Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

restore 2003 AD using Acronis True Image

  • Filter
  • Time
  • Show
Clear All
new posts

  • restore 2003 AD using Acronis True Image

    Dear All

    I managed to find through some google searches and is a very imformative site so through I would join up and post for the first time on a project that I am working on.

    I am trying to build an example worst case scenario where if we had a fire in the server room at our school I could build back the network by one DC which didnt have the FMSO roles assigned to it. Can this be done?

    I am currently testing some software called Acronis True image echo server with universal restore and I have backed up the boot volume of one of our domain controllers and restored this server into a test VM using Vmware workstation.

    The DC that I have taken a backup of is one of 3 DC's in our school but this DC is a server which doesnt have any FSMO roles assigned to it such as PDC emulator and infrastructure master. Those roles are currently managed by another DC which is our original DC when AD which built from new.

    Once I restored this DC as a VM machine, for the most part it seems to have successfully restored. It booted into the server I was able to login and so far I have not had any BSOD errors.

    Once I checked the AD information i found all the users and machines from the school were restored but when I looked at the FSMO roles it had an error message which would be obvious as this server wasnt assigned any of these roles.

    What I want to test is if its a simple case of giving this standalone DC these FMSO roles through this virtual test environment or do I still need to add the original FMSO DC into this test environment as well for it to be happy and begin replication?

    I would rather not do that because as part of the testing I want to see if its possible to bring a whole network backup with a DC that wasn't the first DC in the forest. I am trying to create the scenario if the primary DC had a unrecoverable catastrophic failure, how would the rest of the network react once the FMSO roles are not assigned to a server.

    I have looked at some information about this such as: -

    What I want to ask do these solutions only work if the DC which had these roles is still alive? what happens if this server had a serious hard drive corruption and I couldn't boot from it at all, would i still be able to seize the role? because what I am reading to seize the role you still need to be able to boot into the DC which had these roles in the first place.

    I know I am trying to predict something which probably would never happen but am keen to see the results and see if its possible for me to bring a network back to useable state with a part working DC. My intention is to add another DC into this virtual team which will be based on server 2008 once, transfer all AD info to this new 2008 box and demote the old 2003 DC.

    Just for the record all the DC's we have at the moment are all RAID 5/1 backed so serious hard drive corruption should hopefully never happen!

    If anyone thinks I should test DR in a better way, please feel free to comment, like i said before this is me just playing around and understanding how it all works but if fellow members think I am doing this in a real long winded way then please make suggestions.

    Finally Acronis true image software is excellent, been really impressed with it so far. Its very easy to use...


  • #2
    Re: restore 2003 AD using Acronis True Image

    Active Directory is a constantly changing database and Microsoft do not support duplication as a valid restoration method because of problems with USN rollback.

    I would suggest you look at testing something like windows backup for the database and restoring that.

    You could even have another domain controller in another site that wouldn't be affected should you have a fire in one locaiton.

    FSMO roles can obviously be moved between servers but should a server that holds a role be down permanently then you have to seize that role. In a DR scenario you would use something like this
    Be aware that should the server eventually be fixed you need to wipe it before adding it back into the network.

    "RAID 5/1" which ever it is doesn't protect you from hard drive corruption only from disk failure. If corruption occurs you will likely have to restore from backups.

    Acronis, from what I have heard, is a very good product which should work well for a lot of servers however I suspect you should check with them what is supported. Things like Exchange and AD should be backed up using backup programs (like BackupExec, NT Backup and ArcServe) rather than imaging programs.

    Please read this before you post:

    Quis custodiet ipsos custodes?


    • #3
      Re: restore 2003 AD using Acronis True Image

      I agree with AndyJG247: image based backup is not really the best solution for backing up Active Directory.

      If you need disaster recovery one of the best solutions (although far from cheap) is to have 2 servers in seperate sites and any any data (E.g. Exchange, SQL) can be replicated in real time by software like DoubleTake. Active Directory will replicate itself OK over the internet through a VPN.

      Much of what the FSMOs do is transparent to the users: if they aren't there they won't notice much difference if any for the most part. The lack of a RID master is likely to be the first one to cause issues. Still I would recommend sticking to a traditional tape backup solution for the DC that holds the FSMO roles as seizing them is a one-time solution. Once it's done you have to rebuild the server they were seized from.

      BTW I have used a trial version of Acronis TrueImage and it's quite a nice product for client machines. My boss put a larger HD into his laptop and I used Acronis to capture an image and drop it onto the new HD. Took about half an hour all in and that included installing the new drive.
      BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
      Cruachan's Blog


      • #4
        Re: restore 2003 AD using Acronis True Image

        thanks for the replies. I have taken in that valuable info.

        As an update on this I have managed to successfully transfer all FMSO roles to this test server. I did this by seizing the roles and used ntdsutil tool to action this.

        Now the next stage is I want to see if I can use this network in my new test environment, I have added a XP client to the virtual team and am trying to get it to join the test domain but I am having a bit trouble with the server issueing this client a IP address from the DHCP server. I have created a new scope on the server as the old scope referenced to another network. I want this DHCP server to issue out an IP from the scope I have created to this client.

        On other similar posts I was told to remove any virtual configuration which may be set in vmware so VMware does NOT issue out any ip addresses. There was a DHCP set in the virtual network editor which I have now removed.

        This is where my knowledge is beginning to fade, I not very good with DNS and IP configurations. I believe I need to setup a static ip on the server but don't know what information to put in. I dont know what the default gateway will be. If i try to put the ip of the gateway which my local laptop is set to (my home internet network it doesnt work. Currently both are set to dhcp automatic but both are saying network cable is unplugged. I am not sure if I have to setup network settings on the individual vm's, team or in the virtual config.

        I am not sure what I should set both the server and client. There are choices in vmware of bridged, nat and host only.

        I believe active directory is working but I am not sure if I have setup DHCP and DNS properly and am trying to get the internet to work on both the server and client. The internet would come from my home router and I need to somehow get the server to pick up this router so I can get internet, I will then instruct DHCP to handle the DNS, IP addressing and gateway for the client PC's.

        If anyone could offer any advice on this I would be most appreciated.


        • #5
          Re: restore 2003 AD using Acronis True Image

          Originally posted by ranjb View Post
          As an update on this I have managed to successfully transfer all FMSO roles to this test server. I did this by seizing the roles and used ntdsutil tool to action this.
          It is critical that you do not confuse transferring and seizing. If you have indeed seized the roles, then it is crucial that you format and reinstall Windows on the server that originally hosted the roles.

          You should only ever seize roles if you cannot transfer them because the DC hosting them has failed and cannot be repaired.
          Gareth Howells

          BSc (Hons), MBCS, MCP, MCDST, ICCE

          Any advice is given in good faith and without warranty.

          Please give reputation points if somebody has helped you.

          "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

          "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.