infopeer
asked on
What is the perfect Backup policy for Domain
We have a WIndows AD domain server.
I would like to know the perfect backup solution ...about what needs to be backed up and when.ie; duration.
In case of Failure how to recover...
Please give me info for windows 2000,windows 2003 and windows 2008
I would like to know the perfect backup solution ...about what needs to be backed up and when.ie; duration.
In case of Failure how to recover...
Please give me info for windows 2000,windows 2003 and windows 2008
Doesn't matter which DC you want to backup, it's always good to have a recent backup os System State. Do it regularly for each DC and you will be secured in case that any of your DC would crash. As AD database content changes everyday, I would suggest to do System State backup daily and store it for 60 days (default Tombstone lifetime). After that time backup is useless because Tombstone lifetime was reached and object(s) cannot be restored.
System State backup allows you also to restore deleted object from a domain. For that you need to perfomr authoritative restore. Check this MS article at
http://support.microsoft.com/kb/241594
http://technet.microsoft.com/en-us/library/cc779573%28WS.10%29.aspx
or visit Sandesh blog and see his article at
http://sandeshdubey.wordpress.com/2011/10/09/authoritative-non-authoritative-restore-in-windows2008/
Regards,
Krzysztof
System State backup allows you also to restore deleted object from a domain. For that you need to perfomr authoritative restore. Check this MS article at
http://support.microsoft.com/kb/241594
http://technet.microsoft.com/en-us/library/cc779573%28WS.10%29.aspx
or visit Sandesh blog and see his article at
http://sandeshdubey.wordpress.com/2011/10/09/authoritative-non-authoritative-restore-in-windows2008/
Regards,
Krzysztof
ASKER
WHat happens if the backup is older than 60 dayys and I try to restore?
I see, I missed one more line in my previous comment :)
You can also use free tool called ADRESTORE to restore deleted object (but only when tombstone lifetime didn't expire) When it expired, you need to use the recent System State backup to restore the object.
ADRESTORE can be downloaded from
http://technet.microsoft.com/en-us/sysinternals/bb963906
according to your question, when tombstone lifetime expires then AD permanenty removes object from its database. For couple of deleted object you are able to restore that authoritatively and they will exist. But when you restore tombstone lifetime expired domain controller, you would have a lot of lingering objects and problem with AD replication
Krzysztof
You can also use free tool called ADRESTORE to restore deleted object (but only when tombstone lifetime didn't expire) When it expired, you need to use the recent System State backup to restore the object.
ADRESTORE can be downloaded from
http://technet.microsoft.com/en-us/sysinternals/bb963906
according to your question, when tombstone lifetime expires then AD permanenty removes object from its database. For couple of deleted object you are able to restore that authoritatively and they will exist. But when you restore tombstone lifetime expired domain controller, you would have a lot of lingering objects and problem with AD replication
Krzysztof
We use a product called Nordic backup, it automates the process of backups. We back up the data stored on the server on a daily basis, including our SQL databases, then I have it set to once a month do a system state backup to an external hard drive only. This way I'm not using the space on the backup server and paying for it, but I have a system state that is never more than 30 days old.
If we have a lot of changes, for instance a lot of new members added to the domain, then I can do a manual system state backup at that time. AFter backing up to the external, I just remove it and put it in the fire safe.
If we have a lot of changes, for instance a lot of new members added to the domain, then I can do a manual system state backup at that time. AFter backing up to the external, I just remove it and put it in the fire safe.
ASKER
isiek Are you saying restoring a file larger than tombstone doesnt have any issues except Deleted objects restoration and replication??
ASKER
Guys I'm not asking for softwares..>I'm asking what to backup for safe restoration?
When tombstone lifetime expires, then you cannot restore an object from AD database because is deleted permanently by garbage trash collector. Then you have to perform "Authoritative restore" from a backup. But if your DC will fail and its tombstone lifetime expires, you cannot restore it from that backup because other DCs don't know anything about it anymore. When you still want to restore that DC and you do that, many lingering objects will show in your domain and that "wrongly" restored DC may causes issues with AD replication within your network.
So, this is very important for Domain Controller restoration then it does matter if tombstone lifetime has expired. For other objects there is no problem but when you restore user from 60 days old backup probably its group membership will be not up-to-date :) and many other attributes
Krzysztof
So, this is very important for Domain Controller restoration then it does matter if tombstone lifetime has expired. For other objects there is no problem but when you restore user from 60 days old backup probably its group membership will be not up-to-date :) and many other attributes
Krzysztof
ASKER
Other than system state or there any other things to backup?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks
You're welcome :)
Krzysztof
Krzysztof
http://www.symantec.com/business/backup-exec-for-windows-servers
As most of the organization uses this product for backup and recovery.