Tips and Tricks

Domain Controllers and Disaster Recovery

It's really easier than you think.

I’ve been working with some companies on their “business continuity” plans (that’s what we call disaster recovery these days), and I’ve run across some interesting problems and misconceptions regarding Active Directory domain controllers. A couple of companies in particular were really killing themselves over DC backups, so I thought I’d share some tips that have helped make their lives easier.

First, keep in mind that every DC has a completely identical copy of the entire AD database. I know, that seems pretty obvious, but it has some subtle implications. Suppose you’re using AD-integrated DNS zones. Every single DC has a copy of the DNS zones, including those DCs that aren’t even running DNS (at least in a 2000 Domain). Because every DC is identical, there’s really no need to back them all up. Even if the worst case occurs—for me, that’d be a meteor hitting my stack of servers—you could just rebuild the DC, promote it to be a domain controller, and it’ll get the AD database from its fellows. Of course, to avoid that meteor scenario, you should make sure that at least a couple of DCs are physically separated. That way, a fire in one data center won’t take out all of your resources.

We know that not all DCs are created equal. Some DCs have those special Flexible Single Master Operations (FSMO) roles, like the PDC Emulator, and some DCs host a replica of the Global Catalog (GC). But even if one of those special DCs crashes, you won’t lose any data so long as at least one other DC exists in the domain. You can transfer or seize FSMO roles and configure an alternate DC to host the GC—any way you slice it, though, you don’t lose any data.

You still need backups, of course. Backups can be used to restore accidentally deleted AD objects, and they’re invaluable for off-site recovery purposes. Several of the companies I work with rent off-site space and have a plan to recreate practically their entire IT infrastructure in that space, in the event that something horrible happens to their main office building. Regular AD backups are critical for these purposes, but there’s no need to make things tough. You really only need to back up a couple of DCs.

I always choose one DC to be my “backup master.” That’s the one on which I perform daily—in some cases, hourly—backups. Use whatever software you like; just make sure you get a good, clean backup on a regular basis. If you need to restore an object like a user or group, your backup will be ready to go. Keep in mind, though, that AD backups can only be used on the DC on which they were created. So, if my backup master experiences a total hardware failure, all of my backups are pretty much useless unless I can fix the problem. Therefore, I always pick a secondary DC, usually one located at a different office or in a different data center, and pull backups of it, too. That way, I’ll always have a DC to use to perform restores.

Off-site recovery presents a stickier problem. The whole point of off-site recovery is that you won’t have any of your regular computers available, meaning your DC backups might not be useful. What I do is pick one DC to be the “off-site master.” Put it on the network every couple of weeks, let it sync up with the rest of the domain, and then make a backup of it. Cart the DC off-site to use in your off-site recovery scenarios. Don’t leave it off the network for more than 60 days, or you’ll run into weird problems related to the way AD handles deleted objects. If you need to resort to your off-site recovery option, the DC should be ready to go and can be used to repopulate as many new DCs as needed off-site.

So don’t waste time trying to pull a backup of every DC you own. Pick a couple in each domain and back them up. Keep some backup tapes off-site for safety and keep some handy for restoring accidentally deleted objects.

About the Author

With more than fifteen years of IT experience, Don Jones is one of the world’s leading experts on the Microsoft business technology platform. He’s the author of more than 35 books, including Windows PowerShell: TFM, Windows Administrator’s Scripting Toolkit, VBScript WMI and ADSI Unleashed, PHP-Nuke Garage, Special Edition Using Commerce Server 2002, Definitive Guide to SQL Server Performance Optimization, and many more. Don is a top-rated and in-demand speaker and serves on the advisory board for TechMentor. He is an accomplished IT journalist with features and monthly columns in Microsoft TechNet Magazine, Redmond Magazine, and on Web sites such as TechTarget and Don is also a multiple-year recipient of Microsoft’s prestigious Most Valuable Professional (MVP) Award, and is the Editor-in-Chief for Realtime Publishers.

comments powered by Disqus

Reader Comments:

Wed, Sep 14, 2005 DaSmee London

With such a low cost of comms these days and pretty good SSL VPN solutions, the easiest way to ensure Business Continiuity is to have a second and prefereably a 3rd DC at an alternate location, and then as Don says, simply seize the FSMO roles as required, this removes the issues about trying to restore backups to different hardware and lets face it, for the relativly small cost of the comms link and VPN, how much would it cost you to be out of action for say 48 hours? how much is your business worth?

Mon, Aug 8, 2005 graeme england

Not good so far!

Tue, May 4, 2004 Anonymous Anonymous

This is a common sense article. But, New Hardware will always be an issue. Many vendors change the config of Identical server specs and the first item to be changed is the NIC. Then have fun restoring. Additionally server hardware is only part of the issue. If the building is gone where do the users attend in the morning. Agreed that other services and data will invariably be on the server thus a backup is a requirement. People have to layer the defence for infrastructure and a backup is part of the layer not the total plan.

Tue, Nov 18, 2003 M. Oleson Ga

Use common sense and get a product that manages your total Disaster Recovery program for you. UltraBac's new UBDR Pro has already saved my butt. License it for a server and all your workstations enjoy DR.

Thu, Sep 25, 2003 Anonymous Anonymous

I am not sure how this fits in tips and tricks category. These are basic backup procedures.

Mon, Sep 22, 2003 Anonymous Anonymous

Do not take chance. Backup is the trump card.

Tue, Aug 26, 2003 Anonymous Anonymous

Who can afford to keep a server just as a DC? There are usually other things on the server that require a backup. And what about hardware? Sure, AD is replicated, but what about drivers, third-party software, configurations, user profiles, documentation, network settings,.... When do you need it? Backup? What backup? What do you mean pack my things?

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.