Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

A.D. Disaster Recovery 3

Status
Not open for further replies.
acl03

acl03

MIS
Joined
Jun 13, 2005
Messages
1,077
Location
US
I am trying to prepare for what might happen if we lose every DC in our domain. How do you perform disaster recovery for AD? I backup ther system state nightly for each DC in the domain.

If i have NO dc's left in the forest, is it true that i cannot use DCPROMO /ADV to restore from media? How do i restore?
 
Sort by date Sort by votes
Create an ASR using NTBackup. The ASR will allow you to boot up off of a floppy and it will completely rebuild the system partition of a server for you, this will restore AD and all without having to first install an OS on the box.



I hope you find this post helpful.

Regards,

Mark
 
Upvote 0 Downvote
Sorry my bad. I thought I was in the 2003 forum. An ASR is an Automated System Recovery disk/tape. This is a new feature in 2003 that allows you to restore a server from a blank disk without first having to load an OS to access the tape. It is not available in 2000 though. Sorry for the confusion.

I hope you find this post helpful.

Regards,

Mark
 
Upvote 0 Downvote
acl03

Are all your DC's in the same location?
I just got finished with revamping our campanie's disaster recovery plan. One of the questions that I addressed in the plan was how to recover our Windows 2000 AD if we were to lose our building in either some natural disaster or terrorist related event. While the plan that we had previous was being followed. In testing it we had difficulty's recovering AD using a baremetal restore method and restoring System State Data.

Like you, we do nightly full backups on our servers and we store the media offsite. How we finally addressed the problem with losing all of our DCs was by using virtual pc to created an additional DC. I use a seperate disk that is in a removable bay for the virtual DCs partition. Once a week I go to our offstie store bring the disk back load it and bring up the virtual DC up, let AD replication happen and then shut it down pull the disk and return it to offsite.

If I am doing any major work on the server, which is rare, I make sure the virtual install is updated.

Before I did this I ran tests and for our campanies it works great.

JC
 
Upvote 0 Downvote
That is a great solution trusted.

For what is costs however for Virtual PC and the license for the Virtual 2000 box, I'd spend the money and get a copy of Windows 2003 which makes the whole thing so much easier as noted above with the ASR.

I hope you find this post helpful.

Regards,

Mark
 
Upvote 0 Downvote
We are actually planning on upgrading to 2003, but I wanted to test the disaster recovery and actually install 2003 on virtual pc (we already have VPC).

Our setup now is as follows:

Main Site:
Svr1: 2003 DC
Svr2: 2000 DC
Svr3: 2000 DC

Remote Site:
Svr4: 2003 DC

We will be upgrading Svr2 to 2003, and probably demoting Svr3 to a member server (not a DC).

Right now, Svr2 (2000 DC) has all 5 FSMO roles. Is it wise to simply transfer the roles over to Svr2, then demote Svr1, and install 2003 on it, and let it synchronize.

What I wanted to do, was to actually mirror our exact environment in VPC, and do the upgrade there. Do you guys think that is necessary, or should I just go ahead with the role transfer, demotion, upgrade, promotion?

Thanks for the help.

 
Upvote 0 Downvote
marcdmac: any idea where i can get more info on using ASR?
 
Upvote 0 Downvote
What is the best way to go about this when there is only one domain controller?

We back up every night, but not sure if this backs up the AD!

Systems Administrator
BSc Network Computing, CCNA. Both in training! :)
 
Upvote 0 Downvote
Acl03,

If you already have one server that is a DC that is now running Windows 2003, why not perform an in-place upgrade on the FSMO role holder and leave all FSMO roles where they are?

Regarding the ASR, just launch NTBackup and you will see on the main screen where you choose Backup or Restore, there is a third choice for ASR. You will need a blank floppy for it.

Cyberspace,

If you are not sure that your AD is getting backed up, make certain that you are backing up System State information.

I hope you find this post helpful.

