Comprehensive data protection for all workloads
Post Reply
Didi7
Veteran
Posts: 490
Liked: 59 times
Joined: Oct 17, 2014 8:09 am
Location: Hypervisor
Contact:

Backup of Microsoft Domain Controllers ...

Post by Didi7 »

Hello,

I know, that VBR can be used to backup virtual MS Domain Controllers and objects can be restored with the corresponding Veeam Explorer for Active Directory. What you say about the following articles ...

https://kb.vmware.com/selfservice/micro ... Id=1006996

https://vox.veritas.com/t5/forums/v3_1/ ... -id/120637

Best regards,
Didi7
Using the most recent Veeam B&R in many different environments now and counting!
DaveWatkins
Veteran
Posts: 370
Liked: 97 times
Joined: Dec 13, 2015 11:33 pm
Contact:

Re: Backup of Microsoft Domain Controllers ...

Post by DaveWatkins »

The first link is specifically about P2V conversions of domain controller.

I don't see how the second link is relevant at all.
Didi7
Veteran
Posts: 490
Liked: 59 times
Joined: Oct 17, 2014 8:09 am
Location: Hypervisor
Contact:

Re: Backup of Microsoft Domain Controllers ...

Post by Didi7 »

In the first link, there is an additional information note ...

Quote:
VMware does not recommend to take a snapshot of the virtual machine running as a Domain Controller. In Windows Server 2012, there are changes to support creating a snapshot. For more information, see the Microsoft TechNet article, Introduction to Active Directory Domain Services (AD DS) Virtualization (Level 100). If the virtual machine is running a Windows Domain Controller, then snapshots are not supported by Microsoft. For more information, see Virtualizing a Windows Active Directory Domain Infrastructure white paper.

The second link states ...

There is a link to a white paper with the following note:
Note that Microsoft does not support using snapshots or disk
imaging of any domain controller. You must perform system
state data backups to protect the Active Directory database.
Snapshots can potentially corrupt the Active Directory database
without even committing or reverting back to the snapshot.

Another quote from link 2:

Since VMware policies actually takes snapshots of the VMs for backup (via the vStorage API), all of the above should paint a pretty clear picture that backing up AD/DC this way is not recommended or supported by anyone, including NetBackup.
NetBackup's only documented (i.e., supported) way of backing up AD/DC is via the System State or Shadow Copy Components directives.
Using the most recent Veeam B&R in many different environments now and counting!
zuldan
Enthusiast
Posts: 45
Liked: 5 times
Joined: Feb 15, 2017 9:51 am
Contact:

Re: Backup of Microsoft Domain Controllers ...

Post by zuldan »

Cloning and snapshotting on 2012 Domain Controllers is fully supported.

https://blogs.msmvps.com/acefekay/2013/ ... rollbacks/
Windows Server 2012 now supports DC cloning and snapshot restore of domain controllers. The requirements to support the new feature are:

- Hypervisor that supports VM-GenerationID. Window Server 2012 Hyper-V supports VM-GenerationID. If using a third party Hypervisor, check with the vendor if their latest version supports this feature.
- The source virtual domain controller must be running Windows Server 2012.
- A Windows Server 2012 PDC Emulator FSMO Role must be running and available for the cloned DC.
And yes VMware fully supports it.

https://blogs.vmware.com/apps/2013/01/w ... phere.html
https://kb.vmware.com/selfservice/micro ... Id=2041872
Didi7
Veteran
Posts: 490
Liked: 59 times
Joined: Oct 17, 2014 8:09 am
Location: Hypervisor
Contact:

Re: Backup of Microsoft Domain Controllers ...

Post by Didi7 »

Nice one zuldan ;)

What about Windows 2008R2 Domain Controllers. Does the same apply to them?

Regards,
Didi7
Using the most recent Veeam B&R in many different environments now and counting!
zuldan
Enthusiast
Posts: 45
Liked: 5 times
Joined: Feb 15, 2017 9:51 am
Contact:

Re: Backup of Microsoft Domain Controllers ...

Post by zuldan »

2012 and above, only.
Didi7
Veteran
Posts: 490
Liked: 59 times
Joined: Oct 17, 2014 8:09 am
Location: Hypervisor
Contact:

Re: Backup of Microsoft Domain Controllers ...

Post by Didi7 »

Obviously not, yes! That's what I could read from the links you provided.

The question now is ...

What are Windows 2003, Windows 2008 and Windows 2008R2 Domain Controller backups with VBR and it's AAIP integration worth in the end?

It helps to open Active Directory contents in Veeam's Explorer for MS Active Directory and to find changed, deleted or newly created AD items with live comparison and possibly restore single items and a lot more.

If there is only one DC in your forest or Active Directory, would it be save to restore the complete VM (DC 2K3, 2K8 or 2K8R2) without any hassle afterwards? As soon, as more than one DC is part of your forest or Active Directory, would it make more sense to create a new DC with a new name and IP from scratch and replace the defective DC (get rid of it in AD)?

What else benefits you have from a VBR backup of a 2K3, 2K8 or 2K8R2 MS Domain Controller?

Regards,
Didi7
Using the most recent Veeam B&R in many different environments now and counting!
zuldan
Enthusiast
Posts: 45
Liked: 5 times
Joined: Feb 15, 2017 9:51 am
Contact:

Re: Backup of Microsoft Domain Controllers ...

Post by zuldan »

Please read the following blog posts and KB. If you are still unsure with what's possible in 2K3, 2K8 or 2K8R2 then please open a support case with Veeam for assistance. They are very helpful.

https://www.veeam.com/blog/backing-up-d ... ction.html
https://www.veeam.com/blog/how-to-recov ... ction.html
https://www.veeam.com/kb2119
Post Reply

Who is online

Users browsing this forum: BackupBytesTim and 289 guests