Bjorn,

Thanks for your insights. I will be pulling my DCs out of the SMVI job and just using a backup agent on them. I backup overnight so if I have to restore a DC it will still have data that is a bit stale. If I only have to restore one, when it comes back online it is my understanding that it will catch up by getting data from the other DC.

The other scenario is some type of big disaster like a fire or flood that takes out my main data closet. I have a disaster recovery site across campus with another instance of VMWare running. My thought was to bring online another DC in this site. If my production site goes offline I still have one DC in my disaster recovery site that is working and up to date. I can then just take the VMs in my disaster recovery site (they are there because of Snapmirror), turn them into read/write copies and bring up the other two DCs along with my other VMs. The two DCs being brought up will have stale data but should get up to date data from my third DC. Does this plan seem sound?

Dave

Hi Dave,

I understand your position, bu again: NEVER restore a DC from a snapshot. I had a AD troubleshooting workshop from Microsoft once where the teacher explained in detail what could (and probably will) happen if you do and it's not a pretty sight! It doesn't matter if there are current DC's where the restored DC could get it's information from, because the restored DC will behave differently. Especially stale objects in AD could become ghost object you might never get rid of. You should know that restoring from a snapshot is quite different than restoring from a backup.

Why running that risk? It's far more 'cleaner' and very quick to install a couple of new DC's based on the one still running, when performing a disaster recovery. You could even reserve a few fully installed vm's without dcpromo that you keep turned off, just for that purpose.

Bjorn

Bjorn,

I did not realize that restoring from a snapshot is that different than restoring from a backup done with a backup agent. It sound like if I have one or even two DCs go south I am better off building new ones and letting the one or two left standing copy records to the new ones. This might even be preferable to trying to restore the downed ones via a restore from a traditional agent based backup. Your thoughts? I know that DCs (my run DNS and DHCP as well) have a lot in common but there are also a few unique roles they play. What I do not know is if my production DCs go south do to a big disaster like a fire, would the third one keeping on providing these services until I could bring up two new ones? This is more of an AD question and not an SMVI question.

Dave

Indeed this is hardly related to any NetApp technology anymore. 🙂

FSMO roles, DHCP services and non-ADintegrated DNS zones do complicate things a bit. However FSMO can be easily seized. DR for DHCP is very dependant on your (network) configuration. DNS zones would preferrably be ADintegrated but if that's not possible/desirable, then it also depends on your specific situation. Personnaly I would make sure I have enough DC/DHCP/DNS services available at my DR site to survive the initial blow of a DR. You can always set up more later. But I would not use a backup of any kind for DR puproses, only to be able to recover objects that are (accidently) deleted/altered from AD, and such. And even for that snapshot-backups are not usable.

Don't get me wrong: I'm a HUGE fan of snapshots in general and NetApp snapshots in particular, but this is the one case I have to make an exception. 🙂

Bjorn

Bjorn,

Thanks for your insight. I will pursue getting another DC setup in my DR site that has the neccesary services so if my main production closet goes offline I can easily switch things to my DR site.

Dave