Backing up DC for a catastrophic case












6















I've been setting up off-site backups for the most critical elements of the company I work at. One of these critical elements is the DC.



Now, the company is fairly small, so has only a single forest, and two DC servers on separate physical machines (one's virtualized, however). That said, a critical fault in the server room could destroy both of these machines.



So, I'm trying to create a DC backup for a critical-case scenario. I keep reading online that backing up the System State is enough, but I have a feeling this is only valid if you want to be able to restore the DC on the same server where the backup was taken. I've tried taking a System State backup and then restoring it on an isolated VM (same server, same updates), and this... didn't go so well; the restore went fine, but then I couldn't contact the local DC, even if I ensured the VM had the same IP as before (still isolated, of course). None of the DC-related administrative consoles worked either. There was even a warning during restoration that restoring a System State from another machine is not suggested.



Thus, I feel this is the wrong approach. So... what IS the right approach, if I want to backup our DC off-site, to cover a critical failure? A complete backup of the C: drive + System State or I could just backup the whole drive for that virtualized DC, but I'm trying to make the backup as small as possible...



PS. I'm using the Azure Backup application, but I don't think it's that relevant. All of our DCs are currently running Windows Server 2016.










share|improve this question




















  • 5





    +1 for actually testing critical recovery ;). I have not been using Azure Backup yet, but System State should be enough (no matter which backup solution you use). You did read the Technet article, I assume? Esp. the part for a different server.

    – Lenniey
    8 hours ago








  • 1





    @Lenniey Yes, I read that article. But, upon reflection, I may have missed a critical part of it (specifically the bit to follow more steps post AD recovery described here. I'm testing this now.

    – Shaamaan
    7 hours ago











  • We set up quite the stunt for this. The offsite backup site had a DC for the domain in it.

    – joshudson
    23 mins ago
















6















I've been setting up off-site backups for the most critical elements of the company I work at. One of these critical elements is the DC.



Now, the company is fairly small, so has only a single forest, and two DC servers on separate physical machines (one's virtualized, however). That said, a critical fault in the server room could destroy both of these machines.



So, I'm trying to create a DC backup for a critical-case scenario. I keep reading online that backing up the System State is enough, but I have a feeling this is only valid if you want to be able to restore the DC on the same server where the backup was taken. I've tried taking a System State backup and then restoring it on an isolated VM (same server, same updates), and this... didn't go so well; the restore went fine, but then I couldn't contact the local DC, even if I ensured the VM had the same IP as before (still isolated, of course). None of the DC-related administrative consoles worked either. There was even a warning during restoration that restoring a System State from another machine is not suggested.



Thus, I feel this is the wrong approach. So... what IS the right approach, if I want to backup our DC off-site, to cover a critical failure? A complete backup of the C: drive + System State or I could just backup the whole drive for that virtualized DC, but I'm trying to make the backup as small as possible...



PS. I'm using the Azure Backup application, but I don't think it's that relevant. All of our DCs are currently running Windows Server 2016.










share|improve this question




















  • 5





    +1 for actually testing critical recovery ;). I have not been using Azure Backup yet, but System State should be enough (no matter which backup solution you use). You did read the Technet article, I assume? Esp. the part for a different server.

    – Lenniey
    8 hours ago








  • 1





    @Lenniey Yes, I read that article. But, upon reflection, I may have missed a critical part of it (specifically the bit to follow more steps post AD recovery described here. I'm testing this now.

    – Shaamaan
    7 hours ago











  • We set up quite the stunt for this. The offsite backup site had a DC for the domain in it.

    – joshudson
    23 mins ago














6












6








6


1






I've been setting up off-site backups for the most critical elements of the company I work at. One of these critical elements is the DC.



Now, the company is fairly small, so has only a single forest, and two DC servers on separate physical machines (one's virtualized, however). That said, a critical fault in the server room could destroy both of these machines.



So, I'm trying to create a DC backup for a critical-case scenario. I keep reading online that backing up the System State is enough, but I have a feeling this is only valid if you want to be able to restore the DC on the same server where the backup was taken. I've tried taking a System State backup and then restoring it on an isolated VM (same server, same updates), and this... didn't go so well; the restore went fine, but then I couldn't contact the local DC, even if I ensured the VM had the same IP as before (still isolated, of course). None of the DC-related administrative consoles worked either. There was even a warning during restoration that restoring a System State from another machine is not suggested.



