Solved

What options to backup or to put into the roll back plan when the Exchange /prepareAD gone bad ?

Posted on 2014-11-06
12
395 Views
Last Modified: 2014-11-26
Hi Folks,

Can anyone here please suggest me what are my options to perform backup or restore before performing Exchange Server AD Schema modification?

because when you perform Exchange Server SP3 upgrade, there is AD schema extension involved and I'm not sure what to backup or restore suppose it is gone bad ?

I got two Domain Controllers within the same AD Site with the Exchange Servers that are Virtual, creating VMware snapshot is not the way to go since it is not a supported environment.

Thanks.,
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
  • +1
12 Comments
 
LVL 120

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE^2)
Andrew Hancock (VMware vExpert / EE MVE^2) earned 200 total points
ID: 40427880
Backup ALL your DCs and Exchange Servers at the same time before the change.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40427881
OK so there is no possible way to backup only the DC database only ?
0
 
LVL 120
ID: 40427899
Why not just backup the entire VM ?
0
Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

 
LVL 17

Accepted Solution

by:
Learnctx earned 200 total points
ID: 40427911
It is super rare these days that these schema updates would fail and cause an issue (was more something you worried about way back). That said, Microsoft have a blog on how to prepare for, apply and back out of a schema update. See the blog article here:

http://blogs.technet.com/b/samdrey/archive/2011/09/13/exchange-2010-sp1-general-schema-upgrade-procedure-with-back-out-plan.aspx

Basically you just disable outbound replication + nic and if anything goes wrong seize the roles and metadata cleanup the failed DC. If successful re-enable outbound replication + nic and allow full forest replication to occur.

That said, the fact you're asking these questions during a schema upgrade means you should also be asking yourself what would you do if you had a massive failure now without an update. What is your backup solution? Do you have a recovery document you can follow? Have you taken a backup and done a POC and then test of this procedure off the network? Do all of this. Once you're comfortable coming back from a disaster with AD its all easy enough. There are also excellent applications like Dell's Quest Recovery Manager Forest Edition for recovery which make things quite easy but are very expensive.

Last point: always have backups.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40427941
Thanks all for the reply.

No I do not have test environment in my company.

So basically just disable the vNIC on the VM and then enable it once it is completed successfully ?

Cool that sounds simple :-)
0
 
LVL 120
ID: 40428048
You should always have a FULL BACKUP before any production changes!

and no test environment, shame on you!

Clearly no ITIL Best Practices here!
0
 
LVL 31

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 100 total points
ID: 40430893
I am assuming you are disabling the vNIC so the schema updates don't replicate throughout the domain?

If so, you will need to make sure you are running those schema updates from the DC holding the Schema Master role. That DC also needs to be 64 bit to run those commands.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40430900
Yes it is that way as you described.

So once the scheme update successfully work, I can then remove the VM snapshot and reconnect the vNIC after reboot.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40430903
Sounds good to me. Although Andrew is the VMware "Jedi" master.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40430947
I'm just the apprentice I this case hence I ask this question :-)

In terms of supportability, is this a supported practice ?

Because from memory taking  snapshot is not a supported action.
0
 
LVL 17

Assisted Solution

by:Learnctx
Learnctx earned 200 total points
ID: 40430988
Microsoft won't probably officially support a snapshot rollback on Server 2008 R2 officially but would provide best effort support. They will support a snapshot rollback for server 2012 DC's + VMware with compatability for snapping back (see http://technet.microsoft.com/en-us/library/hh831734.aspx). They would try their best to help though it might cost you :)

In your case though if you are following the Microsoft method (http://blogs.technet.com/b/samdrey/archive/2011/09/13/exchange-2010-sp1-general-schema-upgrade-procedure-with-back-out-plan.aspx) where by you disable the NIC and disable outbound replication; if anything goes wrong just seize the FSMO roles from that server and remove it from the domain rather than rolling back the snapshot. For you the only reason to revert a snapshot would be a complete domain failure and in that case seeing as you're running server 2008 DC's I would be rolling back a single domain controller and rebuilding your entire domain from that single domain controller as the source of truth. None of the other domain controllers could be trusted with a rollback of their snapshots (USN issues).

For removing a failed DC (or just a DC you don't want back on the domain): http://www.petri.com/delete_failed_dcs_from_ad.htm

For seizing FSMO roles: http://www.petri.com/seizing_fsmo_roles.htm (can also be done from the GUI).
0
 
LVL 120

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE^2)
Andrew Hancock (VMware vExpert / EE MVE^2) earned 200 total points
ID: 40431067
The problem with Snapshots, when a VM is running on a snapshot (difference disk) performance is poor.

We would much rather have good backups in place of the environment, before any changes are made, also as this is Exchange we would also stop the Exchange Services (or at least stop any mail Entering the Mail Server).

So in the event of a rollback situation, you can restore all the DCs and Mail Servers, with out effecting any loss of mail.

Again, no matter what change, or service, you should have a Rollback plan, and Full Backups before any chance is completed.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question