apparently can't seem to google the best answer.
  I have recently acquired an AD domain that is running on a 2003 domain controller. I have been tasked with upgrading our existing domain structure with 2012 R2 domain controllers for our main office and remote offices.
  The domain name is company.mynetwork.com, and it is the default first site name. We have multiple offices throughout the US with their own domain controllers (i.e. FL.mynetwork.com, NY.mynetwork.com, DC.mynetwork.com, etc.).
  Our main office, and default first site has one domain controller (mynetdc1) running Server 2003 R2. It is also our only DNS server for the main office. It also has an additional domain controller called mynetmaster3 which is running Server 2003.
  Both mynetdc1 & mynetmaster3 NTDS settings show them as global catalogs under AD Sites & Services. Both servers are also in the AD Domain Controllers OU, along with all of the other satellite office domain controllers.
  Additionally, our main office is running Exchange 2010 with the latest service pack. My questions are:
  Can we demote and retire mynetmaster3, then replace mynetdc1 with a newly promoted 2012 R2 global catalog domain controller without harming anything in the domain tree and interrupting connectivity to the other offices (this of course goes without saying
  after a 4 hour maintenance window to get the task completed has passed)?
  Should we upgrade the satellite offices first after raising the functional level for mynetdc1, or should we do the opposite (upgrade main office, then satellite offices)?
  MS Exchange 2010 is heavily dependent on AD, what effect will this entire project have on our email server? What steps should we take beforehand to ensure email continuity?
  Finally, is there any shame for a Net Admin to suggest that we hire an implementation specialist for this task? :)
  Any advice would be greatly appreciated!

  As long as the operating system on your Exchange servers isn't upgraded, and as long as you do the Active Directory domain and forest updates in the supported manner (the following link is a good example -
  http://blogs.msmvps.com/mweber/2012/07/30/upgrading-an-active-directory-domain-from-windows-server-2003-or-windows-server-2003-r2-to-windows-server-2012/), Exchange will happily operate behind the scenes.  Exchange 2010 is supported in the Windows
  forests (domain controllers, domain functional level and forest functional level) mentioned in the following TechNet article, which includes both Windows 2003 and Windows 2012.
  http://technet.microsoft.com/en-us/library/ff728623(v=exchg.150).aspx
  Due to this, you should be good as long as you do the domain controller, domain, and forest upgrades carefully.  Oh, and before you start each step, get a nice backup.