Solved

Windows 2003 Active Directory restore

Posted on 2008-10-30
1
1,351 Views
Last Modified: 2012-05-05
Dear all

I am planning DR plan for my company, which start from domain controller, we have two domain controller in HK, another two in China, i need  to emulate many case , for example , if one of HK domain controller was dead , how can i disaster? all sites are connected with VPN, so if china site domain controller was dead, should i do any transfer role for their client login? and also does windows 2003 AD consist any name primary role? so how can i determine which server is primary?, thanks all for advice
0
Comment
Question by:roland_lei
1 Comment
 
LVL 13

Accepted Solution

by:
brent_caskey earned 500 total points
ID: 22847980
You are starting with a good design to begin with, which includes more than one domain controller in each site. For the instructions that I am giving, I am assuming that these 4 domain controllers are all in the same domain (no child domains).

The first thing that you need to do is backup the servers regularly. I actually prefer NTBackup for domain controllers because the restore process is easier. You should get a full system backup each time you backup including system state and any drives you have on the system.

Once you have the backups, DR is pretty easy. If you haven't done so already, you should have all of your domain controllers as Global Catalog servers (note - assuming only 1 domain). This will allow your clients to login in the event of a single domain controller failure in either site. You should have your domain setup in 2 sites - one HK and one China. This will ensure that the clients are logging into a domain controller that is local to the user.

If you have backups, there should be no reason to transfer FSMO roles to other servers. All you need to do is restore the failed server as soon as possible. The domain can function without any of the FSMO roles online. However, if you are not able to restore the domain controller for an extended amount of time, you should sieze the FSMO roles. However, you will want to avoid seizing the roles if possible because you will have to format and reinstall the failed domain controller from scratch before you will be able to add it back into the domain. You would also have to perform a metadata cleanup to get the domain controllers information out of the domain prior to adding the freshly installed DC.

In the event of a failure of a domain controller, you would need to reload the OS (preferably to the same SP level is was prior to the failure) and then restore using ntbackup.

By using NTBackup, you will also be able to easily restore the domain data in the event of either a NTDS.DIT (AD Database) file corruption or accidental deletion of AD objects through Directory Services Restore Mode. In the event of accidental deletion of objects, you will need to perform and authoritative restore.

The Active Directory Operations Guide has some good guidelines for backing up and restoring AD: http://technet.microsoft.com/en-us/library/cc781707.aspx (see Administering Active Directory Backup and Restore)

Here are some articles for more specifics:
General windows DR tips: http://www.petri.co.il/disaster_recovery.htm
How to perform a disaster recovery restoration of Active Directory on a computer with a different hardware configuration  http://support.microsoft.com/kb/263532
AD DR Webcast: http://support.microsoft.com/kb/325560
How to view and transfer FSMO roles in Windows Server 2003 http://support.microsoft.com/kb/324801/en-us
Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller
http://support.microsoft.com/kb/255504/en-us
How to remove data in Active Directory after an unsuccessful domain controller demotion (METADATA CLEANUP STEPS): http://support.microsoft.com/kb/216498/en-us
Authoritative Restore: http://support.microsoft.com/kb/241594/en-us

If you have any more questions, please feel free to ask. I am sure that I left out some topics.

There are also entire books written on this subject. One that I have read is the following: http://www.amazon.com/Active-Directory-Disaster-Recovery-Florian/dp/1847193277/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1225435608&sr=8-1
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ESXi VM of Server 2003 Saving Slow. 7 60
Office365 DirSync setup questions 4 33
ACTIVE DIRECTORY 18 49
powershell question need assistance 10 32
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question