Link to home
Start Free TrialLog in
Avatar of exexc
exexc

asked on

Backup / Restore - best practices for a single domain controller?

I would like to deepen my knowledge in backup and recovery strategies. Therefore I did some research and read some articles about backing up and recovering domain controllers, but there are some things I don't fully understand, because most articles assume, that there are at least two domain controllers.

Why does everyone recommend at least two domain controllers? What exactly are the risks of only having one domain controller in a small company, where the time for the restore process is not important compared to the costs of a second server? Will there be real additional risks for the data stored in the Active Directory or is the recommendation only based on the risk of a longer downtime?

Will the problems mentioned by Microsoft (http://technet.microsoft.com/en-us/library/cc535164.aspx), regarding “Restoration of a relative identifier (RID) master can result in corruption of the Active Directory database.” and “Restoration of the schema master (SID) can result in orphaned objects.” will affect a single domain controller or is this only a problem with more than one domain controller? What exactly will cause those problems?

If I want to restore a single domain controller, is there anything to do besides restoring a backup I did with backup software with an online-image-feature? As far as I understand an unauthoritative system state restore won’t provide any additional data and is only useful if the server is still in a working condition and something was damaged or deleted in the active directory. And an authoritative system state restore is not needed for a single domain controller (and should never be needed if you use recommended restore procedures).

Is there anything additional to consider regarding the backup and recovery of a domain controller, if Exchange 2010 is installed on the same server? I know about the Exchange database and logfiles, but will it affect the strategy for backup and recovery of the DC/AD part?
ASKER CERTIFIED SOLUTION
Avatar of Krzysztof Pytko
Krzysztof Pytko
Flag of Poland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of exexc
exexc

ASKER

what if server (hardware) will crash and cannot be repaired? You cannot simply restore System State Backup to different type of hardware
As far as I know, I would have to restore a full image backup in case of a serious hardware defect. With a single domain controller this should be sufficient and there would be no need for an additional system state restore. Am I wrong?

during this restoration time no one can log on into domain and use resources/mail
With a single server they won't be able to use mail/files/resources anyway.

I was hoping to find some good reasons to convince customers to get a second domain controller, even if they don't care about some additional downtime in case of a hardware problem. The best reason I found so far is that it would be problematic if the same hardware isn't available anymore, but I'm not really sure how likely it is, that the image backup won't restore on a slightly changed hardware configuration.
Yes, you're wrong :) The only possible way of restoring AD database is to use System State Backup (and there are also other hardware related options which may cause BSOD on different server)

If client doesn't care about high-avability resources do not bother them to implement redundant devices. Just wait for the first serious crash then they will see how much time it's needed to bring environment to work :)

Krzysztof
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of exexc

ASKER

Yes, you're wrong :) The only possible way of restoring AD database is to use System State Backup
I thought that the system state is only a subset of a full backup? What addiontal or more current information is stored in the system state backup, that is not included in an image of the system volume(s)?

I understand why the system state restore is important if there are other domain controllers for the same domain or if you want to recover deleted items without using a full backup, but I don't find a reason to use it after restoring a single domain controller from a full image backup. Aren't commercial backup products able to backup every important file while the server is Online?

Can you explain this in more detail?
Check what is backed up during System State backup
http://technet.microsoft.com/en-us/library/bb727048.aspx#ERAA

and yes, that's my fault, I wrongly understood Full Image Backup :) you told at the beginning
Yes, of course it's enough to restore server using that image

Sorry once again

Krzysztof
Avatar of exexc

ASKER

Thanks for your answers.
You're welcome :)

Krzysztof