?
Solved

Backup, Restore Win2K8 Active Directory Using Only Windows Backup (on Different Server)

Posted on 2012-09-10
16
Medium Priority
?
1,451 Views
Last Modified: 2012-09-14
Is there some way to use the native Windows Server 2008 R2 - Windows Backup program to make a backup of the entire Win2K8 server machine including the System State, and then restore that System State - including Active Directory and all associated users, groups, etc... - to another, clean Windows Server 2008 R2 installation on a different machine (i.e. with dissimilar hardware, drivers, etc..)  ? And, if so, what are the steps to accomplish that ? Does one have to boot to the F8 menu and choose Active Directory Authoritative Restore, or boot to the Win2K8 disk, or follow some other steps to initiate the restore ?

TIA,

ew
0
Comment
Question by:LGroup1
  • 7
  • 7
  • 2
16 Comments
 
LVL 97

Expert Comment

by:Lee W, MVP
ID: 38383716
Never tried it and doubt I ever would... too many other, better ways to do it.  If you could explain why you need to do this, I'll try to give you an appropriate method or two.
0
 
LVL 45

Expert Comment

by:Amit
ID: 38383774
I agree to leew, don't ever try that out. You can only use it in test lab not in production. Better add one more ADC. That is enough.
0
 

Author Comment

by:LGroup1
ID: 38383896
Working from a location that is prone to hurricanes we were thinking in DR terms of if there was ever a need for this site to restore the entire LAN (hardware and software) at a remote location and in a short period of time - and the only thing available was a the most recent backup tape(s), which may work if there was a server available with the exact same hardware, RAID array, etc... but may likely not work as well if the only server available is of dissimilar hardware...

ew
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 45

Expert Comment

by:Amit
ID: 38383914
DR is different activity. It is used for validating the restore process. It is advisable to have multiple DC's. Atleast 2-3. It is very rare that all will fail at same time.
0
 

Author Comment

by:LGroup1
ID: 38383959
Yes, multiple DCs is always advisable for redundancy and fault tolerance. This will help in the event a single server fails due to a failed RAID array, failed power supply, misconfiguration, etc...  

But in addition to that we are reasearching the options for a location or site for a particular organization that in the event of a major disaster, such as a CAT 4 hurriance that destroys the entire building, to allow this organization to restore the entire LAN, including Active Directory Users  & Groups, at a remote location, on short notice, and without advanced planning on what type of hardware the AD will be restored to or where the location is - all in a relatively short period of time, and as mentioned without much pre-planning other than having the regular nightly backup tape(s)...

ew
0
 
LVL 45

Expert Comment

by:Amit
ID: 38384110
0
 
LVL 45

Assisted Solution

by:Amit
Amit earned 448 total points
ID: 38384166
0
 
LVL 97

Accepted Solution

by:
Lee W, MVP earned 452 total points
ID: 38384173
I strongly recommend if your purpose is disaster recovery and similar, then first, you should be using Virtualization.  The problems you could face attempting to restore AD to a different physical server are unimaginable - literally - I can't begin to imagine the mess that that would create.  You COULD use a tool like UTools UMove to recover the AD from one site to another, but really, the best solution is a redundant network.  Using Hyper-V in Server 2012, you can REPLICATE in entirety all VMs from one site to another with about 5 minutes of potential data loss AT WORST.  Further, even if you didn't want to use Hyper-V Replica in Server 2012, you by using VMs you can simply shut down the host and make copies of the VMs (WARNING - NEVER, EVER make a copy of a DC as introducing an old copy of a DC into the network could DESTROY your Active Directory and force a recovery only as recent as the copy (assuming you still have a backup of that).  Depending on what you use in the environment, Microsoft technologies are extensive but like ALL DR options, potentially expensive depending on how much flexibility you need in your recovery and how tolerant you are for your data loss.  

Hyper-V Replica is otherwise free and using Virtualization is arguably the cheapest way to go.

Otherwise, you could use multi-DCs with DFS-R to replicate data.  If you use Exchange, you can set up a DAG - Database Availability Group.  And other technologies offer other options.  But doing what your original question wanted is unwise at best.
0
 

Author Comment

by:LGroup1
ID: 38384181
That is good info, but we were more interested in having the ability to restore an AD from scratch (and only from backup tapes) at an unplanned and originally unknown location whereas if I am understanding this correctly it seems to detail having mutiple site locations already in place and just having the AD roll or focus on one existing site in particular for logon purposes.

For example, if there is a small organization with, say 100-150 users in a single office that is located in a hurricane-prone area (e.g. New Orleans). This smaller organization just has one domain and one basic forest with, say, two HP servers running Windows Server 2008 r2 functioning as their domain controllers and, say 150 HP client PCs at this one location.

They run nightly backups (i.e. Windows native backups, and/or third party vendor backups).  A hurricane or flood hits and wipes-out their entire office including servers, switches, cables, desktop PCs etc... and the only thing they have remaining is the nightly backup tapes that were stored offsite. Following the storm or flood they have an opportunity to setup shop at a rental office space in neighboring Mississippi with some older Dell servers and some old client PCs that were left behind by an old business associate.  The client PCs only need to connect to the domain so that is pretty straight forward.   But how can or would one restore their actual Active Directory, including AD Users & Groups, in this type of situation ? The hardware is different, so I am assuming that a full restore of the backups from one of the HP servers will not boot on a new and different machine such as an older Dell server given the different RAID drivers, chipsets, NIC cards, video drivers, etc...

Sorry about any confusion on this as I assumed this would be a fairly straightforward and easy process that one could restore the full AD on a clean Windows Server 2008 r2 machine as long as one actually had backups of the systems to include the System State (normally I hear people say that they forgot to run backups which causes obvious problems) - but perhaps I am wrong and this is actually a bit harder than I originally thought ...

ew
0
 

Author Closing Comment

by:LGroup1
ID: 38384192
Okay, thanks all !  I typed my last post before I had a chance to read the last two posts, but you definately pointed me in the right direction ...

ew
0
 
LVL 45

Expert Comment

by:Amit
ID: 38388509
0
 

Author Comment

by:LGroup1
ID: 38392689
Okay, tks again ...

ew
0
 
LVL 45

Expert Comment

by:Amit
ID: 38392872
You are welcome, i am doing a same test in my lab what you requested, will provide you more updates tomorrow. If  I am able to recover everything or not.
0
 

Author Comment

by:LGroup1
ID: 38394565
Cool, that would be great - tks,

ew
0
 
LVL 45

Expert Comment

by:Amit
ID: 38399148
I tested in my lab and result were negative. Using System Restore was able to restore Windows back to old state, with sysvol, AD services, but AD still not working. Finally, restoring AD to different Hardware is just waste of time.
0
 

Author Comment

by:LGroup1
ID: 38399337
Okay, tks again for the update.  It would be nice if Microsoft incorporated some function or feature from Windows Backup to allow for that natively from within Windows 2K8 r2.

I will make another post on this, but I wonder if there is some way to export the AD using one of the AD command line utils that would allow for exporting all user data and SIDs, group data, etc... (even if the user passwords had to be reset) so one could import the AD to a new machine on different hardware that way  ...

ew
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits …
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

616 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question