exexc
asked on
In-Depth questions about Backup and Restore of domain controllers
I have some questions regarding backing up and restoring domain controllers in a multi domain controller environment:
I read that "Windows Server Backup" is flagging backups of the Active Directory as "backup" to ensure that the invocation id is reset and USN rollback is prevented.
Will this flag be set during backup by the "Active Directory VSS Writer" or during the restore process?
If it is done by the "AD VSS Writer" during the backup process, does this mean that every backup solution that uses the AD-VSS writer will set this flag automatically or does the backup software have to set this flag manually or request the flagging by sending a special command to the "AD VSS Writer"?
A lot of older blog posts by Microsoft MVPs warn from using "image based backup solutions" for domain controllers. Are those recommendations out of date, because current solution use the AD VSS writer in the same way as "Windows Server Backup" does?
If it is done during the restore process, when and how exactly does it happen? Does "Windows Server Backup" set the "Database restored from backup" registry key somehow during restore or is it done in another way?
I read that you have to boot into DSRM mode (F8) and adjust the network settings, if you restore a domain controller to differnt hardware, because booting in normal mode will destory the domain controller beyond repair. What exactly happens if I boot the domain controller on different hardware without booting in DSRM mode? Why does the missing network configuration destroy the domain controller?
ShadowProtect (VSS/image based backup software) recommends to use the option "Restore hidden tracks" for domain controllers. The "hidden tracks" are the sectors between MBR and sector 63. What does a domain controller store in those "hidden tracks"?
100% working backups are a delicate topic, so I really want understand details of that kind, before I can trust a backup solution. Unfortunately I couldn't find in-depth information to those questions with Google. All those questions result from hours of Google research and what I'm looking for are answers and no "quick links" to everything that is already obvious by my questions. ;)
I read that "Windows Server Backup" is flagging backups of the Active Directory as "backup" to ensure that the invocation id is reset and USN rollback is prevented.
Will this flag be set during backup by the "Active Directory VSS Writer" or during the restore process?
If it is done by the "AD VSS Writer" during the backup process, does this mean that every backup solution that uses the AD-VSS writer will set this flag automatically or does the backup software have to set this flag manually or request the flagging by sending a special command to the "AD VSS Writer"?
A lot of older blog posts by Microsoft MVPs warn from using "image based backup solutions" for domain controllers. Are those recommendations out of date, because current solution use the AD VSS writer in the same way as "Windows Server Backup" does?
If it is done during the restore process, when and how exactly does it happen? Does "Windows Server Backup" set the "Database restored from backup" registry key somehow during restore or is it done in another way?
I read that you have to boot into DSRM mode (F8) and adjust the network settings, if you restore a domain controller to differnt hardware, because booting in normal mode will destory the domain controller beyond repair. What exactly happens if I boot the domain controller on different hardware without booting in DSRM mode? Why does the missing network configuration destroy the domain controller?
ShadowProtect (VSS/image based backup software) recommends to use the option "Restore hidden tracks" for domain controllers. The "hidden tracks" are the sectors between MBR and sector 63. What does a domain controller store in those "hidden tracks"?
100% working backups are a delicate topic, so I really want understand details of that kind, before I can trust a backup solution. Unfortunately I couldn't find in-depth information to those questions with Google. All those questions result from hours of Google research and what I'm looking for are answers and no "quick links" to everything that is already obvious by my questions. ;)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Closing question. No-one answered my questions completely, so I will split points.
ASKER