Announcement

Collapse
No announcement yet.

AD restore question.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • AD restore question.

    Hi,

    In a multiple DC environment...

    ...I'm debating whether i should do:

    1 Full backup with different filename everyday
    1 Full backup replacing the old one everyday
    1 Full backup every week replacing the old one and incremental everyday

    My main concern is AD corruption. Let's say i have 6 DC. Someday, one of the DC is having problem and i need to restore system state on it.

    In scenario one, i can go back days, weeks before to get it running again.
    In scenario two, i can only get back to the state it was at the moment of the last backup. If it already has problem when the backup was taken, i'm in the fux0r'd.
    In scenario three, i can go back days, weeks before again

    Scenario 2 is already behind in the solutions.

    Then, once we get it up and running again. I can see more problems. Let's say we have to rollback 2 days to get it up and running. During these 2 days, the 5 others DC have had changes (add/remove users, password change, add/remopve computers etc.). I feel that it could cause the DC we just restored to not replicate to others since it won't have the same version of the AD schema.

    When the DC crash, i feel it would just be much more simplier to force depromotion if needed, clean metadata of AD, promote the server to a DC, transfer role if needed.

    Looking forward for your opinions on this hehe

    trep

  • #2
    Re: AD restore question.

    I think you getting a bit mixed up.
    you need to look into two situation of disaster.
    1) a Fail DC
    2) an AD problem

    as for problem one no matter when you restore the DC as long is it's not behind it's Tombstone life time, the other DCs would fill him up on the changes and Sync him up to date on the changes interval between the backup and the present.

    as for Option two (AD global problem), a backup of a good copy could be Authoritative restored replacing the old bad Data of all of your DCs even though you restored only one DC.

    Bare in mind though that Authoritative restore does not restore Schema Partition, so if you screwed up the Schema you would have to restore all your DCs to the point before the Schema Change, or you need to kill all your DCs and restore one good copy of a DC and then create new ones instead.

    as for what and how long to keep backups,it is up to you, there is no good or bad.
    What you need to ask yourself is how many changes you make to the AD (users/groups/etc) a day, by that you could determine how back you could go if you need to.
    but never keep backups more then the Tombstone life time (default 60 days, unless you freshly installed the AD using a win2003 w/SP1, not R2, in that case 180 days - not an upgraded AD from 2000 or pre 2003 SP1).
    I would personally keep more then one copy backwards b/c what happens if you find out you got something wrong only a week later or on the weekend?
    by then you don't have a good copy.
    Last edited by Akila; 12th November 2008, 22:10.

    Comment


    • #3
      Re: AD restore question.

      Thanks, make things a bit more clear.

      So basically, the best way to backup would be a full backup everyday and keep like 2 weeks of archive ?

      What's your method/schedule ?

      Best regards,

      trep

      Comment


      • #4
        Re: AD restore question.

        Originally posted by trep View Post
        Thanks, make things a bit more clear.

        So basically, the best way to backup would be a full backup everyday and keep like 2 weeks of archive ?

        What's your method/schedule ?

        Best regards,

        trep
        Do you have a backup system that works on Tapes?
        Just use those.
        My method is totally different, I use "Quest Recovery Manager for Active Directory" for Backup/Restore.
        I keep backups one per day on the DC, but then the regular Backup system backup that file to a tape along with the machine, so I could always restore the file to whatever time I want and use it if needed.

        Comment

        Working...
        X