Thus, I feel this is the wrong approach. So... what IS the right approach, if I want to backup our DC off-site, to cover a critical failure? A complete backup of the C: drive + System State or I could just backup the whole drive for that virtualized DC, but I'm trying to make the backup as small as possible...



PS. I'm using the Azure Backup application, but I don't think it's that relevant. All of our DCs are currently running Windows Server 2016.










share|improve this question
















I've been setting up off-site backups for the most critical elements of the company I work at. One of these critical elements is the DC.



Now, the company is fairly small, so has only a single forest, and two DC servers on separate physical machines (one's virtualized, however). That said, a critical fault in the server room could destroy both of these machines.



So, I'm trying to create a DC backup for a critical-case scenario. I keep reading online that backing up the System State is enough, but I have a feeling this is only valid if you want to be able to restore the DC on the same server where the backup was taken. I've tried taking a System State backup and then restoring it on an isolated VM (same server, same updates), and this... didn't go so well; the restore went fine, but then I couldn't contact the local DC, even if I ensured the VM had the same IP as before (still isolated, of course). None of the DC-related administrative consoles worked either. There was even a warning during restoration that restoring a System State from another machine is not suggested.



Thus, I feel this is the wrong approach. So... what IS the right approach, if I want to backup our DC off-site, to cover a critical failure? A complete backup of the C: drive + System State or I could just backup the whole drive for that virtualized DC, but I'm trying to make the backup as small as possible...



PS. I'm using the Azure Backup application, but I don't think it's that relevant. All of our DCs are currently running Windows Server 2016.







backup domain-controller






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 6 hours ago







Shaamaan

















asked 9 hours ago









ShaamaanShaamaan

1831112




1831112








  • 5





    +1 for actually testing critical recovery ;). I have not been using Azure Backup yet, but System State should be enough (no matter which backup solution you use). You did read the Technet article, I assume? Esp. the part for a different server.

    – Lenniey
    8 hours ago








  • 1





    @Lenniey Yes, I read that article. But, upon reflection, I may have missed a critical part of it (specifically the bit to follow more steps post AD recovery described here. I'm testing this now.

    – Shaamaan
    7 hours ago











  • We set up quite the stunt for this. The offsite backup site had a DC for the domain in it.

    – joshudson
    23 mins ago














  • 5





    +1 for actually testing critical recovery ;). I have not been using Azure Backup yet, but System State should be enough (no matter which backup solution you use). You did read the Technet article, I assume? Esp. the part for a different server.

    – Lenniey
    8 hours ago








  • 1





    @Lenniey Yes, I read that article. But, upon reflection, I may have missed a critical part of it (specifically the bit to follow more steps post AD recovery described here. I'm testing this now.

    – Shaamaan
    7 hours ago











  • We set up quite the stunt for this. The offsite backup site had a DC for the domain in it.

    – joshudson
    23 mins ago








5




5





+1 for actually testing critical recovery ;). I have not been using Azure Backup yet, but System State should be enough (no matter which backup solution you use). You did read the Technet article, I assume? Esp. the part for a different server.

– Lenniey
8 hours ago







+1 for actually testing critical recovery ;). I have not been using Azure Backup yet, but System State should be enough (no matter which backup solution you use). You did read the Technet article, I assume? Esp. the part for a different server.

– Lenniey
8 hours ago






1




1





@Lenniey Yes, I read that article. But, upon reflection, I may have missed a critical part of it (specifically the bit to follow more steps post AD recovery described here. I'm testing this now.

– Shaamaan
7 hours ago





@Lenniey Yes, I read that article. But, upon reflection, I may have missed a critical part of it (specifically the bit to follow more steps post AD recovery described here. I'm testing this now.

– Shaamaan
7 hours ago













We set up quite the stunt for this. The offsite backup site had a DC for the domain in it.

– joshudson
23 mins ago





We set up quite the stunt for this. The offsite backup site had a DC for the domain in it.

– joshudson
23 mins ago










2 Answers
2






active

oldest

votes


















7















I'm trying to make the backup as small as possible...




This is a common approach and it's the wrong approach.



You're protecting one of the company's most important information technology assets. Treat it as such. Nothing less than a full backup of the DC is acceptable. You can use the built in Windows Server Backup to make a full, bare metal recovery backup of the DC.



DC's are typically small. You could probably fit the entirety of a full backup of the DC on a $20.00 USB drive. Don't skimp.



