Comprehensive data protection for all workloads
Post Reply
Stabz
Veeam Legend
Posts: 113
Liked: 7 times
Joined: Apr 07, 2017 7:40 am
Full Name: Philippe DUPUIS
Contact:

Primary domain controler and DRP

Post by Stabz »

Hello,

I have read some documentations about this but I have some question
My infrastructure:
Site1:
DC1 -> with all FSMO roles
DC2

Site2
DC3
DC4

All the DCs are in the same domain, currently we backup every night entire servers in local and we have a backup copy job to export the Site1 backups to Site2 and vice versa.
Tomorrow I want to implement Replication to reduce my RTO and protect the fact to lose my primary domain controller. Is there any recommandations?

In the case of a disaster on Site1, I ll have to start a failover on Site2, which procedure I have to follow, I read this KB https://www.veeam.com/kb2119 , but is that the same procedure for a DC with all FSMO role?
I m a bit confuse so thanks by advance.
Phil
foggy
Veeam Software
Posts: 21069
Liked: 2115 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: Primary domain controler and DRP

Post by foggy »

Hi Philippe, you can safely failover to the replica of the DC with FSMO roles, the procedure is 100% automatic. Another option is just seize the roles on some other live DC.
Stabz
Veeam Legend
Posts: 113
Liked: 7 times
Joined: Apr 07, 2017 7:40 am
Full Name: Philippe DUPUIS
Contact:

Re: Primary domain controler and DRP

Post by Stabz »

Hi,

Sorry for the delay of my answer, I was out of the office.
Thanks for the reply, apparently a lot of people seize the roles when there are another live DCs, and they use failover when no more DCs are available
I ll discuss about this with my CIO.

Philippe
Mike Resseler
Product Manager
Posts: 8044
Liked: 1263 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: Primary domain controler and DRP

Post by Mike Resseler »

Hi Philippe,

Correct. Protecting your AD (which is x amount of DC's) is a layered approach. While not always achievable depending on the environment and resources available this is what I normally recommend.
* Have at least 2 DC's, one being at "another location" if possible. Reason = If one fails, you can seize the roles and continue working. You can then try to fix the failed DC or simply rebuild a new one and let the AD replication do its work
* Take a backup of at least 1 DC. Reason = every human error such as deleting 1 account too much (Been there, done that unfortunately) and you can do item-level recovery for that single (or multiple, I have once deleted an entire OU because of a script error from my side...) object
* Replicate a DC if possible. Reason = a DC (or AD) will be needed in almost every DR scenario so being able to quickly start a DC in a disaster scenario is mostly a must

Hope it gives you additional information to talk to your CIO

Mike
Post Reply

Who is online

Users browsing this forum: Google [Bot], Noushad, theadamlion and 164 guests