Now here's the problem. The
"just restore and resume approach" could be, in a very specific situation, a bad
idea. I'm sure everything would "work" as such, but as
desired?
After a
backup is taken, new security principals might have been created in the domain.
These security principals might be permissioned on certain resources e.g. file
shares etc. Now depending on when the image was taken and restore, it is
*possible* the security principals no longer exist because the recovery has
reverted to the image date, but their access rights might still exist. If the
RID pool is not raised after a restore, and new security principals are created
after the recovery might obtain identical security IDs (SIDs) and could have
access to those objects, which was not originally intended.
So:
Monday - image taken
Tuesday - 10 new domain groups created and
assigned permissions to file server
Wednesday - need to recover DC as its
crashed, restore image from Monday. Now you have SIDs assigned on the file
server but are not present on the domain. When you create new security
principals they could obtain identical SIDs to the ones belonging to the groups
that were created on Tuesday.
Would it not be prudent to raise the RID
pool as part of your single DC recovery procedure? I can't see what harm
it would do anyway.
-----Original
Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Robert Rutherford
Sent: 20 Jun 2006
11:00
To: [email protected]
Subject: RE: [ActiveDir] Ghost
Backup or Image for Active Directory Server and Exchange Server
Hi
David,
Just restore and resume as it's a single
DC.
Cheers
Rob
Robert Rutherford
QuoStar Solutions
Limited
The Enterprise
Pavilion
Fern Barrow
Wallisdown
Poole
Dorset
BH12
5HH
T: +44 (0)
8456 440 331
F: +44 (0)
8456 440 332
M: +44 (0)
7974 249 494
E:
[EMAIL PROTECTED]
W:
www.quostar.com
-----Original Message-----
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Wyatt, David
Sent: 20 June 2006
10:38
To: [email protected]
Subject: RE: [ActiveDir] Ghost
Backup or Image for Active Directory Server and Exchange Server
To
all single DC folks - when you perform a restore of your single DC from an
image, as part of your procedure do you increase the value of the RID pool or
just restore and resume working?
-----Original Message-----
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks
[MVP]
Sent: 20 Jun 2006 1:03
To: [email protected]
Subject:
Re: [ActiveDir] Ghost Backup or Image for Active Directory Server and Exchange
Server
And you didn't go to Jeff Middleton's TechEd session on DR for
Small
business did you?
We're a single DC folks.. hello... it
works.
We're not enterprise and that means best practices for you are not
best
practices for us.
Acronis works.
Big boys can't image
DCs.. we can. We're little..we're agile and we can
do
it.
Big server land can't ...and that's fine...but the rules of big
server
land stop at the gates of SBSland... it's a whole diff ball game for
us.
(Fenway was cool btw)
Paul Glenn wrote:
> I
attended a Disaster Recovery of AD class at TechEd this past week.
> One
thing they said was to NEVER EVER rely on a ghost image for DR.
> Their
reasoning was the whole SID situation.
>
>
Paul
>
>
> On 6/17/06, *Susan Bradley, CPA aka Ebitz -
SBS Rocks [MVP]*
> <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote:
>
> And us SBSers
will say that sometimes that single DC with a DR
>
strategy
> in place can be less issue than
multiple domain controllers.
(please
> note the
"DR strategy" phrase there.. this is planned ahead of
>
time)
>
> What is the size of the firm and
what is the tolerance of
downtime.
> Start from
there. Plan your DR process.
>
>
Almeida Pinto, Jorge de wrote:
>
> > Only
in an AD environment with ONE DC in the AD FOREST,
there
would
> > not be much of an issue.
Although I still recomment to use a
>
supported
> >
method.
> > No matter how many DCs, using a
supported method/tool/procedure,
>
you
> > will always be ready for
it.
> > As soon as you get a second DC, the
image thing won't work that
good
> >
anymore.
> >
>
> For more info also see:
> > http://blogs.dirteam.com/blogs/jorge/archive/2006/03/08/597.aspx
>
>
> > I also recommend to have AT LEAST 2 DC
in each AD domain (and
backup
> > at least
2, preferably more if you have more DCs) for
if
something
> > goes wrong with one DC. In
that case while one DC is still
> running
you
> > can repair the other or promote another
DC into the AD domain.
> If
you
> > only have one DC, AD will be available
again as soon as that
> single
DC
> > is up and running
again.
