Hey Tom. Something I have discussed on this list previously and was a topic for one of the presentations at DEC by Intel is the idea of using Virtual Server or VMWare for Virtual DCs. Then you can pick up the virtual disk image and take it anywhere...
For example, always have a Virtual DC (for every domain) running on your production network. Put it in an isolated site with all of the proper registry entries set to prevent publishing in the directory (except the GUID CNAME record so that replication isn't impacted) and the site link cost cranked way up. Let it just sit and replicate on some schedule (some want it up to date, some want it staggered as a lag site, up to you and your goals). Then once per day (or whatever depending on replication cycle and your goals) have the VM shut down and back up the file and then spin the VM back up. Now this file (files if multiple DCs) you can pick up and take with you to a DR site to recover with. Recovery is simply the act of spinning up a server with VMWARE or Virtual Server and telling it to use the virtual disk (or disks if multiple domains) and start the machines up. Next step though not strictly unnecessary would be to chop out all of the DCs that aren't at that site out of the directory. If you expect to be at the site for a while and dependent on load capability needed I would consider spinning up one or more physical DCs off the virtuals. Using the virtuals just clears so many issues out of the way it isn't funny because you will have fully functioning DCs you are bringing along. And it is much better than just spinning up on a laptop on your production network. Now if you are doing serious DR work, you would actually take the images you back up every day from production and either copy them across the network to your remote DR site (preferably in another city, country, continent, planet...) and it would always be there waiting. Alternatively you could send to physical media (DVD, CD, Tape, etc) and ship to some archives location or DR Site. joe ------------- http://www.joeware.net (download joeware) http://www.cafeshops.com/joewarenet (wear joeware) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Monday, March 22, 2004 9:51 AM To: ActiveDir (E-mail) Subject: [ActiveDir] AD disaster recovery We're doing a DR test run of AD. We go to another location and try to restore our network from tape backup(Veritas 8.6). Each time we've run into serious issues when restoring AD to different hardware(this is all our DR site provides) and have never been able to get up and running. So this time, I want to put AD on a laptop, give it a few days to replicate with our network, then take the laptop with me to the DR site, force a transfer of all the FSMO roles, and restore that way. Also, for the other DC's, I just want to set up new domain controllers with the same names and not restore the system state, i,e; AD. Just app specfic stuff and home directories. Does anyone see a problem with this? Will I run into issues with GUID's not matching or USN's? We are also planning on restoring an Exchange 2k server. Any help or advice, war stories, would be greatly appreciated. Thanks List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
