[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 737
  • Last Modified:

Disaster Recovery for a domain controller, PDC or BDC? What is the best way.

What is the best way to back up (Files and Folders) a Domain controller?  I want to be prepared in case our BDC or PDC (Backup or Primary Domain Controller goes down for whatever reason).
3 Solutions

You can backup any DC (PDC or BDC). If your PDC goes down you can promote one of your BDCs to PDC. In a few words, save as you prefer, but... save ALL your system, and preference for a real backup software like Veritas or ARC.
OK lets get the terminology right - unless you are running WindowsNT you don't have a PDC and certainly do not have a BDC. Since windows 2000 Active Directory has used a multi-master database with multiple writeable copies that all replicate with each other. There is no BDC. There is however a single master role called a PDC emulator, but no PDC in the true sense.

OK now that's yout of the way - you have already gone someway to protecting your system bay having multiple Domain Controllers. If you want full resilliance - so that users can continue to use the domain if one DC fails then you can proceed as follows:-

Firstly make sure that both DCs are also DNS servers - preferably AD integrated DNS

Make sure that both DCs are configured as a Global Catalogue Servers and (if it is being used) DHCP installed. If DHCP is set up them you must make sure both DHCP Servers are set up with appropriate scopes and not giving duplicate addresses.

You also need to make sure that clients have the address on one DC as the Preferred DNS Server and the other as the Alternate DNS Server then they will query the second DNS Server automatically if the first one is off-line.

If you are planning a long term shutdown of the first DC then you should transfer the FSMO roles to the other DC. The transfer is a clean option to move the roles. http://www.petri.co.il/transferring_fsmo_roles.htm

Only if a DC goes down unexpectedly you should seize the roles as this is an 'unclean' process which may result in some data loss. http://www.petri.co.il/seizing_fsmo_roles.htm

Having two copies of Active Directory is of course an insurance in itself - you can lose one and still have the other intact - install another DC and you're back to normal - no complex procedures involved.

Of course that's not the same as having a good backup and is no substitute. You need to backup servers and data on a regular basis. The windows backup tool is a quite underrated tool and can be very effective, especially if you make regular system state and ASR backups as well.

Some people prefer third party tools like Veritas which amy offer more features. ehat ever you use, have a routine in place.

Increasingly popular is Acronis True Image, the server version of which can not only do traditional file backups but also full image backups but can also do bare metal restores to different hardware - very impressive http://www.acronis.com/promo/ATIES/backup-server-002.html?source=googleATIS&keyword=true+image+server&s_scid=true%20image%20server|693384917&gclid=COO6yomi9o4CFQSDEAodp2pELg

Whichever methods you use verify and test the backups by doing a restore (to annother machine) on a regular basis - its no good waiting to you need a backup to find its hansn't worked.
Bradley HaynesCommented:
You can also follow Microsoft's guidelines:

True DRP requires off site backup and restoration capabilities. There are online BKUP products out here.
I don't know if it is appropriate to offer my companies solutions here, so I will err on the side of caution.

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now