Hi all, I have a 2 site, single domain Active Directory Forrest. The Domain and Forest functional levels are both Windows Server 2003.
The "Main" site has the bulk of our servers including our new Exchange 2010 server, workstations and 2 Physical DC's running 2008r2. For the most part these DC's really only provide the following services:AD and related services/DNS/DHCP.
Our "Secondary" site has 2 vmware virtual servers hosted by a 3rd party. One is an RODC for our domain and the other an iis server that is also joined to the domain. At this location the RODC provides AD and related services/DNS.
All 3 DC's are Global Catalogs but all 5 FSMO roles are held by the beefier of the 2 physical DC's.
I have been doing manual weekly backups of AD using a command prompt and typing
> wbadmin start systemstatebackup -backuptarget:Z:
When the operation is complete on both servers I copy the backup files created in the WindowsImageBackup folder to the opposite server so each server has a backup of itself and the other physical DC. In my mind this way if I lost one of the physical servers I had a good backup still remaining on it's physical counterpart. I don't bother backing up the RODC as it is very slow and if it were to go down unrecoverably, I would simply abandon the old RODC, have the 3rd party hosting company reinstall a fresh OS on an uncorrupt or newly created VM and make it a new RODC rather than attempt to restore.
Question 1: Am I backing up the servers correctly from an active directory standpoint? Is there a better way?
Question 2: Is it wise to only do a system state backup? I don't want to lose the DNS info or the DHCP configuration and certainly nothing AD related.
Question 3: Since both Physical DC's are located in the same server room, if something were to happen to the room and both servers were a loss, is there enough of the AD environment at my secondary site to keep the domain alive and inevidibly recover?
Question 4: Is the FSMO/GC configuration sound?
Question 5: We recently added a new server running VMWare, hosting 1 Windows Server 2008r2 Std vm which is running Exchange 2010 r3. Should the AD backup strategy change at all due to this new service? I know Exchange changed our AD environmant around a little.