AvacadoGreen
asked on
Active Directory Domain/Forest Functional Level Rollback from 2008r2 to 2003
We're planning to upgrade our AD forest and domain functional levels from 2003 to 2008r2. Management would like a fallback strategy. All of our AD controllers are VMware virtual 2008r2's. What would be your suggested fallback strategy?
We're considering:
1. Shutting down each of our 4 DC's, FSMO role holder last, and taking VMware snapshots of each. To revert, we would take all DC's offline, revert to the snap on all, and boot each of them up.
2. MS System State restores - The domain would be taken offline, each DC would then be restored from a system state backup to its original state.
I'd greatly appreciate your suggestions and ideas!
We're considering:
1. Shutting down each of our 4 DC's, FSMO role holder last, and taking VMware snapshots of each. To revert, we would take all DC's offline, revert to the snap on all, and boot each of them up.
2. MS System State restores - The domain would be taken offline, each DC would then be restored from a system state backup to its original state.
I'd greatly appreciate your suggestions and ideas!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Lee W, MVP
And Andrew's suggestion is the alternate way of doing it that I'd concur with.
ASKER
Do you gents have any other suggestions/caveats about a VMware restore? It would shorten our recovery time significantly, in comparison to a system-state restore and rebuild.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Do you gents have any other suggestions/caveats about a VMware restore? It would shorten our recovery time significantly, in comparison to a system-state restore and rebuild.
Restoring your AD environment by doing VMware snapshot roll backs is an UNSUPPORTED method, unless of course you are using the new DC cloning feature in server 2012/R2. If not then it is unsupported.
When you raise the domain/forest functional level it is an irreversible task and if you require to restore from a backup it needs to be a System State Backup. From there you would do the following...
- restore your FSMO role holder DC (authoritative Restore)
- you would then perform a system state restore of ALL other domain controllers (NON-AUTHORITATIVE)
Non-Authoritative restore will allow the domain controllers to get all replicating changes from the current FSMO role holder which will allow replicaiton to be synced properly across all of the DC's after you restore them.
A side from that there is nothing else that is required. However if your replication and DC health is good, you should not have any issues performing Domain/Forest Functional Level raise.
Will.
While Will is correct that snapshots are unsupported for restores, *IF* done appropriately, it should be fine. The problem I will grant you is that appropriately can be tricky if you're not EXACTLY CERTAIN and you're not VERY careful.
ASKER
Forest/Domain functional level upgrade went off without a hitch. We performed system state backups, in addition to turning each VM off for a clean-snapshot. The FSMO role holder was snapped last, and would be the first to be restored in the event of a disaster.