Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.
Restoring Virtualized Win2k8 DC from backup
Ok, we are backing up our VM DC's every 2 hours.
Should we need to restore one from backup how long can AD be down for and will we experience problems should we restore from a 2hr backup? Will take a minute to restore.
and
Should we lose a DC and not be restored within hours or days what is required to restore the DC? I assume build a new VM and add as a DC and forcibly remove roles from AD?
Should we need to restore one from backup how long can AD be down for and will we experience problems should we restore from a 2hr backup? Will take a minute to restore.
and
Should we lose a DC and not be restored within hours or days what is required to restore the DC? I assume build a new VM and add as a DC and forcibly remove roles from AD?
Asked:
Who is Participating?
You need to have at least 2 DCs then you don't have to worry about that. If one DC would go down then the other is serving AD services. Just remember that you cannot use restore from snapshot on your 2008 DC, the only allowed option is restore from "System State Backup" which requires new server to be installed and then you may restore it from System State
In case that yo have more than 1 DC in your network and one of DCs would die, then you may simply do metadata cleanup of that DC and that's all
Regards,
Krzysztof
In case that yo have more than 1 DC in your network and one of DCs would die, then you may simply do metadata cleanup of that DC and that's all
Regards,
Krzysztof
AD DCs used to be 60 days before tombstone, and it would not replicate, it's now 180 days by default.
build a new VM, promote to a DC (dcpromo), depending upon which has failed, sieze the FSMO roles, and remove the old DC from AD.
build a new VM, promote to a DC (dcpromo), depending upon which has failed, sieze the FSMO roles, and remove the old DC from AD.
We have 2x DC's at Site A and 2x at Site B (over a VPN).
So no need to backup then? Using acronis... Not sure what you mean by system state..
So no need to backup then? Using acronis... Not sure what you mean by system state..
You should have at least 2 DCs per Site for more security. If your replication does not work over VPN you would face AD DB missing updates. Mostly inter-site replication (remote locations - different sites) issues face domain environments than intra-site replication (local sites)
Krzysztof
Krzysztof
Personally I dont back up DC's at all now. A restore of an AD VM is more hastle than its worth and can cause issues.
So long as you have multiple DC's, Shoot yourself if you dont, AND you restrict DC's to being just that, no additional applications running on them, no file stores on them, just plain simple AD and DNS/DHCP services.
Now should you lose a DC you just create a new one and as everyone else says, force any FSMO roles that your old one had and meta data clean up to get rid of old one.
A thing to consider is splitting your DHCP role amongst multiple servers and splitting your scopes between them for redundancy. You dont want to lose the only DC on a site with DHCP on it do you!?
So long as you have multiple DC's, Shoot yourself if you dont, AND you restrict DC's to being just that, no additional applications running on them, no file stores on them, just plain simple AD and DNS/DHCP services.
Now should you lose a DC you just create a new one and as everyone else says, force any FSMO roles that your old one had and meta data clean up to get rid of old one.
A thing to consider is splitting your DHCP role amongst multiple servers and splitting your scopes between them for redundancy. You dont want to lose the only DC on a site with DHCP on it do you!?
in case?
If it blue screens or someone deletes the VM, then restoring it a few hours later will be ok then?
If it blue screens or someone deletes the VM, then restoring it a few hours later will be ok then?
What triggers the event ids and issues with AD? The amount of time? The amount of changes made within the database(s)? Replication?
Not sure what you mean: If you have two DC's and one goes down you can start 2nd DC in 30 Mins thats't too without disrupting services
Not sure what you mean: If you have two DC's and one goes down you can start 2nd DC in 30 Mins thats't too without disrupting services
I mean you have 2 DC's in same domain and at same site assuming that you have put IP of both DC's in client DNS search order
and your DC1 crashes then all login/authentication and group policies request will be processed by DC2
in meantime you can format the crashed DC and promote that as a new DC ..with clean installation ...
and your DC1 crashes then all login/authentication and group policies request will be processed by DC2
in meantime you can format the crashed DC and promote that as a new DC ..with clean installation ...
So consensus is to back them up but in real world you wouldn't restore them, ever. If failure occurs, build new DC, seize/transfer roles and clear old metadata from AD of failed DC?
Yes but the backup is taken incase you have any rarest of the rare event when both of your DC's are down
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
All Courses
From novice to tech pro — start learning today.
-
Course of the Month11 days, 10 hours left to enrollMonitoring and Operating a Private Cloud with System Center 2012 R2 273 lessons
If you restore the DC from image or snapshots then you may face USN rollback issue
To know more on USN rollback follow http://utools.com/help/UsnRollback.asp
It is allways a wise decision and standard practice to have minimum 2 DC's in Domain at a site
I would also prefer to have backup of system state too...It does not cost you anything than some disk space
If you have two DC's and one goes down you can start 2nd DC in 30 Mins thats't too without disrupting services