jeff1946
asked on
Do Shadow Copies Fully Back Up the Registry and AD Database?
Does a shadow copy of a Windows 2003 Domain Controller's %SystemDrive% capture the Registry, AD database, and all other volatile system data structures completely and consistently such that if the shadow copy is copied to another volume it can boot and run a clone of the the original server?
That is, can I use vshadow.exe alone for backing up a Domain Controller, or do I need to use NTBackup (or some other commercial backup product like BE) to capture the "System State" info in a complete, consistent form?
I am specifically asking about a "pure" Windows Server 2003 Domain Controller, without any complications involving SQL Server, Exchange, or other applications.
Thanks for your help!
That is, can I use vshadow.exe alone for backing up a Domain Controller, or do I need to use NTBackup (or some other commercial backup product like BE) to capture the "System State" info in a complete, consistent form?
I am specifically asking about a "pure" Windows Server 2003 Domain Controller, without any complications involving SQL Server, Exchange, or other applications.
Thanks for your help!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you both for your quick responses.
I didn't specify the question precisely enough, and kevinhsieh got the wrong idea. To clarify: if S: is the shadow copy of my system disk, then I want to back up the snapshot it represents to another volume T: (which is not a shadow copy) using something like robocopy as follows: robocopy /mir /copyall S: T:
Now if my system disk (C:) fails, can I restore it from T: (robocopy /mir /copyall T: C:) and boot back to the point in time when the shadow copy was created? I'm really just asking whether the Registry, AD, etc. system state is captured by the shadow copy. Under normal runtime conditions the system state on disk is not necessarily consistent with the system state in memory, so the key question is whether the shadow copy operation invokes writers to force an update the on-disk system state. The document cited by fishadr seems to say yes, on. p. 5 under "Shadow Copy Creation".
But at the risk of belaboring the point, the scenarios in the document specifically refer to high end SAN hardware configurations with 3rd party VSS providers and Win2K3 Enterprise and Datacenter Editions. Can anyone confirm that the same shadow copy backup/restore approach will work with my Win2K3 Standard Edition and directly attached storage?
I didn't specify the question precisely enough, and kevinhsieh got the wrong idea. To clarify: if S: is the shadow copy of my system disk, then I want to back up the snapshot it represents to another volume T: (which is not a shadow copy) using something like robocopy as follows: robocopy /mir /copyall S: T:
Now if my system disk (C:) fails, can I restore it from T: (robocopy /mir /copyall T: C:) and boot back to the point in time when the shadow copy was created? I'm really just asking whether the Registry, AD, etc. system state is captured by the shadow copy. Under normal runtime conditions the system state on disk is not necessarily consistent with the system state in memory, so the key question is whether the shadow copy operation invokes writers to force an update the on-disk system state. The document cited by fishadr seems to say yes, on. p. 5 under "Shadow Copy Creation".
But at the risk of belaboring the point, the scenarios in the document specifically refer to high end SAN hardware configurations with 3rd party VSS providers and Win2K3 Enterprise and Datacenter Editions. Can anyone confirm that the same shadow copy backup/restore approach will work with my Win2K3 Standard Edition and directly attached storage?
No standard shadow copy will not allow you to restore your AD environment.
If you want to back up AD then you need to run a system state backup. You can do this to file and then shadow copy this to another server and then restore the system state from there:
http://technet.microsoft.com/en-us/library/cc787254.aspx
If you want to back up AD then you need to run a system state backup. You can do this to file and then shadow copy this to another server and then restore the system state from there:
http://technet.microsoft.com/en-us/library/cc787254.aspx
The document provides a quick way to recover your DC (including AD) from a shadow copy - This is because the whole disks and volumes are on the SAN. You therefore virutall disconnect the faulty volumes and re-attach the SAN Shadow copies.
If you are not running this type of environment then you will not be able to recover the AD (system state) unless your restore via Directory Restore Mode.
The W2k3 Standard version is designed for network shares (users shared data).
If you are not running this type of environment then you will not be able to recover the AD (system state) unless your restore via Directory Restore Mode.
The W2k3 Standard version is designed for network shares (users shared data).
ASKER
Thanks for your additional comments, fishadr.
But please understand that I'm not suggesting to use the shadow copy to recover only the system state, I'm talking about recovering the whole system. The robocopy restore (robocopy /mir /copyall T: C:) would wipe out anything on C: and replace it with the entire contents of T: Think of this as a disk cloning procedure. And just to simplify further, assume that C: is the only volume on the DC.
But please understand that I'm not suggesting to use the shadow copy to recover only the system state, I'm talking about recovering the whole system. The robocopy restore (robocopy /mir /copyall T: C:) would wipe out anything on C: and replace it with the entire contents of T: Think of this as a disk cloning procedure. And just to simplify further, assume that C: is the only volume on the DC.
You would probably be able to get it working in one way or another but as to how reliable this would be I am not sure.
Whenever I have implemented backing up a DC I have backed up the system state on a nightly basis and then backed this up to tape. Then to recover just restored the server from tape and then the system state and let replication update the server, it is pretty quick.
The only time it would not be quick is if you have a very large AD NTDS.DIT file, in which case you would have multiple DC's (so restoring the server would not be urgent) and it would take a while to restore the system state and replicate the changes back. But not much more than replicating back from robocopy. Which is why the recomendation is to use VSS to SAN then recover the OS (and AD) by switching the LUN's - This is the quickest recommended solution from Microsoft.
It is a good question that you ask but I am not sure what benefits you are going to achieve, if it will be any faster and how reliable it would be. You only need a slight corruption in the AD and the server will be in a real mess.
Whenever I have implemented backing up a DC I have backed up the system state on a nightly basis and then backed this up to tape. Then to recover just restored the server from tape and then the system state and let replication update the server, it is pretty quick.
The only time it would not be quick is if you have a very large AD NTDS.DIT file, in which case you would have multiple DC's (so restoring the server would not be urgent) and it would take a while to restore the system state and replicate the changes back. But not much more than replicating back from robocopy. Which is why the recomendation is to use VSS to SAN then recover the OS (and AD) by switching the LUN's - This is the quickest recommended solution from Microsoft.
It is a good question that you ask but I am not sure what benefits you are going to achieve, if it will be any faster and how reliable it would be. You only need a slight corruption in the AD and the server will be in a real mess.
ASKER
The system is nagging me to close this question, so I will give the credit to fishadr. I found the document he referred me to especially useful. With the help of the info in that document, I am working toward a lab test of whether a shadow copy of the DC will be a functional clone. Stay tuned....
Shadow copies require the original volume to be intact in order to perform the restore. The shadow copy only records the differences in the data structure, not the entire data set itself. If you lose the original volume, the shadow copies are useless, even if you store them on another volume.