Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Domain Controller Restore.

Posted on 2012-03-13
17
Medium Priority
?
517 Views
Last Modified: 2012-03-18
Hi folks,

I have a really qq. We have 2 domain controllers, one virtulised hosting the FSMO roles and the other physical. Let's say the fsmo role holder fails catastophically. If we need to restore, from the backup is it as simple as creating a new VHD which is the same as the previous VHD. Booting from the ISO, choosing repair and selecting the system backup we have? In the interim should we seize the roles to the second domain controller? Or is it ok to leave the FSMO roles in suspend mode on the old domain controller until we restore it?

I know you cant just restore use an earlier copy of the VHD file.

Thanks.
0
Comment
Question by:dqnet
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 2
  • +3
17 Comments
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 1200 total points
ID: 37716538
Seize the roles.

I would run metadata cleanup to remove the failed DC.

Rebuild the failed server then re-promote the server.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37716555
What version of Windows.  In Windows 8 you can use snapshots....I know way to early but that is on the horizon.

In this cast I'd seize the FSMO roles, run a metadata cleanup and put up a new DC and promote it again.

Thanks

Mike
0
 
LVL 70

Expert Comment

by:KCTS
ID: 37716557
If you have two DCs then it can be argued that there is little merit in trying to restore a DC, simply remove the failed DC from AD (2008R2 will automatically do a clean up), then install a new server and DCPROMO it.
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 

Author Comment

by:dqnet
ID: 37716558
Rebuild the failed server then re-promote the server.

Why rebuild? Why not just restore? If that were the case why backup in the first place?
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 400 total points
ID: 37716576
System state backups would work, I'm just saying the promotion would be easier in my opinion.  If you deleted objects in AD that backup becomes much more useful. (without the AD recycle bin)

Thanks

Mike
0
 
LVL 70

Expert Comment

by:KCTS
ID: 37716577
If you do a restore, then by definition its out of date - if will have to replicate anyway - so why not save yourself the hassle and re-install.
0
 
LVL 8

Expert Comment

by:thomasdavis
ID: 37716579
If you are restoring using a vmdk file or snapshot then i wouldn't worry about seize fsmo roles because is should be identical but if you have to build the server by creating a new vm then restoring backup files i would seize the roles as "dariusg" suggested.
0
 

Author Comment

by:dqnet
ID: 37716587
If you have two DCs then it can be argued that there is little merit in trying to restore a DC, simply remove the failed DC from AD (2008R2 will automatically do a clean up), then install a new server and DCPROMO it.

Same question applies? Why back it up? It doesnt make sense? That way, build 3 DC's if one fails, just seize, same over and over?

p.s. how does windows server cleanup automatically? (yes, 2008 r2) at which point does it automatically cleanup? After you seize the roles?
0
 

Author Comment

by:dqnet
ID: 37716599
Snapshots are a serious no-go for domain controllers? So i beleive that is completely out of the question?

What if AD hadn't changed since? I cant seem to understand what is the use of backing up a domain controller anymore? Seize the roles and of we go again?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 37716609
Backup is critical if you have a disaster and/or if all DCs are down.

If one DC fails best way to restore is to re-promote the DC.

You can delete the server from AD this will automatically cleanup metadata.

http://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 37716620
Also, if you delete an object for example and OU you can restore the OU with all the contents within the OU. Backups allow object restoration as well
0
 

Author Comment

by:dqnet
ID: 37716637
Backup is critical if you have a disaster and/or if all DCs are down.
If one DC fails best way to restore is to re-promote the DC.
You can delete the server from AD this will automatically cleanup metadata.


I really am shocked as to how easy this is... I'll just build 4 domain controllers and keep seize the roles as and when they fail.

p.s. when you rebuild the domain controller it doesnt have to be the same name right? You can change the name and just restore the roles to it after you've finished promoting it?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 37716648
Right really all you are doing is adding another DC to the domain when you rebuild.
0
 

Assisted Solution

by:dqnet
dqnet earned 0 total points
ID: 37716649
Also, if you delete an object for example and OU you can restore the OU with all the contents within the OU. Backups allow object restoration as well

Ya, that one makes perfect sense!

quick n easy! Thanks guys :)
0
 
LVL 8

Assisted Solution

by:thomasdavis
thomasdavis earned 400 total points
ID: 37716657
Why back it up? There are couple reasons I can think of why I back mine up. What if that domain controller is running DHCP, print services or anything else? If its sill being used with IPv4 and reservations are created I know I wouldn't want to rebuild a long list of them.
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 37716692
Your main question is answered above, but the last question

Same question applies? Why back it up? It doesnt make sense? That way, build 3 DC's if one fails, just seize, same over and over?

What happens if you lose the whole site, worst case scenario a tsunami hits your offices?
How would you get your office operational again?
Rebuild the entire network from scratch? Obviously the assumption is that you have an offsite backup at a reliable location.

What happens if somebody deletes all your AD objects on purpose or by accident?
How would you get those objects back?

N.B. AD Recycle bin in Windows 2008R2 is not a disaster recovery option so your backup is always a safe option.

We could argue that you only need 1 copy of a backup, but I wouldn't risk the chances of the backup failing so rather be safe and backup all your Servers.

The largest installation I worked at was 22000 users and 40+ DC's.
Including lag sites in two different countries. With DR/BCP failover test twice a year.
Even then, we backed up every single one of those DC's. System state and full backups.

It's one of those things you don't "REALLY" need to do, but you will sleep more comfortably at night knowing you've got a backup.
0
 

Author Closing Comment

by:dqnet
ID: 37734394
Split best way I thought :)

Fantastic! Thanks guys!
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question