?
Solved

Cloning of Server ?

Posted on 2006-06-21
7
Medium Priority
?
588 Views
Last Modified: 2016-10-27
I have a 2003 server that I want to clone in case something happnes. I know that acronis makes a software package that allows you to do this.  My concern is that if I clone a server and then it goes down and I apply the image , will all the domain information stay in tack such as the GUID ??  

0
Comment
Question by:focusen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
7 Comments
 
LVL 85

Accepted Solution

by:
oBdA earned 2000 total points
ID: 16953396
What is that machine? If it's a DC, and you have another DC running, do !NOT!, I repeat, do !NOT! use cloning tools as "backup"!
Use an AD aware backup software.
If it's the only DC, you can basically use a cloning as backup as well. And, in principle, you can even use cloning software for DCs, but that requires that you shut down all DCs completely, take image of all DCs WHILE NOT EVEN A SINGLE DC IS LEFT RUNNING! For a restore, even of a single machine, *ALL* DCs HAVE TO BE RESTORED FROM THE IMAGES!
In short: don't do it. Don't use cloning software to backup DCs unless you know *exactly* what you're doing.
Anyway, if it's a member server, you can use cloning software as backup.
As far as the domain information is concerned, the machine will obviously have exactly the same configuration as when you took the image.
0
 
LVL 8

Expert Comment

by:SanDiegoComputer
ID: 16953873
I would somewhat agreee and disagree with oBda.  Cloning a server can be a very useful way to get it back up quickly.  It will indeed keep the domain Guid for recovery.  In terms of using this with AD you just need  to plan things out.  If it is a single server, a clone backup can be useful in that you can use the close as a back backup of the OS and installed applications.  You would also seperately need to back up the system state and any changed data.  Acronis will also let you run incrementals as well and would be fine for a single DC.  In a multi-DC environment you would need to make sure when you boot the system after restore to bring it up in Directory Restore mode (F8).  In fact I would also disconnect the server from the network until you have the restore complete.  That you would need to take all other DC's off-line is just plain incorrect.  You need to ensure you use the server version of acronis, but Acronis themselves specify that they support backing up a DC.  

Here is a good thread on restoring DC's with acronis.  More should be in the acronis documentation:

http://www.wilderssecurity.com/showthread.php?t=96564
0
 
LVL 85

Expert Comment

by:oBdA
ID: 16953984
If you restore a single DC image in a multi-DC network, you'll end up with a USN rollback.
What Microsoft has to say about imaging DCs:

"Software and methodologies that cause USN rollbacks
When the following environments, programs, or subsystems are used, administrators can bypass the checks and validations that Microsoft has designed to occur when the domain controller system state is restored:
* Virtualized hosting environments, including but not limited to Microsoft Virtual Server 2005 and EMC VMWARE
* Software that backs up and restores an Active Directory operating system installation or a hard disk volume that contains that installation
Note Such software includes but is not limited to Norton Ghost.
* Advanced disk subsystems that can selectively copy a volume that contains an Active Directory operating system installation that was saved in the past
Operations that are not supported include the following:
* Starting an Active Directory domain controller whose operating system was restored to a hard disk by using an imaging program such as Norton Ghost
* Starting an Active Directory domain controller whose operating system resides in a virtualized hosting environment such as Microsoft Virtual PC, Microsoft Virtual Server 2005, or EMC VMWARE
* Starting an Active Directory domain controller that is located on a volume where the disk subsystem loads using previously saved images of the operating system without requiring a system state restoration of Active Directory.
The only supported way to roll back the contents of Active Directory or the local state of an Active Directory domain controller is to use an Active Directory-aware backup and restoration utility to restore a system state backup that originated from the same operating system installation and the same physical or virtual computer that is being restored.

Microsoft does not support any other process that takes a snapshot of the elements of an Active Directory domain controller’s system state and copies elements of that system state to an operating system image. Unless an administrator intervenes, such processes cause a USN rollback. This USN rollback causes the direct and transitive replication partners of an incorrectly restored domain controller to have inconsistent objects in their Active Directory databases."

How to detect and recover from a USN rollback in Windows Server 2003
http://support.microsoft.com/?kbid=875495
0
 
LVL 8

Expert Comment

by:SanDiegoComputer
ID: 16954878
Exatcly.  As the article say, "Unless the administrator intervenes" which is to say, marks the restore as not authoritative.  Also you could after the clone then apply a seperate backup of the system state.  
0
 
LVL 85

Expert Comment

by:oBdA
ID: 16954982
Note that the sentence you quote starts with "Microsoft does not support".
Will you give focusen a new job if the restore of a cloned DC brings down AD, and he has to explain that he used an unsupported backup method?
0

Featured Post

How Blockchain Is Impacting Every Industry

Blockchain expert Alex Tapscott talks to Acronis VP Frank Jablonski about this revolutionary technology and how it's making inroads into other industries and facets of everyday life.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Adoption of Microsoft’s Enterprise Mobility and Security solution and Office 365 will re-order the File Sync and Share market Microsoft has stated that its Enterprise Mobility + Security (EMS) is the fastest growing product in the history of the …
The well known Cerber ransomware continues to spread this summer through spear phishing email campaigns targeting enterprises. Learn how it easily bypasses traditional defenses - and what you can do to protect your data.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question