I get it... backup software and storage can be costly... especially over time. I hear no end of IT admins talking about ways to reduce those costs. Don't trade your ability to recover anything and/or everything simply to reduce costs. You need to determine how much protection (in the form of backups) you need to have and how to balance that need with what you have available in your IT budget. Backups are like insurance. How much insurance do you want/need to have and how much are you willing to pay for it?



I don't want to be the person who has to explain to the CEO that we can't recover a critical piece of IT infrastructure because we were trying to save a few dollars.



My approach to backups is that it's better to have them and not need them than to need them and not have them.



From an operational and technical perspective, I'd much rather restore a full BMR backup of a DC then to try and restore the System State of the DC to a new machine.






share|improve this answer


























  • The reason to keep it as small as possible is not to cut down on costs, but on upload times. We don't have the best connection at the office, sadly. Anyway - while Server Backup permits Bare Metal, this option isn't available in the Azure Backup client - it only has a drive and system state. Do you know if this is enough?

    – Shaamaan
    5 mins ago



















4














A system state restore could work, but the only method supported by Microsoft is a full system image recovery. This includes system state.



A complete forest recovery is complex, so you need to review the following document and create your own document with the required steps:



https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/ad-forest-recovery-guide






share|improve this answer























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "2"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f949678%2fbacking-up-dc-for-a-catastrophic-case%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    7















    I'm trying to make the backup as small as possible...




    This is a common approach and it's the wrong approach.



    You're protecting one of the company's most important information technology assets. Treat it as such. Nothing less than a full backup of the DC is acceptable. You can use the built in Windows Server Backup to make a full, bare metal recovery backup of the DC.



    DC's are typically small. You could probably fit the entirety of a full backup of the DC on a $20.00 USB drive. Don't skimp.



    I get it... backup software and storage can be costly... especially over time. I hear no end of IT admins talking about ways to reduce those costs. Don't trade your ability to recover anything and/or everything simply to reduce costs. You need to determine how much protection (in the form of backups) you need to have and how to balance that need with what you have available in your IT budget. Backups are like insurance. How much insurance do you want/need to have and how much are you willing to pay for it?



    I don't want to be the person who has to explain to the CEO that we can't recover a critical piece of IT infrastructure because we were trying to save a few dollars.



    My approach to backups is that it's better to have them and not need them than to need them and not have them.



    From an operational and technical perspective, I'd much rather restore a full BMR backup of a DC then to try and restore the System State of the DC to a new machine.






    share|improve this answer


























    • The reason to keep it as small as possible is not to cut down on costs, but on upload times. We don't have the best connection at the office, sadly. Anyway - while Server Backup permits Bare Metal, this option isn't available in the Azure Backup client - it only has a drive and system state. Do you know if this is enough?

      – Shaamaan
      5 mins ago
















    7















    I'm trying to make the backup as small as possible...




    This is a common approach and it's the wrong approach.



    You're protecting one of the company's most important information technology assets. Treat it as such. Nothing less than a full backup of the DC is acceptable. You can use the built in Windows Server Backup to make a full, bare metal recovery backup of the DC.



    DC's are typically small. You could probably fit the entirety of a full backup of the DC on a $20.00 USB drive. Don't skimp.



    I get it... backup software and storage can be costly... especially over time. I hear no end of IT admins talking about ways to reduce those costs. Don't trade your ability to recover anything and/or everything simply to reduce costs. You need to determine how much protection (in the form of backups) you need to have and how to balance that need with what you have available in your IT budget. Backups are like insurance. How much insurance do you want/need to have and how much are you willing to pay for it?



    I don't want to be the person who has to explain to the CEO that we can't recover a critical piece of IT infrastructure because we were trying to save a few dollars.



    My approach to backups is that it's better to have them and not need them than to need them and not have them.



    From an operational and technical perspective, I'd much rather restore a full BMR backup of a DC then to try and restore the System State of the DC to a new machine.






    share|improve this answer


























    • The reason to keep it as small as possible is not to cut down on costs, but on upload times. We don't have the best connection at the office, sadly. Anyway - while Server Backup permits Bare Metal, this option isn't available in the Azure Backup client - it only has a drive and system state. Do you know if this is enough?

      – Shaamaan
      5 mins ago














    7












    7








    7








    I'm trying to make the backup as small as possible...




    This is a common approach and it's the wrong approach.



    You're protecting one of the company's most important information technology assets. Treat it as such. Nothing less than a full backup of the DC is acceptable. You can use the built in Windows Server Backup to make a full, bare metal recovery backup of the DC.



    DC's are typically small. You could probably fit the entirety of a full backup of the DC on a $20.00 USB drive. Don't skimp.



