Connect your existing build, deployment, management, monitoring, and collaboration platforms. From Puppet to Chef, HipChat to Slack, ServiceNow to JIRA, Splunk to New Relic and beyond, hand off data between systems to engage the right people.
Connect with xMatters.
Course Of The Month
3 days, 5 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Restoring Virtualized Win2k8 DC from backup
Posted on 2013-01-02
Ok, we are backing up our VM DC's every 2 hours.
Should we need to restore one from backup how long can AD be down for and will we experience problems should we restore from a 2hr backup? Will take a minute to restore.
and
Should we lose a DC and not be restored within hours or days what is required to restore the DC? I assume build a new VM and add as a DC and forcibly remove roles from AD?
Should we need to restore one from backup how long can AD be down for and will we experience problems should we restore from a 2hr backup? Will take a minute to restore.
and
Should we lose a DC and not be restored within hours or days what is required to restore the DC? I assume build a new VM and add as a DC and forcibly remove roles from AD?
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
7
3
3- +2
16 Comments
You need to have at least 2 DCs then you don't have to worry about that. If one DC would go down then the other is serving AD services. Just remember that you cannot use restore from snapshot on your 2008 DC, the only allowed option is restore from "System State Backup" which requires new server to be installed and then you may restore it from System State
In case that yo have more than 1 DC in your network and one of DCs would die, then you may simply do metadata cleanup of that DC and that's all
Regards,
Krzysztof
In case that yo have more than 1 DC in your network and one of DCs would die, then you may simply do metadata cleanup of that DC and that's all
Regards,
Krzysztof
Active today
AD DCs used to be 60 days before tombstone, and it would not replicate, it's now 180 days by default.
build a new VM, promote to a DC (dcpromo), depending upon which has failed, sieze the FSMO roles, and remove the old DC from AD.
build a new VM, promote to a DC (dcpromo), depending upon which has failed, sieze the FSMO roles, and remove the old DC from AD.
Active today
We have 2x DC's at Site A and 2x at Site B (over a VPN).
So no need to backup then? Using acronis... Not sure what you mean by system state..
So no need to backup then? Using acronis... Not sure what you mean by system state..
You should have at least 2 DCs per Site for more security. If your replication does not work over VPN you would face AD DB missing updates. Mostly inter-site replication (remote locations - different sites) issues face domain environments than intra-site replication (local sites)
Krzysztof
Krzysztof
Personally I dont back up DC's at all now. A restore of an AD VM is more hastle than its worth and can cause issues.
So long as you have multiple DC's, Shoot yourself if you dont, AND you restrict DC's to being just that, no additional applications running on them, no file stores on them, just plain simple AD and DNS/DHCP services.
Now should you lose a DC you just create a new one and as everyone else says, force any FSMO roles that your old one had and meta data clean up to get rid of old one.
A thing to consider is splitting your DHCP role amongst multiple servers and splitting your scopes between them for redundancy. You dont want to lose the only DC on a site with DHCP on it do you!?
So long as you have multiple DC's, Shoot yourself if you dont, AND you restrict DC's to being just that, no additional applications running on them, no file stores on them, just plain simple AD and DNS/DHCP services.
Now should you lose a DC you just create a new one and as everyone else says, force any FSMO roles that your old one had and meta data clean up to get rid of old one.
A thing to consider is splitting your DHCP role amongst multiple servers and splitting your scopes between them for redundancy. You dont want to lose the only DC on a site with DHCP on it do you!?
Active today
in case?
If it blue screens or someone deletes the VM, then restoring it a few hours later will be ok then?
If it blue screens or someone deletes the VM, then restoring it a few hours later will be ok then?
Active today
You need to understand things here
If you restore the DC from image or snapshots then you may face USN rollback issue
To know more on USN rollback follow http://utools.com/help/UsnRollback.asp
It is allways a wise decision and standard practice to have minimum 2 DC's in Domain at a site
I would also prefer to have backup of system state too...It does not cost you anything than some disk space
If you have two DC's and one goes down you can start 2nd DC in 30 Mins thats't too without disrupting services
If you restore the DC from image or snapshots then you may face USN rollback issue
To know more on USN rollback follow http://utools.com/help/UsnRollback.asp
It is allways a wise decision and standard practice to have minimum 2 DC's in Domain at a site
I would also prefer to have backup of system state too...It does not cost you anything than some disk space
If you have two DC's and one goes down you can start 2nd DC in 30 Mins thats't too without disrupting services
Active today
What triggers the event ids and issues with AD? The amount of time? The amount of changes made within the database(s)? Replication?
Not sure what you mean: If you have two DC's and one goes down you can start 2nd DC in 30 Mins thats't too without disrupting services
Not sure what you mean: If you have two DC's and one goes down you can start 2nd DC in 30 Mins thats't too without disrupting services
Active today
I mean you have 2 DC's in same domain and at same site assuming that you have put IP of both DC's in client DNS search order
and your DC1 crashes then all login/authentication and group policies request will be processed by DC2
in meantime you can format the crashed DC and promote that as a new DC ..with clean installation ...
and your DC1 crashes then all login/authentication and group policies request will be processed by DC2
in meantime you can format the crashed DC and promote that as a new DC ..with clean installation ...
Active today
So consensus is to back them up but in real world you wouldn't restore them, ever. If failure occurs, build new DC, seize/transfer roles and clear old metadata from AD of failed DC?
Active today
Yes but the backup is taken incase you have any rarest of the rare event when both of your DC's are down
Featured Post
Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
A hard and fast method for reducing Active Directory Administrators members.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten.
The USB drive must be s…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses
Course of the Month3 days, 5 hours left to enroll
695 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.