> We're long-time NetWorker users, but we're brand new to NMM and we're
> really having trouble coalescing all of the documentation into an
> understanding of how we *should* be backing up and preparing to recover
> Microsoft Active Directory Domain Services (ADDS, n?e AD). We're hoping
> that some of you can help with some recommendations and best practices.
AD. More rarely, ADS. I've never seen a Windows guy call it ADDS ...
> We also have the "recycle bin" turned on which should help for most of
> the human error scenarios, such as someone accidentally deleting a user
> or a group.
That's only applicable if the person is actually logged onto the server;
if you're accessing a share, and you delete a file, you're out of luck -
there is no network-level recycle bin, like there is (or was) in Netware.
>
> So, how do we go about being prepared for all of the following
scenarios:
>
> * Hardware failure resulting in OS needing to be reinstalled
> * Hardware failure causing primary domain controller to need AD
> restored (other two domain controllers are fine)
What I would do? Seize the AD FSMO roles from one of the remaining Dcs
(domain controllers), manually clean out the references to the failed
server using NTDSUTIL, and then reinstall the OS and re-join to the
domain.
If you were to do a complete recover of a DC using Networker, you might
have to do something like "declare a new epoch" in AD, if the internal
timestamps go too far out of whack, or something even more terrifying ...
You really need somebody with Windows and AD experience to help you plan
on this ... if you have DCs in other sites, then any of those can "seize"
the FSMO roles, and become authorative for the domain. You still have to
clean out the references to the failed server from AD, of course. I've
done that a couple times, when recreating our domain as a private AD in
Vmware, for testing purposes. I probably still have notes somewhere, if
you like ...
Losing ALL your DCs is catastrophe. :-) But you can recover from it, but
it's complicated.
To sign off this list, send email to listserv AT listserv.temple DOT edu and
type "signoff networker" in the body of the email. Please write to
networker-request AT listserv.temple DOT edu if you have any problems with this
list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
|