Solved

Cloning of Server ?

Posted on 2006-06-21
7
583 Views
Last Modified: 2016-10-27
I have a 2003 server that I want to clone in case something happnes. I know that acronis makes a software package that allows you to do this.  My concern is that if I clone a server and then it goes down and I apply the image , will all the domain information stay in tack such as the GUID ??  

0
Comment
Question by:focusen
  • 3
  • 2
7 Comments
 
LVL 83

Accepted Solution

by:
oBdA earned 500 total points
ID: 16953396
What is that machine? If it's a DC, and you have another DC running, do !NOT!, I repeat, do !NOT! use cloning tools as "backup"!
Use an AD aware backup software.
If it's the only DC, you can basically use a cloning as backup as well. And, in principle, you can even use cloning software for DCs, but that requires that you shut down all DCs completely, take image of all DCs WHILE NOT EVEN A SINGLE DC IS LEFT RUNNING! For a restore, even of a single machine, *ALL* DCs HAVE TO BE RESTORED FROM THE IMAGES!
In short: don't do it. Don't use cloning software to backup DCs unless you know *exactly* what you're doing.
Anyway, if it's a member server, you can use cloning software as backup.
As far as the domain information is concerned, the machine will obviously have exactly the same configuration as when you took the image.
0
 
LVL 8

Expert Comment

by:SanDiegoComputer
ID: 16953873
I would somewhat agreee and disagree with oBda.  Cloning a server can be a very useful way to get it back up quickly.  It will indeed keep the domain Guid for recovery.  In terms of using this with AD you just need  to plan things out.  If it is a single server, a clone backup can be useful in that you can use the close as a back backup of the OS and installed applications.  You would also seperately need to back up the system state and any changed data.  Acronis will also let you run incrementals as well and would be fine for a single DC.  In a multi-DC environment you would need to make sure when you boot the system after restore to bring it up in Directory Restore mode (F8).  In fact I would also disconnect the server from the network until you have the restore complete.  That you would need to take all other DC's off-line is just plain incorrect.  You need to ensure you use the server version of acronis, but Acronis themselves specify that they support backing up a DC.  

Here is a good thread on restoring DC's with acronis.  More should be in the acronis documentation:

http://www.wilderssecurity.com/showthread.php?t=96564
0
 
LVL 83

Expert Comment

by:oBdA
ID: 16953984
If you restore a single DC image in a multi-DC network, you'll end up with a USN rollback.
What Microsoft has to say about imaging DCs:

"Software and methodologies that cause USN rollbacks
When the following environments, programs, or subsystems are used, administrators can bypass the checks and validations that Microsoft has designed to occur when the domain controller system state is restored:
* Virtualized hosting environments, including but not limited to Microsoft Virtual Server 2005 and EMC VMWARE
* Software that backs up and restores an Active Directory operating system installation or a hard disk volume that contains that installation
Note Such software includes but is not limited to Norton Ghost.
* Advanced disk subsystems that can selectively copy a volume that contains an Active Directory operating system installation that was saved in the past
Operations that are not supported include the following:
* Starting an Active Directory domain controller whose operating system was restored to a hard disk by using an imaging program such as Norton Ghost
* Starting an Active Directory domain controller whose operating system resides in a virtualized hosting environment such as Microsoft Virtual PC, Microsoft Virtual Server 2005, or EMC VMWARE
* Starting an Active Directory domain controller that is located on a volume where the disk subsystem loads using previously saved images of the operating system without requiring a system state restoration of Active Directory.
The only supported way to roll back the contents of Active Directory or the local state of an Active Directory domain controller is to use an Active Directory-aware backup and restoration utility to restore a system state backup that originated from the same operating system installation and the same physical or virtual computer that is being restored.

Microsoft does not support any other process that takes a snapshot of the elements of an Active Directory domain controller’s system state and copies elements of that system state to an operating system image. Unless an administrator intervenes, such processes cause a USN rollback. This USN rollback causes the direct and transitive replication partners of an incorrectly restored domain controller to have inconsistent objects in their Active Directory databases."

How to detect and recover from a USN rollback in Windows Server 2003
http://support.microsoft.com/?kbid=875495
0
 
LVL 8

Expert Comment

by:SanDiegoComputer
ID: 16954878
Exatcly.  As the article say, "Unless the administrator intervenes" which is to say, marks the restore as not authoritative.  Also you could after the clone then apply a seperate backup of the system state.  
0
 
LVL 83

Expert Comment

by:oBdA
ID: 16954982
Note that the sentence you quote starts with "Microsoft does not support".
Will you give focusen a new job if the restore of a cloned DC brings down AD, and he has to explain that he used an unsupported backup method?
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Every computer eventually fails. When that happens, your valuable data is only as safe as your current backup.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question