I am not into restoring from backup unless absolutely required. I like how easy it is to rebuild and repromote. As I mentioned in the other post, I consider DCs to be expendable like individual drives in a RAID Set.
Now if I was crazy enough to run a bunch of other services on a DC that were specific to a given DC then I might be a little more likely to look at restores but in the meanwhile I would have kicked my own butt for putting myself in that position in the first place. You don't put extra services on DCs for several reasons, not having to restore them is just a side effect. Primarily you do it to reduce vectors against your security and stability. In the SBS world I would be completely out of sorts with myself over their working conditions. :) Hopefully all of the enterprise customers won't go out of business though. ;) -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul Williams Sent: Thursday, August 17, 2006 12:58 PM To: [email protected] Subject: Re: [ActiveDir] FMSO roles split, patch question. Valid point. But you should [try and] restore from the backup that ran the night before and that you verified successfully completed before you applied the patch... ;-) If you have a document process that goes through the proper change control, then there shouldn't be any reason to do this. The patches should be tested in dev and pre-prod and then applied, only if there's a rollback option, and that should be something like "uninstall patch; restore from last night's successful back if unable to boot and uninstall". --Paul ----- Original Message ----- From: "Almeida Pinto, Jorge de" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Thursday, August 17, 2006 4:02 PM Subject: RE: [ActiveDir] FMSO roles split, patch question. the reason is that is a DC dies during the patching you do not have to seize the roles....IMHO, I prefer transfering over seizing Met vriendelijke groeten / Kind regards, Ing. Jorge de Almeida Pinto Senior Infrastructure Consultant MVP Windows Server - Directory Services LogicaCMG Nederland B.V. (BU RTINC Eindhoven) ( Tel : +31-(0)40-29.57.777 ( Mobile : +31-(0)6-26.26.62.80 * E-mail : <see sender address> ________________________________ From: [EMAIL PROTECTED] on behalf of John Strongosky Sent: Thu 2006-08-17 16:55 To: [email protected] Subject: RE: [ActiveDir] FMSO roles split, patch question. I cornfused is this a standard practice as I thought you did not want to move the FMSO roles back and forth. john ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Thursday, August 17, 2006 4:33 AM To: [email protected] Subject: RE: [ActiveDir] FMSO roles split, patch question. in addition to that.... DC1 having FSMOset1 and DC2 having FSMOset2 transfer FSMOset1 from DC1 to DC2 apply patches to DC1 and reboot and check everything (event logs DCdiag, etc) if everything OK! transfer FSMOset1 and FSMOset2 from DC2 to DC1 apply patches to DC2 and reboot and check everything (event logs DCdiag, etc) if everything OK! transfer FSMOset2 from DC1 to DC2 voila (that's french)...done! ;-) jorge ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Deji Akomolafe Sent: Wednesday, August 09, 2006 01:52 To: [email protected] Subject: RE: [ActiveDir] FMSO roles split, patch question. It doesn't matter. Sincerely, _____ (, / | /) /) /) /---| (/_ ______ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_ (_/ /) (/ Microsoft MVP - Directory Services www.akomolafe.com - we know IT -5.75, -3.23 Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: John Strongosky Sent: Tue 8/8/2006 4:49 PM To: [email protected] Subject: [ActiveDir] FMSO roles split, patch question. We have our FMSO roles split between 2 dc's. They are Schema Master/Domain Tree Operator on 1 and on 2, the roles PDC Emulator/Rid Pool/Intrastate on the other. After I apply the patches from Microsoft what is the beat practices for the boot order...or does it matter? 1. Remote DC/GC's first 2. no. 1 3. then no 2. thanks This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
