SBS 2011 Disaster Recovery Planning - Specific Advice Requested

I have recently installed as SBS 2011 Server in my small network environment, and this has caused me to revisit and revise my DR plan.  In doing my usual online research, I have noticed several options and scenarios, and realize now that the best approach for each specific network might be very different, so here are my details and my questions:

SBS 2011 is the primary AD controller, and the Exchange server and Sharepoint server for our small network. (20 users)  I have a separate Windows 2003 Standard server that is configured as an additional AD server, and catalog server, for fault tolerance purposes.  I am using the built in Windows Backup solution for the SBS 2011, and getting a full "bare metal" backup every night, including all drive partitions with my data.  I have another server that I plan to only use in the event that the SBS 2011 server breaks down, and the hardware issues can't be quickly resolved.  I have tested the Bare Metal restore of the SBS 2011 to this machine (which is not connected to the network - because I'm just testing) and was successful with the exception that AD is not operational.  After what I have read online, I think this would be normal.

My question is - if this were a real-life disaster and I restored the bare metal backup of SBS 2011, and then connected the machine to my network, would everything replicate from my current backup domain controller?  The only other option I could see would be to take the backup DC offline (or demote it) and then in addition to the bare metal restore on SBS 2011, also perform a system state recovery in DSRM mode...  I guess I am asking which would be the preferred method to recover from a complete failure of the SBS 2011 machine... Thanks for any suggestions.
Rob GrinageManagerAsked:
Who is Participating?
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
I suggest having a read of one of our blog posts here:

This particular post outlines the very problem you are facing. How to restore.

It is the chronicle of our walking through recovering a client's domain after a catastrophic failure.

Essentially, in an SBS network that second DC can actually be your Achilles' Heel.

After over 10 years working with SBS I can say this: Our best line of defense in a disaster situation is a _known good_ backup. What is that? It is a backup that has been test restored to bare metal or Hypervisor at least on a quarterly basis.

That IMNSHO is the only disaster recovery plan an SBS network really needs.

Oh, and we use ShadowProtect so we have the option to restore that backup virtually anywhere.

Why wouldn't AD be operational on your test system.  SBS is the FSMO roles holder.
Although it wouldn't see the other AD server.

You shouldn't have any issues doing what you are doing.
Like you said a few hardware changes/issues when using the spare server.
But even if you virtualized it you'd have that issue too.

As long as your backups are 100%...

You could always test the whole thing by virtualizing everything then trying out different scenarios in the virtual environment.
Olaf De CeusterCommented:
The SBS BU will restore everything. If AD is not working there is an issue.
The second DC can be used but in normal restore scenarios won't be used.
Advantage of SBS BU: You can restore exchange and sharepoint by themselves too. Very handy.
I would suggest you run the SBS  BPA to find what is wrong with your network:
We are up to version 1.5
Hope that helps,
Rob GrinageManagerAuthor Commented:
I appreciate the advice.  I will check again to see what is the extent of working and non-working components, and provide more information as soon as I can.  This has me concerned, so I will investigate in depth.  Thanks!
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
I agree with Philip about that second DC -- the problem is that if you allow it to continue to run after your SBS fails, then you do a BMR of the SBS, the AD Replication will be out of sync.

The reason for this is that other than SBS, BMR's of DCs are not supported by Microsoft.

(Similarly, Exchange on a DC isn't supported unless it's SBS, etc)

SBS is unique because it has a special management system that keeps everything running the way it should -- as long as its deployed the way it was designed.  Most 20-person organizations don't need a 2nd DC, and you especially don't need one if your SBS can recover from failure almost immediately.

If your organization cannot afford downtime of your SBS, then I HIGHLY suggest you look at getting a DATTO Backup Device.  These things are just incredible and they are priced right for the SMB market.  If your SBS fails, you can turn on a VM backup of the SBS on the DATTO in less than 30 seconds.

If up-time is important to you, then you need to consider using this type of DR solution.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.