> >
> >
Met vriendelijke groeten / Kind regards,
> >
Ing. Jorge de Almeida Pinto
> > /Senior
Infrastructure Consultant/
> > /MVP Windows
Server - Directory Services/
> >
//
> > *LogicaCMG Nederland B.V. (BU RTINC
Eindhoven)*
> > (
Tel :
+31-(0)40-29.57.777
> > ( Mobile :
+31-(0)6-26.26.62.80 <http://26.26.62.80>
> > * E-mail : <see
sender address>
>
>
>
>
>
------------------------------------------------------------------------
>
> *From:* [EMAIL PROTECTED]
>
<mailto:[EMAIL PROTECTED]> on behalf of Jose
>
Medeiros
> > *Sent:* Sat 2006-06-17
08:01
> > *To:*
[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
> > *Cc:* Medeiros,
Jose; [email protected]
> <mailto:[email protected]>
> > *Subject:*
[ActiveDir] Ghost Backup or Image for
Active
Directory
> > Server and Exchange
Server
> >
> >
Hi Amit,
> >
>
> Well first you'll need to buy Symantec Ghost Corporate
Edition
> so you
>
> have the 32 bit version. Then if you have a server such as a
HP
> > Proliant DL-580 with a 6400 Smart Raid
Controller you'll need to
add
> > the Raid
controller driver to your bootable CD Rom that
you'll
> have to
>
> create so it can access the Raid Disk
Array.
> >
> >
If you Want to create your own Bootable CD, I would
recommend
> you
use
> > Microsoft WinPE or Bart's PE http://www.nu2.nu/pebuilder/
> <http://www.nu2.nu/pebuilder/>.
>
>
> > Barts also allows you to use Acronis
http://www.acronis.com/
> which may
>
> be less expensive then Ghost Corporate, however I have only
used
> Ghost
> >
Version 8, 32Bit and can attest that it works ( I've
imaged
several
> > hundredservers with it at
ADP Payroll Systems ).
>
>
> > Hope this helps, the rest is up to you
and requires that you
> read
the
> > documentation with each
product.
> >
>
> Best Wish's,
>
>
> > Jose
Medeiros
> > http://www.myspace.com/josemedeiros1
>
>
>
>
>
>
----------------------------------------------------------------------
>
---------------------------------------------------------
>
>
>
> > ----- Original
Message -----
> >
*From:* Amit Kapoor <mailto:[EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]>>
> >
*To:* [EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]>
> <mailto:[EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]>>
>
> *Sent:* Friday, June 16, 2006 10:39
PM
> > *Subject:*
[ExchangeList] Ghost Backup or Image for Active
>
> Directory Server and Exchange
Server
> >
>
> Hi,
>
>
> >
>
>
> > I have windows
2000 domain controller and windows 2003
server
on
> > which exchange
2003 is installed.
>
>
> >
>
>
> > I want to take
Ghost Backup or an operating system image
of
the
> > server.
So that in case of crisis the same can be
recovered
> in few
>
> minutes.
>
>
> >
>
>
> > Please help me
and guide me how can I take the ghost backup
> of
the
> > servers and how
do I test restore of the ghost image.
>
>
> >
>
>
> >
Thanks
> >
>
> Amit
>
>
> >
>
>
> > *ps. check out
our latest product: **www.DriveInside.com** -
>
> India's No. 1 Auto
Website*
> >
>
> --------
>
> Amit Kapoor
>
>
> > Network
Engineer
> > Module One
India Ltd.
> > Paharpur
Software Technology Incubator Park
>
> A-88, Okhla Phase II, New Delhi 110020,
India
> >
>
> Tel: +91-(0)11-41859200 ext. 204 | Fax:
+91-(0)11-41859220
> >
E-mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
> <mailto:[EMAIL PROTECTED]
> >
www.moduleone.com <
> <http://www.moduleone.com/>
> >
>
> ==== c r e a t i v e i n t e r n e
t s o l u t i o n s
====
>
>
> > Module One,
one of India's leading Interactive agencies,
uses
a
> > combination of
creative, marketing and technology skills to
>
assist
> > clients in
successfully using the Internet for
their
marketing
> >
initiatives.
>
>
> >
>
>
> >
>
>
> >
>
>
> > This e-mail and any attachment is for
authorised use by the
intended
> >
recipient(s) only. It may contain proprietary
material,
>
confidential
> > information and/or be subject
to legal privilege. It should not
be
> >
copied, disclosed to, retained or used by, any other party.
If
> you are
> >
not an intended recipient then please promptly delete
this
> e-mail and
>
> any attachment and all copies and inform the sender. Thank
you.
> >
> List
info : http://www.activedir.org/List.aspx
> List
FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ml/threads.aspx
>
>
>
>
>
--
>
***********************************************************************
>
"I've got a fever and the only prescription is more
>
cowbell." --Christopher
Walken
>
***********************************************************************
List
info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
************************************************************************
****
This
message contains confidential information and is intended only
for the
individual or entity named. If you are not the named addressee you should
not disseminate, distribute or copy this e-mail.
Please notify the
sender immediately by e-mail if you have received
this e-mail by mistake and
delete this e-mail from your system. E-mail transmission cannot be guaranteed to
be secure or error-free as information could be intercepted, corrupted, lost,
destroyed, arrive late or incomplete, or contain viruses. The sender
therefore does not accept liability for any errors or omissions in the contents
of this
message which arise as a result of e-mail transmission.
If
verification is required please request a hard-copy version. This message is
provided for informational purposes and should not be construed as an invitation
or offer to buy or sell any securities or related financial instruments. GAM
operates in many jurisdictions and is
regulated or licensed in those
jurisdictions as
required.
************************************************************************
****
List
info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
