dqnet
asked on
Backing up Virtual Machine Domain Controllers from within or from above...?
Hi,
I cant seem to get a concrete answer on this.
If you have virtual domain controllers running windows server 2008(r2) or 2012(r2) on Hyper-V, do you backup the virtual machine and host level using windows server backup and VSS taking care of consistency or do you have to backup the domain controller from within itself as a guest OS?
I just cant seem to get a concrete answer on this.
Thanks!
I cant seem to get a concrete answer on this.
If you have virtual domain controllers running windows server 2008(r2) or 2012(r2) on Hyper-V, do you backup the virtual machine and host level using windows server backup and VSS taking care of consistency or do you have to backup the domain controller from within itself as a guest OS?
I just cant seem to get a concrete answer on this.
Thanks!
bbao
commonly for a working DC running on a guest OS, it is NOT recommended to back up at VM level, in your case at Hyper-V level, simply because it may cause out-of-sync or conflicts once the restored DC get back online when other DCs in the same AD are also alive, especially when there is a huge change after the DC/VM was backed up.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
FYI - let's check an official document giving more details and discussions about this issue.
Backup and Restore Considerations for Virtualized Domain Controllers
https://technet.microsoft.com/en-us/library/virtual_active_directory_domain_controller_virtualization_hyperv(v=ws.10).aspx
"The supported method of restoring a domain controller to a healthy state is to use an Active Directory–compatible backup application, such as Windows Server Backup, to restore a system state backup that originated from the current installation of the domain controller."
"if you restore a domain controller by using a copy of the virtual hard disk (VHD) file, you bypass the critical step of updating the database version of a domain controller after it has been restored. Replication will proceed with inappropriate tracking numbers, resulting in an inconsistent database among domain controller replicas. In most cases, this problem goes undetected by the replication system and no errors are reported, despite inconsistencies between domain controllers."
"Do not copy or clone VHD files of domain controllers instead of performing regular backups. If he VHD file is copied or cloned, it becomes stale. Then, if the VHD is started in normal mode, there might be a divergence of replication data in the forest. You should perform proper backup operations that are supported by Active Directory Domain Services (AD DS), such as using the Windows Server Backup feature."
"Do not use the Snapshot feature as a backup to restore a virtual machine that was configured as a domain controller. Problems will occur with replication when you revert the virtual machine to an earlier state. ... Although using a snapshot to restore a read-only domain controller (RODC) will not cause replication issues, this method of restoration is still not recommended."
Backup and Restore Considerations for Virtualized Domain Controllers
https://technet.microsoft.com/en-us/library/virtual_active_directory_domain_controller_virtualization_hyperv(v=ws.10).aspx
"The supported method of restoring a domain controller to a healthy state is to use an Active Directory–compatible backup application, such as Windows Server Backup, to restore a system state backup that originated from the current installation of the domain controller."
"if you restore a domain controller by using a copy of the virtual hard disk (VHD) file, you bypass the critical step of updating the database version of a domain controller after it has been restored. Replication will proceed with inappropriate tracking numbers, resulting in an inconsistent database among domain controller replicas. In most cases, this problem goes undetected by the replication system and no errors are reported, despite inconsistencies between domain controllers."
"Do not copy or clone VHD files of domain controllers instead of performing regular backups. If he VHD file is copied or cloned, it becomes stale. Then, if the VHD is started in normal mode, there might be a divergence of replication data in the forest. You should perform proper backup operations that are supported by Active Directory Domain Services (AD DS), such as using the Windows Server Backup feature."
"Do not use the Snapshot feature as a backup to restore a virtual machine that was configured as a domain controller. Problems will occur with replication when you revert the virtual machine to an earlier state. ... Although using a snapshot to restore a read-only domain controller (RODC) will not cause replication issues, this method of restoration is still not recommended."
Software like Veeam is application aware because of its VSS writers. With this option enabled you can safely backup and restore a domain controller. It even enables you to live backup the machine without interuption and then restore just your AD.
See also: http://helpcenter.veeam.com/backup/80/vsphere/restore_vead.html and http://helpcenter.veeam.com/backup/80/vsphere/application_aware_processing.html
See also: http://helpcenter.veeam.com/backup/80/vsphere/restore_vead.html and http://helpcenter.veeam.com/backup/80/vsphere/application_aware_processing.html
Hi,
I agree with past comments.
What is important in case you need to restore is Active Directory DB and objects.
So Either backup it up using the guest method (back up system state that include AD DB), or using the "host" method with a software that supports backup and restore of AD objects or entire DB.
It seems Veeam does that, I know it for reading documentation yet, but I have never tested a backup and a restore on AD object/DB.
I agree with past comments.
What is important in case you need to restore is Active Directory DB and objects.
So Either backup it up using the guest method (back up system state that include AD DB), or using the "host" method with a software that supports backup and restore of AD objects or entire DB.
It seems Veeam does that, I know it for reading documentation yet, but I have never tested a backup and a restore on AD object/DB.
ASKER
Thanks guys!
Windows Server Backup from the host level is VSS aware for any VSS service running in Services.msc. This includes ADDS.
However, we do not back up from the host unless using a proven third party product.
When running WSB at the host level we ran into all sorts of problems with VSS collisions. So much so that we dropped WSB across the board for host base backups. This was on 2008 RTM/R2 (we've been running standalone and clustered Hyper-V at client sites since 2008 RTM) with no improvements with each new OS iteration.
We back up in-guest as a rule unless we are dealing with complex clustered environments or hosting setups.
However, we do not back up from the host unless using a proven third party product.
When running WSB at the host level we ran into all sorts of problems with VSS collisions. So much so that we dropped WSB across the board for host base backups. This was on 2008 RTM/R2 (we've been running standalone and clustered Hyper-V at client sites since 2008 RTM) with no improvements with each new OS iteration.
We back up in-guest as a rule unless we are dealing with complex clustered environments or hosting setups.