[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 410
  • Last Modified:

Restoring Active Directory to Dissimilar Hardware

I am trying to get a working procedure for quick recovery of a windows server 2003 domain controller to other hardware for disaster recovery purposes using imaging. The point I am stuck at is restoring the system state and getting replication working correctly.

Further info:
I've been testing using Acronis imaging software to take an image of the live server system disk and putting this image on the test server - this works well and boots without any issues due to the hardware being the same make and model as the live box.

My next step was to setup another test server with an image from our second site so I end up with a lab setup which replicates the live setup - two domain controllers replicating AD to each other and correctly in sync.

If I then take an image of test server 1 and also backup the system state, then make AD changes and let them replicate, I can successfully restore test server 1 using the test server 1 image and boot into directory services restore mode and restore the system state from the test server 1 backup (non-authoritative) - boot normally and the test servers happily start replicating correctly and AD changes made after the test image are pushed over from test server 2 to test server 1.

If I start the test again putting a live image onto test server 1 and restore a backup of system state in DSRM taken from the live server, replication does not work - repadmin /showrepl gives me "error 8456 (0x2108) :Can't retrieve message string 8456 (0x2108), error 1815".

This article http://technet.microsoft.com/en-gb/library/cc961934.aspx tells me "It is possible to restore Active Directory to a computer other than the original computer, both computers must have the same number of disk drives. Also, if the replacement domain controller has a different video adapter or multiple network adapters, uninstall them before you restore data. When you restart the computer; Plug and Play functionality makes the appropriate updates."

What I'm unsure about is what is meant by "the same number of disk drives", does this mean physical or virtual - my live server has raid 1 (two disks) for the system disk which I image onto test server raid 1 (also two disks). Both server also have another drive D: but this is raid 5 (three disks) on the live server and raid 1 (two disks) on the test server. Also, the live server is hosting some iSCSI disks (SAN) which were not connected when performing the tests.

The test server does have "multiple network adapters" but the same number and models as the live server, although all adapters do lose their settings after the image restore from live to test.

I know I could use dcpromo after restoring the test server, but I used this method before and ran into quite a few issues due to the server also being CA, SQL Sharepoint etc (2 hours on phone with MS).

Seems I'm not far off a working procedure - Any help with this would be appreciated.

Thanks.
0
DAVEBE
Asked:
DAVEBE
  • 5
  • 2
  • 2
  • +1
2 Solutions
 
RediersCommented:
Hello,

Why don't you migrate your original DC to a Hyper-v platform.
Then you don't have any limitation related to HW when you need to restore.
Just get a new server install hyper-v and import the most up to date VHD you have backed up...
0
 
DAVEBEAuthor Commented:
Hi Rediers
Yes, virtualising the DC is one option I've been thinking of, but in my situation it would have to be in addition to the existing server due to the other roles/functions it is performing - so I  would be moving just the DC function off my existing server to a VM which would also mean I have less eggs in one basket. My concern here is cost though.
Thanks for the comment.
0
 
RediersCommented:
Why would you need to split out the other functions.
Virtualisation no longer has a high overhead. It might need a bit more RAM.
So if the server is now able to run fine on the hardware it will also run fine in a virtual environment.
Unless you really have software or roles/functions that cannot run in a virtual environment.

And Hyper-V is free...

You take your test box... put Hyper-v on it.
THen migrate the operational server to Hyper-v...
While it's running there you put hyper-v on the original machine.
And when you have that running... you migrate the virtual server over to your original machine.

And all you need for disaster recovery is a new machine which runs hyper-v and a copy of the vhd and the config file.

you can even convert the data disks to VHD or keep them connecting to phisical disks...

So from a cost perspective i don't see an issue.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
DAVEBEAuthor Commented:
My main reasoning behind splitting the functions is that it would be less trouble in the future if my DC is not also running certificate authority (which has to be removed for dcpromo), SQL server, file server, IIS, exchange server. In this case I would have the cost of server licensing.

Also I already have a VM host running some virtual servers so was thinking about using that to transfer the existing DC to but was concerned about transferring the additional workload over and having the issue of having to add more network adapters for the iscsi connections to my SAN. I understand what your saying about utilizing my existing test/DR server for a new VM but then I would have to buy a new one to replace it.
0
 
DAVEBEAuthor Commented:
Any help on this issue would be greatly appreciated.
0
 
shahzoorCommented:
Did you try Universal Restore feature of Acronis.
Its exactly what you are looking for. Universal restore helps you restoring the image of a server to any workstation and it works perfectly fine. I have testing restoring image of a windows server 200 with oracle to a regular workstation and it worked :)
0
 
DAVEBEAuthor Commented:
Thanks for the comment
The image restores fine as it's the same make and model. It's after the system state is restored from the live server to the restored image on the standby server that I have issues with replication (see original question).
0
 
fireandsaltCommented:
Did you get this answered?  I think you are seeing the effects of a USN rollback. Check out this technet article: http://support.microsoft.com/kb/875495.  Also try looking over  http://support.microsoft.com/kb/2023007 for information relating to the error you are receiving. The problem you are getting is that the info in the image's AD database is marked with outdated USNs, and therefore causing a conflict with the DC you are attempting to replicate from.

As to the drive question, it is the physical number of drives that the article is talking about.
0
 
DAVEBEAuthor Commented:
I gave up on this due to lack of time, but I was using a restore procedure which avoids the USN rollback issue - this procedure works when restoring to the same server ( I can successfully restore from an image a few weeks old and get replication working correctly), it was when I was restoring to non-identical hardware that I ran into the issue.

Thanks for the info on the drives, the number of drives that make up the system disk (the disk image being restored) is identical, but the total number of drives on the server is not identical to the original, maybe that is my problem.
0
 
fireandsaltCommented:
OK, well if you have further questions please feel free to ask.
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

  • 5
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now