we have primary dc in the production site and backup dc in the secondary site.
if we simulate complete failure of primary site, we have no fsmo roles. (not 100% sure what these are needed for but I KNOW they ARE required for active directory to work)
What are most people doing?
are you seizing fsmo roles as part of your Disaster recovery operations? Would it be better to simply move my fsmo roles to my DR location?
Please advise.
-
dirkdigs
- Enthusiast
- Posts: 65
- Liked: 3 times
- Joined: Mar 10, 2014 8:21 pm
- Full Name: Mike
-
HannesK
- Product Manager
- Posts: 14322
- Liked: 2890 times
- Joined: Sep 01, 2014 11:46 am
- Full Name: Hannes Kasparick
- Location: Austria
- Contact:
Re: active directory best practices for FSMO roles
Hello,
as the question is independent from Veeam, I would ask an internet search engine, a Microsoft forum or ChatGPT about Microsoft best practices instead of a Veeam forum
As you never know, which location will fail, I cannot imagine a general "right" or "wrong". If you have all FSMO roles in the DR location, and the DR location fails, then you need to seize them to production.
Best regards,
Hannes
as the question is independent from Veeam, I would ask an internet search engine, a Microsoft forum or ChatGPT about Microsoft best practices instead of a Veeam forum
As you never know, which location will fail, I cannot imagine a general "right" or "wrong". If you have all FSMO roles in the DR location, and the DR location fails, then you need to seize them to production.
Best regards,
Hannes
-
dirkdigs
- Enthusiast
- Posts: 65
- Liked: 3 times
- Joined: Mar 10, 2014 8:21 pm
- Full Name: Mike
Re: active directory best practices for FSMO roles
i disagree. this is relevant to veeam because Veeam is a disaster recovery product. and my question is directed to similar minded folk who use this product/. not sure what your issue is?>
-
Regnor
- VeeaMVP
- Posts: 940
- Liked: 291 times
- Joined: Jan 31, 2011 11:17 am
- Full Name: Max
- Contact:
Re: active directory best practices for FSMO roles
The domain won't stop working if the DC with the FSMO roles is offline.
During a disaster recovery test I wouldn't move or seize the FSMO roles as this would be a too big impact for just a test. Besides, I wouldn't do a disaster recovery test with my production systems. If you do this in a lab, with SureBackup, Orchestrator or something else, then you could go through the complete process without any risks.
During a real disaster it would make the decision dependent on the situation. Will the primary site come back online in short time then I would wait. If the primary site is gone or recovery will take time, the seize the roles and create a new primary DC.
During a disaster recovery test I wouldn't move or seize the FSMO roles as this would be a too big impact for just a test. Besides, I wouldn't do a disaster recovery test with my production systems. If you do this in a lab, with SureBackup, Orchestrator or something else, then you could go through the complete process without any risks.
During a real disaster it would make the decision dependent on the situation. Will the primary site come back online in short time then I would wait. If the primary site is gone or recovery will take time, the seize the roles and create a new primary DC.
-
HannesK
- Product Manager
- Posts: 14322
- Liked: 2890 times
- Joined: Sep 01, 2014 11:46 am
- Full Name: Hannes Kasparick
- Location: Austria
- Contact:
Re: active directory best practices for FSMO roles
Hello,
In these forums, there are people who think that replication of domain controllers is a good idea. I disagree with that, because of superior built-in AD replication. Nobody in a Microsoft forum would recommend to replicate domain controllers. That's why I recommended to ask in Microsoft savvy forums where people are focused on AD.
Agree with Max and I still cannot image any "right" or "wrong" because one never knows, which site goes down (speaking as someone who did the AD course / certification some years ago and thinks that the question is independent from any backup vendor).
Best regards,
Hannes
no issue for me. I would just ask "at the source" instead of "3rd party".not sure what your issue is?
In these forums, there are people who think that replication of domain controllers is a good idea. I disagree with that, because of superior built-in AD replication. Nobody in a Microsoft forum would recommend to replicate domain controllers. That's why I recommended to ask in Microsoft savvy forums where people are focused on AD.
Agree with Max and I still cannot image any "right" or "wrong" because one never knows, which site goes down (speaking as someone who did the AD course / certification some years ago and thinks that the question is independent from any backup vendor).
Best regards,
Hannes
-
dirkdigs
- Enthusiast
- Posts: 65
- Liked: 3 times
- Joined: Mar 10, 2014 8:21 pm
- Full Name: Mike
Re: active directory best practices for FSMO roles
thanks, appreciate the open discussion.
Who is online
Users browsing this forum: No registered users and 116 guests