Regards,

Mark
 
Upvote 0 Downvote
Mark,

Is doing an in place upgrade advised? Wouldn't I be better off transferring the roles over to the 2003 box and just installing 2003 fresh on the other one?



Thanks,
Andrew
 
Upvote 0 Downvote
Microsoft only recommends moving the Schema master if absolutely necessary. For that reason I recommend the upgrade. Your AD is already extended for the Windows 2003 Schema so the upgrade process should not encounter any problems. Furthermore you will save yourself a lot of other work. For instance if you don't upgrade you will need to DC promo the server out as a DC. Remove it from DNS. Move any services running on it such as DHCP or WINS etc. There are a lot of things you could miss by removing it, so I think the safest thing to do is to do the upgrade.

I hope you find this post helpful.

Regards,

Mark
 
Upvote 0 Downvote
Well, we don't use WINS or DHCP here, so those 2 we wouldn't need to worry about. I think this server has had a few problems in the past, and it was used for a lot of testing, so who knows what might be wrong with it.

I'd be more comfortable rebuilding.

What other services should I be aware of (wins, dhcp, etc)?

We only have 1 domain in our forest, so i guess after transferring the roles, I will first shut down the current role-holder for a day or 2 to see if anyone screams.



Thanks,
Andrew
 
Upvote 0 Downvote
markdmac, you said:

If you are not sure that your AD is getting backed up, make certain that you are backing up System State information.
Click to expand...

Thankyou for that Mark - most appreciated.

I have checked the backup selection and it does indeed have System State included, which includes Active Directory, Boot Files, Com+ Class Registration Database, Sysvol & registry!

Peace of mind there then.

So with that, in the event of say, the server going majorly wrong, it would be reasonably easy to restore it to how it was? Or is there more too it than that?

For example....if you lose a file, you just restore it from back up with no problem...would it be the same for System State data?

Systems Administrator
BSc Network Computing, CCNA. Both in training! :)
 
Upvote 0 Downvote
Mark -

These articles are useful if your domain controller's are still around. What if your hardware fails on ALL DC's, and you have to restore to different hardware?



Thanks,
Andrew
 
Upvote 0 Downvote
It says on that site that you need to pre-install windows to restore active directory.

I am having absolutely NO luck trying to restore AD to simulate a disaster scenario.

Basically this is what I have done so far (all in Virtual PC):

All of this is done according to this article:

-Start a clean windows 2000 server in a workgroup
-Restore the system state from a 2000 domain controller (the one that has all 5 FSMO roles) to the clean server
-Reboot machine, machine hangs
-Perform repair of windows
-Machine boots normally

At this point, i can get into AD Users and computers and see all of my directory.

I cannot, however, create any objects in the domain, because i cant get a RID pool from the RIDmaster.

There is a KB article describing a fix for this problem that I cannot get working:

Is this REALLY the way to restore Active directory in a disaster situation? It seems completely ridiculous. Is this any better in 2003?



Thanks,
Andrew
 
Upvote 0 Downvote
Oh and i forgot to mention that after doing the repair installs and starting up, i cannot reboot the server or it blue screens...



Thanks,
Andrew
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Teo En Ming
  • Locked
  • Question Question
Actions taken during Disaster Recovery for client whose IBM Megaraid controller has failed
Replies
2
Views
877
fightaccording
fightaccording
joblack23
  • Locked
  • Question Question
BMR server recovery
Replies
0
Views
196
joblack23
joblack23
slavishrook
  • Locked
  • Question Question
Unable to use EMC or Powershell when the services for Symantec System Recovery are enabled & run
Replies
1
Views
287
ShackDaddy
ShackDaddy
badmotorvision
  • Locked
  • Question Question
Server Disaster Recovery Questions.
Replies
2
Views
182
goombawaho
goombawaho
ceil32
  • Locked
  • Question Question
Server 2008 R2 - System recovery options - parameter incorrect
Replies
0
Views
272
ceil32
ceil32

Part and Inventory Search

Sponsor

Back
Top