We help IT Professionals succeed at work.

Cloning of Server ?

focusen
focusen asked
on
604 Views
Last Modified: 2016-10-27
I have a 2003 server that I want to clone in case something happnes. I know that acronis makes a software package that allows you to do this.  My concern is that if I clone a server and then it goes down and I apply the image , will all the domain information stay in tack such as the GUID ??  

Comment
Watch Question

CERTIFIED EXPERT
Most Valuable Expert 2019
Most Valuable Expert 2018
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
I would somewhat agreee and disagree with oBda.  Cloning a server can be a very useful way to get it back up quickly.  It will indeed keep the domain Guid for recovery.  In terms of using this with AD you just need  to plan things out.  If it is a single server, a clone backup can be useful in that you can use the close as a back backup of the OS and installed applications.  You would also seperately need to back up the system state and any changed data.  Acronis will also let you run incrementals as well and would be fine for a single DC.  In a multi-DC environment you would need to make sure when you boot the system after restore to bring it up in Directory Restore mode (F8).  In fact I would also disconnect the server from the network until you have the restore complete.  That you would need to take all other DC's off-line is just plain incorrect.  You need to ensure you use the server version of acronis, but Acronis themselves specify that they support backing up a DC.  

Here is a good thread on restoring DC's with acronis.  More should be in the acronis documentation:

http://www.wilderssecurity.com/showthread.php?t=96564
CERTIFIED EXPERT
Most Valuable Expert 2019
Most Valuable Expert 2018

Commented:
If you restore a single DC image in a multi-DC network, you'll end up with a USN rollback.
What Microsoft has to say about imaging DCs:

"Software and methodologies that cause USN rollbacks
When the following environments, programs, or subsystems are used, administrators can bypass the checks and validations that Microsoft has designed to occur when the domain controller system state is restored:
* Virtualized hosting environments, including but not limited to Microsoft Virtual Server 2005 and EMC VMWARE
* Software that backs up and restores an Active Directory operating system installation or a hard disk volume that contains that installation
Note Such software includes but is not limited to Norton Ghost.
* Advanced disk subsystems that can selectively copy a volume that contains an Active Directory operating system installation that was saved in the past
Operations that are not supported include the following:
* Starting an Active Directory domain controller whose operating system was restored to a hard disk by using an imaging program such as Norton Ghost
* Starting an Active Directory domain controller whose operating system resides in a virtualized hosting environment such as Microsoft Virtual PC, Microsoft Virtual Server 2005, or EMC VMWARE
* Starting an Active Directory domain controller that is located on a volume where the disk subsystem loads using previously saved images of the operating system without requiring a system state restoration of Active Directory.
The only supported way to roll back the contents of Active Directory or the local state of an Active Directory domain controller is to use an Active Directory-aware backup and restoration utility to restore a system state backup that originated from the same operating system installation and the same physical or virtual computer that is being restored.

Microsoft does not support any other process that takes a snapshot of the elements of an Active Directory domain controller’s system state and copies elements of that system state to an operating system image. Unless an administrator intervenes, such processes cause a USN rollback. This USN rollback causes the direct and transitive replication partners of an incorrectly restored domain controller to have inconsistent objects in their Active Directory databases."

How to detect and recover from a USN rollback in Windows Server 2003
http://support.microsoft.com/?kbid=875495
Exatcly.  As the article say, "Unless the administrator intervenes" which is to say, marks the restore as not authoritative.  Also you could after the clone then apply a seperate backup of the system state.  
CERTIFIED EXPERT
Most Valuable Expert 2019
Most Valuable Expert 2018

Commented:
Note that the sentence you quote starts with "Microsoft does not support".
Will you give focusen a new job if the restore of a cloned DC brings down AD, and he has to explain that he used an unsupported backup method?
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.