exexc
asked on
Backup / Restore - best practices for a single domain controller?
I would like to deepen my knowledge in backup and recovery strategies. Therefore I did some research and read some articles about backing up and recovering domain controllers, but there are some things I don't fully understand, because most articles assume, that there are at least two domain controllers.
Why does everyone recommend at least two domain controllers? What exactly are the risks of only having one domain controller in a small company, where the time for the restore process is not important compared to the costs of a second server? Will there be real additional risks for the data stored in the Active Directory or is the recommendation only based on the risk of a longer downtime?
Will the problems mentioned by Microsoft (http://technet.microsoft.com/en-us/library/cc535164.aspx), regarding “Restoration of a relative identifier (RID) master can result in corruption of the Active Directory database.” and “Restoration of the schema master (SID) can result in orphaned objects.” will affect a single domain controller or is this only a problem with more than one domain controller? What exactly will cause those problems?
If I want to restore a single domain controller, is there anything to do besides restoring a backup I did with backup software with an online-image-feature? As far as I understand an unauthoritative system state restore won’t provide any additional data and is only useful if the server is still in a working condition and something was damaged or deleted in the active directory. And an authoritative system state restore is not needed for a single domain controller (and should never be needed if you use recommended restore procedures).
Is there anything additional to consider regarding the backup and recovery of a domain controller, if Exchange 2010 is installed on the same server? I know about the Exchange database and logfiles, but will it affect the strategy for backup and recovery of the DC/AD part?
Why does everyone recommend at least two domain controllers? What exactly are the risks of only having one domain controller in a small company, where the time for the restore process is not important compared to the costs of a second server? Will there be real additional risks for the data stored in the Active Directory or is the recommendation only based on the risk of a longer downtime?
Will the problems mentioned by Microsoft (http://technet.microsoft.com/en-us/library/cc535164.aspx), regarding “Restoration of a relative identifier (RID) master can result in corruption of the Active Directory database.” and “Restoration of the schema master (SID) can result in orphaned objects.” will affect a single domain controller or is this only a problem with more than one domain controller? What exactly will cause those problems?
If I want to restore a single domain controller, is there anything to do besides restoring a backup I did with backup software with an online-image-feature? As far as I understand an unauthoritative system state restore won’t provide any additional data and is only useful if the server is still in a working condition and something was damaged or deleted in the active directory. And an authoritative system state restore is not needed for a single domain controller (and should never be needed if you use recommended restore procedures).
Is there anything additional to consider regarding the backup and recovery of a domain controller, if Exchange 2010 is installed on the same server? I know about the Exchange database and logfiles, but will it affect the strategy for backup and recovery of the DC/AD part?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes, you're wrong :) The only possible way of restoring AD database is to use System State Backup (and there are also other hardware related options which may cause BSOD on different server)
If client doesn't care about high-avability resources do not bother them to implement redundant devices. Just wait for the first serious crash then they will see how much time it's needed to bring environment to work :)
Krzysztof
If client doesn't care about high-avability resources do not bother them to implement redundant devices. Just wait for the first serious crash then they will see how much time it's needed to bring environment to work :)
Krzysztof
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes, you're wrong :) The only possible way of restoring AD database is to use System State BackupI thought that the system state is only a subset of a full backup? What addiontal or more current information is stored in the system state backup, that is not included in an image of the system volume(s)?
I understand why the system state restore is important if there are other domain controllers for the same domain or if you want to recover deleted items without using a full backup, but I don't find a reason to use it after restoring a single domain controller from a full image backup. Aren't commercial backup products able to backup every important file while the server is Online?
Can you explain this in more detail?
Check what is backed up during System State backup
http://technet.microsoft.com/en-us/library/bb727048.aspx#ERAA
and yes, that's my fault, I wrongly understood Full Image Backup :) you told at the beginning
Yes, of course it's enough to restore server using that image
Sorry once again
Krzysztof
http://technet.microsoft.com/en-us/library/bb727048.aspx#ERAA
and yes, that's my fault, I wrongly understood Full Image Backup :) you told at the beginning
Yes, of course it's enough to restore server using that image
Sorry once again
Krzysztof
ASKER
Thanks for your answers.
You're welcome :)
Krzysztof
Krzysztof
ASKER
With a single server they won't be able to use mail/files/resources anyway.
I was hoping to find some good reasons to convince customers to get a second domain controller, even if they don't care about some additional downtime in case of a hardware problem. The best reason I found so far is that it would be problematic if the same hardware isn't available anymore, but I'm not really sure how likely it is, that the image backup won't restore on a slightly changed hardware configuration.