    I get it... backup software and storage can be costly... especially over time. I hear no end of IT admins talking about ways to reduce those costs. Don't trade your ability to recover anything and/or everything simply to reduce costs. You need to determine how much protection (in the form of backups) you need to have and how to balance that need with what you have available in your IT budget. Backups are like insurance. How much insurance do you want/need to have and how much are you willing to pay for it?



    I don't want to be the person who has to explain to the CEO that we can't recover a critical piece of IT infrastructure because we were trying to save a few dollars.



    My approach to backups is that it's better to have them and not need them than to need them and not have them.



    From an operational and technical perspective, I'd much rather restore a full BMR backup of a DC then to try and restore the System State of the DC to a new machine.






    share|improve this answer
















    I'm trying to make the backup as small as possible...




    This is a common approach and it's the wrong approach.



    You're protecting one of the company's most important information technology assets. Treat it as such. Nothing less than a full backup of the DC is acceptable. You can use the built in Windows Server Backup to make a full, bare metal recovery backup of the DC.



    DC's are typically small. You could probably fit the entirety of a full backup of the DC on a $20.00 USB drive. Don't skimp.



    I get it... backup software and storage can be costly... especially over time. I hear no end of IT admins talking about ways to reduce those costs. Don't trade your ability to recover anything and/or everything simply to reduce costs. You need to determine how much protection (in the form of backups) you need to have and how to balance that need with what you have available in your IT budget. Backups are like insurance. How much insurance do you want/need to have and how much are you willing to pay for it?



    I don't want to be the person who has to explain to the CEO that we can't recover a critical piece of IT infrastructure because we were trying to save a few dollars.



    My approach to backups is that it's better to have them and not need them than to need them and not have them.



    From an operational and technical perspective, I'd much rather restore a full BMR backup of a DC then to try and restore the System State of the DC to a new machine.







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited 1 hour ago

























    answered 5 hours ago









    joeqwertyjoeqwerty

    95.6k463149




    95.6k463149













    • The reason to keep it as small as possible is not to cut down on costs, but on upload times. We don't have the best connection at the office, sadly. Anyway - while Server Backup permits Bare Metal, this option isn't available in the Azure Backup client - it only has a drive and system state. Do you know if this is enough?

      – Shaamaan
      5 mins ago



















    • The reason to keep it as small as possible is not to cut down on costs, but on upload times. We don't have the best connection at the office, sadly. Anyway - while Server Backup permits Bare Metal, this option isn't available in the Azure Backup client - it only has a drive and system state. Do you know if this is enough?

      – Shaamaan
      5 mins ago

















    The reason to keep it as small as possible is not to cut down on costs, but on upload times. We don't have the best connection at the office, sadly. Anyway - while Server Backup permits Bare Metal, this option isn't available in the Azure Backup client - it only has a drive and system state. Do you know if this is enough?

    – Shaamaan
    5 mins ago





    The reason to keep it as small as possible is not to cut down on costs, but on upload times. We don't have the best connection at the office, sadly. Anyway - while Server Backup permits Bare Metal, this option isn't available in the Azure Backup client - it only has a drive and system state. Do you know if this is enough?

    – Shaamaan
    5 mins ago













    4














    A system state restore could work, but the only method supported by Microsoft is a full system image recovery. This includes system state.



    A complete forest recovery is complex, so you need to review the following document and create your own document with the required steps:



    https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/ad-forest-recovery-guide






    share|improve this answer




























      4














      A system state restore could work, but the only method supported by Microsoft is a full system image recovery. This includes system state.



      A complete forest recovery is complex, so you need to review the following document and create your own document with the required steps:



      https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/ad-forest-recovery-guide






      share|improve this answer


























        4












        4








        4







        A system state restore could work, but the only method supported by Microsoft is a full system image recovery. This includes system state.



        A complete forest recovery is complex, so you need to review the following document and create your own document with the required steps:



        https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/ad-forest-recovery-guide






        share|improve this answer













        A system state restore could work, but the only method supported by Microsoft is a full system image recovery. This includes system state.



        A complete forest recovery is complex, so you need to review the following document and create your own document with the required steps:



        https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/ad-forest-recovery-guide







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered 5 hours ago









        Greg AskewGreg Askew

        28.4k33668




        28.4k33668






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Server Fault!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f949678%2fbacking-up-dc-for-a-catastrophic-case%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            GameSpot

            日野市

            Tu-95轟炸機