Active directory DR

shadow2007
shadow2007 used Ask the Experts™
on
can someone give me a brief overview on which method of DR to use in what scenario ?
http://technet.microsoft.com/en-us/library/bb727048.aspx

it doesnt look very clear as to which option is right when performing DR (Non-authoritative vs authoritative ..and so on)

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
In a way this depends on what you're doing for a DR solution.

Basically.. If all the domain controllers are permanently gone you'll want the authoritative restore.

Author

Commented:
ok this is the scenario
forest -> child
and if I were to rebuild the child DC from scratch


An non-autoritative restore is used when you want to restore active directory after data loss or corruption. For example, say that one of your servers crash and you cannot bring it back online. in this case you would reinstall the operating system and restore the system state that you backed up by doing an non-autoritative restore using ntbackup or windows server backup.

A authoritative restore is used usually when you made a mistake or a "oops" I didnt mean to do that.   For example, say you deleted a organizational unit on one of domain controllers. that modify operation will replicate to other domain controllers because it is an authoritative change.  You can use an authoritative restore to restore a leaf object or a subtree. Normally you do not use an authoritative restore to restore the entire active directory.
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!


you dont ever do an authoritative restor unless you have no other option. this is a major operation and you should seek guidance from a microsoft support professional or field engineer.
Top Expert 2011

Commented:
You would normally do the above procedure to restore any deleted objects.  However when it comes to DR with a DC I usually put a lag DC in place which will be 24hrs behind.  If you do run into any issues with your live AD you know the changes has not yet replicated to the lag DC. The only issue with this is when it is replicated then its no longer behind.
Top Expert 2013

Commented:
One nice thing is that with the recycle bin in 2008 R2 an authoritative restore is almost never needed.

Not sure if you have seen this guide from Gil and Guido

http://www.gilkirkpatrick.com/Blog/file.axd?file=NetPro_ADDR_Guide.pdf

...probably the best DR I've read.

Thanks

Mike

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial