[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Backup AD

Posted on 2012-04-12
9
Medium Priority
?
309 Views
Last Modified: 2012-08-13
Hello Guys,

Soon we plan create a two way trust between our infrastructure and the infrastructure of a new company acquired by our MD.

Our AD servers span across two cities so my question is before creating the trust how should I Backup my AD?

- Do I perform system state backup on each of the 10 DCs or doing it on DC with FSMO roles will be sufficient?
- All our DCs are Windows 2008 R2 so should I take snapshot using ntdsutli?

Please advise because in case things go wrong I know I can simply revoke the trust but just to be on the safe sideI would like to backup our single domain AD.
0
Comment
Question by:fais79
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 9

Expert Comment

by:Geodash
ID: 37838424
Of course always back up the full DC - but to just do an AD backup, look below.

I would make sure all DC's are backuped up, using whatever software you use, before making any major changes.

Backing Up Active Directory and Associated Components

To back up Active Directory and associated components on a domain controller, you can back up only system state or you can back up both system state and the system disk.

http://technet.microsoft.com/en-us/library/bb727048.aspx
0
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37838468
You can backup the main DC's which are hosting FSMO roles.

additional domain controllers can be backup but incase of failure you can always do a metadata cleanup..


http://technet.microsoft.com/en-us/library/cc732238(v=ws.10).aspx
0
 

Author Comment

by:fais79
ID: 37838561
How about the new snapshot of AD method available in Windows 2008 via ntdsutil??  Should this be ok for recovery? And do I snapshot AD on each DC or just FSMO role holder?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 

Author Comment

by:fais79
ID: 37839439
Let's just say if I backup system state on all DCs.. in case I want to restore them back to how they were prior to creating the trust then how would I do that?

I meant would I have to restore authortatively on the FSMO holder DC and let others recieve the changes?

I know how to restore OU's etc authortatively but how would I restore authortatively so that DCs lose the trust info and revert back to their original state

Many thanks guys
0
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37839465
To be frank if the trust is broken you don't have to restore anything. we make and break trust everyday. there is not much requirement for the same.
Even many times we face issue with trust being lost due to the network issues and we just recreacte the trust...
you will not restore Domain controllers just for trust purpose..

And in worst.. if  you hae to restore .. you will restore just the FSMO role server..
0
 

Author Comment

by:fais79
ID: 37839631
Thanks Anu!

I have to think worse case scenrio because we all know things sometimes don't always go to plan when it comes to IT :)

So let me get this right...

Say I want full AD revert back then I would follow these steps:

1. Do a Non-Authortative Restore on FSMO holder
2. Perform Authortative Restore straight after.. (How would I restore so that the trust is goes away)?
3. Would I need to shutdown other DCs before restarting the FSMO holder after restore

Thanks
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37839635
I prefer to backup all DC's vs. metadata cleanup. Some will disagree, I just think it is cleaner.
0
 

Author Comment

by:fais79
ID: 37839655
That is the route I am taking... Is to backup System State of all DCs but struggling to understand the restore process.. Does it mean I will have to restore backed up system state of each DC on itself?
0
 
LVL 9

Accepted Solution

by:
Geodash earned 2000 total points
ID: 37839672
You wont have to do a restore necessarily, even if the trust fails. You can drop and re-add a trust.

Take a look here at the restore process, depending on your domain

http://social.technet.microsoft.com/Forums/eu/winserverDS/thread/edda25e3-9102-4fae-9843-a0e9d040139f
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question