MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.
Solved
Restoring Virtualized Win2k8 DC from backup
Posted on 2013-01-02
Ok, we are backing up our VM DC's every 2 hours.
Should we need to restore one from backup how long can AD be down for and will we experience problems should we restore from a 2hr backup? Will take a minute to restore.
and
Should we lose a DC and not be restored within hours or days what is required to restore the DC? I assume build a new VM and add as a DC and forcibly remove roles from AD?
Should we need to restore one from backup how long can AD be down for and will we experience problems should we restore from a 2hr backup? Will take a minute to restore.
and
Should we lose a DC and not be restored within hours or days what is required to restore the DC? I assume build a new VM and add as a DC and forcibly remove roles from AD?
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
7
3
3- +2
16 Comments
You need to have at least 2 DCs then you don't have to worry about that. If one DC would go down then the other is serving AD services. Just remember that you cannot use restore from snapshot on your 2008 DC, the only allowed option is restore from "System State Backup" which requires new server to be installed and then you may restore it from System State
In case that yo have more than 1 DC in your network and one of DCs would die, then you may simply do metadata cleanup of that DC and that's all
Regards,
Krzysztof
In case that yo have more than 1 DC in your network and one of DCs would die, then you may simply do metadata cleanup of that DC and that's all
Regards,
Krzysztof
Active today
AD DCs used to be 60 days before tombstone, and it would not replicate, it's now 180 days by default.
build a new VM, promote to a DC (dcpromo), depending upon which has failed, sieze the FSMO roles, and remove the old DC from AD.
build a new VM, promote to a DC (dcpromo), depending upon which has failed, sieze the FSMO roles, and remove the old DC from AD.
Active today
We have 2x DC's at Site A and 2x at Site B (over a VPN).
So no need to backup then? Using acronis... Not sure what you mean by system state..
So no need to backup then? Using acronis... Not sure what you mean by system state..
You should have at least 2 DCs per Site for more security. If your replication does not work over VPN you would face AD DB missing updates. Mostly inter-site replication (remote locations - different sites) issues face domain environments than intra-site replication (local sites)
Krzysztof
Krzysztof
Active 4 days ago
Personally I dont back up DC's at all now. A restore of an AD VM is more hastle than its worth and can cause issues.
So long as you have multiple DC's, Shoot yourself if you dont, AND you restrict DC's to being just that, no additional applications running on them, no file stores on them, just plain simple AD and DNS/DHCP services.
Now should you lose a DC you just create a new one and as everyone else says, force any FSMO roles that your old one had and meta data clean up to get rid of old one.
A thing to consider is splitting your DHCP role amongst multiple servers and splitting your scopes between them for redundancy. You dont want to lose the only DC on a site with DHCP on it do you!?
So long as you have multiple DC's, Shoot yourself if you dont, AND you restrict DC's to being just that, no additional applications running on them, no file stores on them, just plain simple AD and DNS/DHCP services.
Now should you lose a DC you just create a new one and as everyone else says, force any FSMO roles that your old one had and meta data clean up to get rid of old one.
A thing to consider is splitting your DHCP role amongst multiple servers and splitting your scopes between them for redundancy. You dont want to lose the only DC on a site with DHCP on it do you!?
Active today
in case?
If it blue screens or someone deletes the VM, then restoring it a few hours later will be ok then?
If it blue screens or someone deletes the VM, then restoring it a few hours later will be ok then?
Active today
You need to understand things here
If you restore the DC from image or snapshots then you may face USN rollback issue
To know more on USN rollback follow http://utools.com/help/UsnRollback.asp
It is allways a wise decision and standard practice to have minimum 2 DC's in Domain at a site
I would also prefer to have backup of system state too...It does not cost you anything than some disk space
If you have two DC's and one goes down you can start 2nd DC in 30 Mins thats't too without disrupting services
If you restore the DC from image or snapshots then you may face USN rollback issue
To know more on USN rollback follow http://utools.com/help/UsnRollback.asp
It is allways a wise decision and standard practice to have minimum 2 DC's in Domain at a site
I would also prefer to have backup of system state too...It does not cost you anything than some disk space
If you have two DC's and one goes down you can start 2nd DC in 30 Mins thats't too without disrupting services
Active today
What triggers the event ids and issues with AD? The amount of time? The amount of changes made within the database(s)? Replication?
Not sure what you mean: If you have two DC's and one goes down you can start 2nd DC in 30 Mins thats't too without disrupting services
Not sure what you mean: If you have two DC's and one goes down you can start 2nd DC in 30 Mins thats't too without disrupting services
Active today
I mean you have 2 DC's in same domain and at same site assuming that you have put IP of both DC's in client DNS search order
and your DC1 crashes then all login/authentication and group policies request will be processed by DC2
in meantime you can format the crashed DC and promote that as a new DC ..with clean installation ...
and your DC1 crashes then all login/authentication and group policies request will be processed by DC2
in meantime you can format the crashed DC and promote that as a new DC ..with clean installation ...
Active today
So consensus is to back them up but in real world you wouldn't restore them, ever. If failure occurs, build new DC, seize/transfer roles and clear old metadata from AD of failed DC?
Active today
Yes but the backup is taken incase you have any rarest of the rare event when both of your DC's are down
Featured Post
Managing Active Directory does not always have to be complicated. If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Let's recap what we learned from yesterday's Skyport Systems webinar.
- Ransomware
- Experts Exchange
- Skyport Systems
- Active Directory
- Security
- *privileged credentials
Are you ready to implement Active Directory best practices without reading 300+ pages?
You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses
Course of the Month11 days, 23 hours left to enroll
636 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.