All-
We're long-time NetWorker users, but we're brand new to NMM and we're
really having trouble coalescing all of the documentation into an
understanding of how we *should* be backing up and preparing to recover
Microsoft Active Directory Domain Services (ADDS, n?e AD). We're hoping
that some of you can help with some recommendations and best practices.
Not certain if I'll be able to avoid a tl;dr post, but I'll try.
Information about the NetWorker server and the three domain controllers
involved is near the end of this email.
The basic question we have is "how *should* we be conducting AD(DS)
backups"? Keep in mind that we have three domain controllers, one of
them is located in a datacenter that is a couple miles from our primary
datacenter. That should help with a single-datacenter event, but not
some regional disaster (like flooding, which this region is very prone
to).
We also have the "recycle bin" turned on which should help for most of
the human error scenarios, such as someone accidentally deleting a user
or a group.
Before the advent of AD and NMM in our environment, we never worried about
bare-metal recovery for our Windows systems -- our plan was always to make
sure the data was backed up, but to expect to have to reinstall the OS and
applications, either on the same hardware or potentially on upgraded or
new hardware, before beginning with the data recovery.
With AD, we need to be able to recover from a disaster, whether its on
the same hardware or different/new hardware for the domain controller(s).
The documentation for "Active Directory Disaster Recovery" seems to assume
that we'll be using the DISASTER_RECOVERY saveset and doing a bare-metal
recovery, but this isn't supported if the restore is on different hardware
or a new installation of Windows 2008 R2.
So, how do we go about being prepared for all of the following scenarios:
* Hardware failure resulting in OS needing to be reinstalled
* Hardware failure causing primary domain controller to need AD
restored (other two domain controllers are fine)
* OS failure resulting in OS reinstall on same hardware
NetWorker Server:
=================
OS: Linux RHEL 6.2
NetWorker: NetWorker 7.6.2.5
Notes: multi-homed with presences on our datacenter subnet
(fqdn: nsrserv1.nodak.edu) and our secondary "backup" network
(fqdn: nsrserv1-s.nodak.edu).
Domain Controller Client #1:
============================
OS software : Windows 2008 R2 SP1
NetWorker software: NetWorker 7.6.2.5, NMM v2.5.1_NMM2.3_drop11c.Build.36
Notes : external fqdn on datacenter subnet is adserv1.ndsu.edu,
external fqdn for secondary "backup" subnet is adserv1-s.ndsu.edu. The
special DNS subnet "ad.ndsu.edu" is also delegated to the AD servers, so
it believes its fqdn is "adserv1.ad.ndsu.edu" and backup-network fqdn
is "adserv1-s.ad.ndsu.edu". The computer name is just "adserv1".
Domain Controller Client #2:
============================
OS software : Windows 2008 R2 SP1
NetWorker software: NetWorker 7.6.2.5, NMM v2.5.1_NMM2.3_drop11c.Build.36
Notes : external fqdn on datacenter subnet is adserv2.ndsu.edu,
external fqdn for secondary "backup" subnet is adserv2-s.ndsu.edu. The
special DNS subnet "ad.ndsu.edu" is also delegated to the AD servers, so
it believes its fqdn is "adserv2.ad.ndsu.edu" and backup-network fqdn is
"adserv2-s.ad.ndsu.edu". The computer name is just "adserv2".
Domain Controller Client #3:
============================
OS software : Windows 2008 R2 SP1
NetWorker software: NetWorker 7.6.2.5, NMM v2.5.1_NMM2.3_drop11c.Build.36
Notes : external fqdn on datacenter subnet is adserv3.ndsu.edu,
external fqdn for secondary "backup" subnet is adserv3-s.ndsu.edu. The
special DNS subnet "ad.ndsu.edu" is also delegated to the AD servers, so
it believes its fqdn is "adserv3.ad.ndsu.edu" and backup-network fqdn
is "adserv3-s.ad.ndsu.edu". The computer name is just "adserv3".
NOTE: this server is located in a separate datacenter a couple miles from
our primary datacenter.
All three of the backup clients have been configured in NetWorker with:
Client name : adserv1-s.ndsu.edu (or adserv{2,3}-s.ndsu.edu)
Save set : C:\, SYSTEM COMPONENTS:\
Backup command : nsrsnap_vss_save.exe
Application Information: NSR_SNAP_TYPE=vss
Aliases : adserv1, adserv1-s, adserv1.ad.ndsu.edu,
adserv1-s.ad.ndsu.edu (number changes for DCs 2 & 3)
Snapshot Policy
Number of Snapshots : 1
Retain : 0
Snapshot Expiration : Day
Backup Snapshots : All
Any help or recommendations anyone could provide would be greatly
appreciated.
Thanks,
Tim
--
Tim Mooney Tim.Mooney AT ndsu DOT
edu
Enterprise Computing & Infrastructure 701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164
To sign off this list, send email to listserv AT listserv.temple DOT edu and type
"signoff networker" in the body of the email. Please write to networker-request
AT listserv.temple DOT edu if you have any problems with this list. You can access the
archives at http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
|