Prev: Can we safely say?
Next: Remote Desktop 7
From: AC on 5 Apr 2010 13:38
The organization I work for has Server 2003 three domain controllers,
one for each location. The main location's DC holds all the key
roles, so I'm under the understanding that backing up the system state
of this server is going to capture all the Active Directory objects.
What I'm wondering, at this point, is if there's any reason to backup
the system states of the remote DCs. The connection is a VPN over
DSL, so you can well imagine that it's not a big pipe, and it usually
takes hours to back them up (which I do once a week as part of the
full backup).

What I'm wondering is if there's any particular need to back up the
system state of the remote DCs. I know that not doing so means I
can't do a restore of a DC from backup, and will have to rebuild the
DC from the ground up. But even over the VPN my experience is that it
doesn't take more than a few hours to rebuild the AD objects. Is it
enough to just backup one DC, thus saving a lot of bandwidth and time.

--
Aaron Clausen
mightymartianca(a)gmail.com
From: Meinolf Weber [MVP-DS] on 5 Apr 2010 14:28
Hello AC,

It is always a good idea to have also a system state from another DC. If
it happens that the 1st backup isn't usable or doesn't work for whatever
reason, hopefully the second one works, even if it doesn't has the FSMO roles,
they can be seized if needed.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> The organization I work for has Server 2003 three domain controllers,
> one for each location. The main location's DC holds all the key
> roles, so I'm under the understanding that backing up the system state
> of this server is going to capture all the Active Directory objects.
> What I'm wondering, at this point, is if there's any reason to backup
> the system states of the remote DCs. The connection is a VPN over
> DSL, so you can well imagine that it's not a big pipe, and it usually
> takes hours to back them up (which I do once a week as part of the
> full backup).
>
> What I'm wondering is if there's any particular need to back up the
> system state of the remote DCs. I know that not doing so means I
> can't do a restore of a DC from backup, and will have to rebuild the
> DC from the ground up. But even over the VPN my experience is that it
> doesn't take more than a few hours to rebuild the AD objects. Is it
> enough to just backup one DC, thus saving a lot of bandwidth and time.
>
> --
> Aaron Clausen
> mightymartianca(a)gmail.com


From: AC on 5 Apr 2010 14:36
On Apr 5, 11:28 am, Meinolf Weber [MVP-DS] <meiweb@(nospam)gmx.de>
wrote:
> Hello AC,
>
> It is always a good idea to have also a system state from another DC. If
> it happens that the 1st backup isn't usable or doesn't work for whatever
> reason, hopefully the second one works, even if it doesn't has the FSMO roles,
> they can be seized if needed.

I think I've mitigated that to some degree. The main DC is running as
a VM guest, and I back up the image once a week, with that backup
being taken off site, with the idea that, if need be, I could always
grab another machine capable of virtualization and bring the DC back
to life, even if a bit out of date. Eventually I plan on doing
something similar to the other two DCs. But I do see your point. I'm
just trying to stop several hundred MB of data from being backed up
via a crappy VPN connection.

--
Aaron Clausen
mightymartianca(a)gmail.com
From: Meinolf Weber [MVP-DS] on 5 Apr 2010 14:49
Hello AC,

Sorry if i don't get you the first time. It isn't reommended nor supported
to use images or snapshots from a DC as backup, DON'T DO IT, this result
in USN rollback:
http://support.microsoft.com/kb/875495

See here for supported ways of AD backup:
http://technet.microsoft.com/en-us/library/cc778772(WS.10).aspx

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> On Apr 5, 11:28 am, Meinolf Weber [MVP-DS] <meiweb@(nospam)gmx.de>
> wrote:
>
>> Hello AC,
>>
>> It is always a good idea to have also a system state from another DC.
>> If
>> it happens that the 1st backup isn't usable or doesn't work for
>> whatever
>> reason, hopefully the second one works, even if it doesn't has the
>> FSMO roles,
>> they can be seized if needed.
> I think I've mitigated that to some degree. The main DC is running as
> a VM guest, and I back up the image once a week, with that backup
> being taken off site, with the idea that, if need be, I could always
> grab another machine capable of virtualization and bring the DC back
> to life, even if a bit out of date. Eventually I plan on doing
> something similar to the other two DCs. But I do see your point. I'm
> just trying to stop several hundred MB of data from being backed up
> via a crappy VPN connection.
>
> --
> Aaron Clausen
> mightymartianca(a)gmail.com


From: Bill Grant on 5 Apr 2010 22:53
I have to agree with Meinolf. In fact Microsoft Microsoft recommends that
you do not run your first/only DC as a vm, mainly because it makes it harder
to recover from a major failure.

Restoring your primary DC is hard enough without the added headache of
virtualization.

"Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
news:6cb2911df49c8cca318a3bf15b1(a)msnews.microsoft.com...
> Hello AC,
>
> Sorry if i don't get you the first time. It isn't reommended nor supported
> to use images or snapshots from a DC as backup, DON'T DO IT, this result
> in USN rollback:
> http://support.microsoft.com/kb/875495
>
> See here for supported ways of AD backup:
> http://technet.microsoft.com/en-us/library/cc778772(WS.10).aspx
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> On Apr 5, 11:28 am, Meinolf Weber [MVP-DS] <meiweb@(nospam)gmx.de>
>> wrote:
>>
>>> Hello AC,
>>>
>>> It is always a good idea to have also a system state from another DC.
>>> If
>>> it happens that the 1st backup isn't usable or doesn't work for
>>> whatever
>>> reason, hopefully the second one works, even if it doesn't has the
>>> FSMO roles,
>>> they can be seized if needed.
>> I think I've mitigated that to some degree. The main DC is running as
>> a VM guest, and I back up the image once a week, with that backup
>> being taken off site, with the idea that, if need be, I could always
>> grab another machine capable of virtualization and bring the DC back
>> to life, even if a bit out of date. Eventually I plan on doing
>> something similar to the other two DCs. But I do see your point. I'm
>> just trying to stop several hundred MB of data from being backed up
>> via a crappy VPN connection.
>>
>> --
>> Aaron Clausen
>> mightymartianca(a)gmail.com
>
>
 | 
Pages: 1
Prev: Can we safely say?
Next: Remote Desktop 7