Secondary domain backup PDC and profiles 1

[DanielUK]

Through advice on this forum I've decided to create an offsite PDC on a secondary domain, in case our PDC and secondary DC both fail (or are stolen). This bachup PDC/Domain would have a handful of user accounts copied over from the existing PDC using the AD migration tool.

If, for example, I rejoin the clients to this secondary domain using existing login names, will it cause problems with the roaming profiles which will have been restored from the old DC? Hope that makes sense!

Thanks

Dan

 

[Jpoandl]

Maybe a better strategy would be to be confident in your backup/restore procedures.

Yes, you will run into multiple problems using this method. For example, user accounts profile, permissions, passwords would all be different in the secondary domain (unless you continuelly updated this information- admin intensive.) Then you would have to join all of the PC's to this new domain (time consuming). All of the data would not be available unless you are replicating the data to this new domain.

I think it would be better to be confident of your backup restore procedures. Every night perform backups. Use a similar piece of hardware as your recovery server.

Every so often, test to make sure that you can restore AD to the recovery server. Restoring OS and AD is very easy. The important thing is to practice the procedure and test it to make sure it works.

With this method, you will have all of your data. In addition, once you restore the data to the recovery server, the client and client data would be 100% in tact.

-hope this helps..

Joseph L. Poandl
MCSE 2003

If your company is in need of experts to examine technical problems/solutions, please check out

http://www.NJCOMPUTERNETWORKS.com

(Sales@njcomputernetworks.com)

 

[dholbrook]

Sounds like this is a survival need. I agree with the backup/restore approach. Be sure the two machines you want to be PDC's are nearly identical hardware, or the AD restore can run into problems. I recently moved the DC to a new machine, and had tremendous problems because the hardware (in this case net cards, two on the original and one on the new system) was different and it was not a pretty task.

If you have two fairly identical machines back the original up to CD (OS only + system state) if possible, or use a DVD instead to use as a restore source, as it will speed up the restore process.

Trying to keep two systems in different locations up to date as the same "PDC" will be a nightmare without using tape backups. If you set the second one up on a different network you can verify your backups on a regular basis by simply doing a restore on it using the original server backup on a regular basis, like once or twice a week? Remember the applications do not change often, only the system state and AD records are really changing.

This way you also do not have to fight the user password problems caused when a user changes his password in one but not the other either.

HTH,
David

 

[DanielUK]

Thanks for the responses.

David is right, it is a survival need. We are a small mail order company where we need as little downtime as possible. In the few hours it would take to get someone out here I'd like to think I could be getting something up and running myself. Things were far simpler when we had an win98 network, you could literally plug a new machine in and restore the data and a mapped drive!

The important thing to get up and running in a crisis are the databases we use (backend on the server) and the client email. The database data itself is restorable from the daily data backup and likewise the email messages/identities etc.

I am now in the situation where I have 2 Dell servers and a spare desktop machine which I was going to use as a secondary DC (plugged in with one of the Dells). I planned to have the second Dell as the offsite one. Unfortunately, all the hardware is different so it becomes difficult to restore from one to another.

What is the best solution for me in this scenario based on getting back up and running quickly (either software or hardware failure)? I'm also getting a bit confused, which is not hard, with where the likes of Ghost/Acronis fits in with the servers and what it can clone/restore when it commes to PDC's and Active Directory.

Thanks

Dan

 

[AlexIT]

You don't want to use Ghost on an AD server...it is not supported and the only attempt I made failed to boot (ever.)

If offsite redundency is important, buy a pair of identical servers. You can then restore from tape the whole domain in one shot. Keep your best server now as a secondard online DC and sell the others (I've seen used modern hardware get a pretty good price, not same as NEW, but fair.)

 

[DanielUK]

Thanks Alex,

I think this is the only option unless I think about ditching the whole idea of roaming profiles which I don't really need -in fact, no one has "roamed" to another machine in our small office in two years!!

The important thing is the database itself getting updated, orders going out etc which a restore of the data from tape to any domain (a "spare" server ready to plug in) with the same file structure and software would provide -all I would need to do is join the domain e.g. under a guest account for that domain or similar and remap a drive. If I subsequently get the previous domain back up and running all I've then got to do is restore the updated data back to it's original location -no involvement of profiles whatsoever.

Dan

 

[dholbrook]

DanielUK,

There are several issues here. You seem to be worried that someone is going to steal your systems, and/or your database being destroyed/corrupted, and/or you can recover and get back up quickly, etc., so it is essential you have daily backups running.

If daily backups are not good enough, then you need to look at having redundant servers running together, and need to really define the real problem. At this point I do not understand what you are really trying to protect against, and the threat will define the method to use. Remember the old addage: The real problem is to define the problem!

A Suggestion: Get a cheap IDE box with a large (READ: Hundreds of GB!) drive capacity to act as a backup function, then run your daily backup from the servers to store the backup on this cheap/large drive system at night, or at low use periods. Much faster than tape. If your data base is really critical, then run batch files several times a day to take snapshots of the data to save to the "backup machine". I presume you are using something like SQL for your data base, and it provides the ability to run "Hot" backups of the data base.

Next, having done this backup to a file/folder on the "backup system", you are free to back this up to tape during the day without causing any impact to your operation, and this tape backup should be stored off site.

This method has some nice features: it is cheap, does not have to be a server, does not disrupt the day-to-day operations, is always available immediately on site for quick repair functions, and is also available from off-site for disaster repair is the servers need to be rebuilt from scratch/replaced. Keeping another system off site is a great idea, but a real bear to keep up-to-date with the active system, unless it replicates very often on a regular basis. Remember too, the if you use a replicate approach vs a tape restore, if the online systems get taken over, then the offline system may also get the same bugs, etc.

HTH,

David

 

[DanielUK]

Thanks David,

I think I need to revisit the disaster recovery plan -maybe I am being too paranoid. Yes, theft is a concern as is lightning -it managed to take out my DC running through an UPS the other week. Unfortunately I didn't have the secondary DC installed but even in that scenario, what if that too had gone down?

In my ideal world I would be able to ghost the DC and be able to restore the image and the daily data/system to another similar machine in a flash -back up and running in not time. I'm finding that it's not as easy as all that. I guess I could do with looking at someone's disaster/recovery plan for a similar small office Win2k network so I am familiar with most contingencies.

Thanks

Dan