Yeah absolutely. Right along with this is understanding how
LONG it takes you to do it once you start which you get when you test and test
often. That helps you decide at what point you need to have something fixed,
start recovering, or realizing that you are now stomping on borrowed time that
could be better used for recovery.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: Tuesday, March 21, 2006 9:44 PM
To: [email protected]
Subject: Re: [ActiveDir] Disaster Recovery
One additional comment that seems to have been missed, is that, like
previously mentioned, you should carefully consider practicing your restores for
the situations you've defined as warranting a disaster recovery. All of
the other information about how to do it etc are great, but there's no
substitute for doing it and making sure you have ALL of the components to put
the environment back togehter.
One fun example that illustrates this for me, should I forget for some
strange reason, is a company that wanted to implement DR for a situation they
were faced with. They never practiced and when it came time they drug out
the other hardware, setup a hub for it (they didn't have a switch like in
production - hint) and gathered the latest backup from the off-site storage
facility (somebody's closet is my guess, but I digress). They put the DC back,
then their email and everything seemed to work. Hooray, they were ready
for business. Sure there were some issues along the way such as getting power,
environmentals, network, hardware, etc. But through heroic efforts that
was overcome and they managed to recover AD and Email. As they watched the
counters, somebody asked, "how come there's no email coming in and why isn't
anybody using it?" Answer? 1) Because nobody thought about WAN or ISP
connectivity implications and 2) because the users had no equipment and no way
to access this newly restored server.
Moral? Practice well what you intend to do well and make sure your practice
mimicks a real scenario so you can work out such kinks before it's critical.
-ajm
On 3/21/06, joe
<[EMAIL PROTECTED]>
wrote:
One thing you should try to shoot for is to be geographically disperse if possible. The more critical AD is to you the more critical it is to have that in place because cold restore of an entire forest is not something any but the seriously demented AD Admins are looking to to do. Even if this is a simple laptop running a DC that you allow to replicate once a week and then take home it is better than nothing. Just be careful with physical security of that machine.Virtualization is definitely a possible answer but make sure as Hunter indicated that you really understand the implications for rollback.
From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Amy Hunter
Sent: Tuesday, March 21, 2006 10:34 AM
To: [email protected]
Subject: [ActiveDir] Disaster Recovery
Hello there,I have a question regarding Active Directory disaster recovery. I was just curious as to what steps you all take to protect your forest.An example is I back up my System State nightly and these tapes go off to a offsite location. If my building and computer suite was to burn down, I would need to rebuild my forest.In this scenario I am assuming it would be easier to have identical hardware to carry out a restore, I know you can restore to alternate hardware but I hear bad things about this.The other thought is to have DC built using virtual server and start this DC one per month to replicate the latest copy of AD, then shutting it down, saving a copy of the VHD and sending to a offsite location,That way it's not hardware dependant and just need to do a metadata cleanupwhat do you all do?amy
Yahoo! Cars NEW - sell your car and browse thousands of new and used cars online search now
