Domain Controller Restore.

Hi folks,

I have a really qq. We have 2 domain controllers, one virtulised hosting the FSMO roles and the other physical. Let's say the fsmo role holder fails catastophically. If we need to restore, from the backup is it as simple as creating a new VHD which is the same as the previous VHD. Booting from the ISO, choosing repair and selecting the system backup we have? In the interim should we seize the roles to the second domain controller? Or is it ok to leave the FSMO roles in suspend mode on the old domain controller until we restore it?

I know you cant just restore use an earlier copy of the VHD file.

Thanks.
dqnetAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Darius GhassemCommented:
Seize the roles.

I would run metadata cleanup to remove the failed DC.

Rebuild the failed server then re-promote the server.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mike KlineCommented:
What version of Windows.  In Windows 8 you can use snapshots....I know way to early but that is on the horizon.

In this cast I'd seize the FSMO roles, run a metadata cleanup and put up a new DC and promote it again.

Thanks

Mike
0
Brian PiercePhotographerCommented:
If you have two DCs then it can be argued that there is little merit in trying to restore a DC, simply remove the failed DC from AD (2008R2 will automatically do a clean up), then install a new server and DCPROMO it.
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

dqnetAuthor Commented:
Rebuild the failed server then re-promote the server.

Why rebuild? Why not just restore? If that were the case why backup in the first place?
0
Mike KlineCommented:
System state backups would work, I'm just saying the promotion would be easier in my opinion.  If you deleted objects in AD that backup becomes much more useful. (without the AD recycle bin)

Thanks

Mike
0
Brian PiercePhotographerCommented:
If you do a restore, then by definition its out of date - if will have to replicate anyway - so why not save yourself the hassle and re-install.
0
thomasdavisCommented:
If you are restoring using a vmdk file or snapshot then i wouldn't worry about seize fsmo roles because is should be identical but if you have to build the server by creating a new vm then restoring backup files i would seize the roles as "dariusg" suggested.
0
dqnetAuthor Commented:
If you have two DCs then it can be argued that there is little merit in trying to restore a DC, simply remove the failed DC from AD (2008R2 will automatically do a clean up), then install a new server and DCPROMO it.

Same question applies? Why back it up? It doesnt make sense? That way, build 3 DC's if one fails, just seize, same over and over?

p.s. how does windows server cleanup automatically? (yes, 2008 r2) at which point does it automatically cleanup? After you seize the roles?
0
dqnetAuthor Commented:
Snapshots are a serious no-go for domain controllers? So i beleive that is completely out of the question?

What if AD hadn't changed since? I cant seem to understand what is the use of backing up a domain controller anymore? Seize the roles and of we go again?
0
Darius GhassemCommented:
Backup is critical if you have a disaster and/or if all DCs are down.

If one DC fails best way to restore is to re-promote the DC.

You can delete the server from AD this will automatically cleanup metadata.

http://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx
0
Darius GhassemCommented:
Also, if you delete an object for example and OU you can restore the OU with all the contents within the OU. Backups allow object restoration as well
0
dqnetAuthor Commented:
Backup is critical if you have a disaster and/or if all DCs are down.
If one DC fails best way to restore is to re-promote the DC.
You can delete the server from AD this will automatically cleanup metadata.


I really am shocked as to how easy this is... I'll just build 4 domain controllers and keep seize the roles as and when they fail.

p.s. when you rebuild the domain controller it doesnt have to be the same name right? You can change the name and just restore the roles to it after you've finished promoting it?
0
Darius GhassemCommented:
Right really all you are doing is adding another DC to the domain when you rebuild.
0
dqnetAuthor Commented:
Also, if you delete an object for example and OU you can restore the OU with all the contents within the OU. Backups allow object restoration as well

Ya, that one makes perfect sense!

quick n easy! Thanks guys :)
0
thomasdavisCommented:
Why back it up? There are couple reasons I can think of why I back mine up. What if that domain controller is running DHCP, print services or anything else? If its sill being used with IPv4 and reservations are created I know I wouldn't want to rebuild a long list of them.
0
Leon FesterSenior Solutions ArchitectCommented:
Your main question is answered above, but the last question

Same question applies? Why back it up? It doesnt make sense? That way, build 3 DC's if one fails, just seize, same over and over?

What happens if you lose the whole site, worst case scenario a tsunami hits your offices?
How would you get your office operational again?
Rebuild the entire network from scratch? Obviously the assumption is that you have an offsite backup at a reliable location.

What happens if somebody deletes all your AD objects on purpose or by accident?
How would you get those objects back?

N.B. AD Recycle bin in Windows 2008R2 is not a disaster recovery option so your backup is always a safe option.

We could argue that you only need 1 copy of a backup, but I wouldn't risk the chances of the backup failing so rather be safe and backup all your Servers.

The largest installation I worked at was 22000 users and 40+ DC's.
Including lag sites in two different countries. With DR/BCP failover test twice a year.
Even then, we backed up every single one of those DC's. System state and full backups.

It's one of those things you don't "REALLY" need to do, but you will sleep more comfortably at night knowing you've got a backup.
0
dqnetAuthor Commented:
Split best way I thought :)

Fantastic! Thanks guys!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.