Backup of Microsoft Domain Controllers ...

[Didi7]

Hello,

I know, that VBR can be used to backup virtual MS Domain Controllers and objects can be restored with the corresponding Veeam Explorer for Active Directory. What you say about the following articles ...

https://kb.vmware.com/selfservice/micro ... Id=1006996

https://vox.veritas.com/t5/forums/v3_1/ ... -id/120637

Best regards,
Didi7

[DaveWatkins]

The first link is specifically about P2V conversions of domain controller.

I don't see how the second link is relevant at all.

[Didi7]

In the first link, there is an additional information note ...

Quote:
VMware does not recommend to take a snapshot of the virtual machine running as a Domain Controller. In Windows Server 2012, there are changes to support creating a snapshot. For more information, see the Microsoft TechNet article, Introduction to Active Directory Domain Services (AD DS) Virtualization (Level 100). If the virtual machine is running a Windows Domain Controller, then snapshots are not supported by Microsoft. For more information, see Virtualizing a Windows Active Directory Domain Infrastructure white paper.

The second link states ...

There is a link to a white paper with the following note:
Note that Microsoft does not support using snapshots or disk
imaging of any domain controller. You must perform system
state data backups to protect the Active Directory database.
Snapshots can potentially corrupt the Active Directory database
without even committing or reverting back to the snapshot.

Another quote from link 2:

Since VMware policies actually takes snapshots of the VMs for backup (via the vStorage API), all of the above should paint a pretty clear picture that backing up AD/DC this way is not recommended or supported by anyone, including NetBackup.
NetBackup's only documented (i.e., supported) way of backing up AD/DC is via the System State or Shadow Copy Components directives.

[zuldan]

Cloning and snapshotting on 2012 Domain Controllers is fully supported.

https://blogs.msmvps.com/acefekay/2013/ ... rollbacks/

Windows Server 2012 now supports DC cloning and snapshot restore of domain controllers. The requirements to support the new feature are:

- Hypervisor that supports VM-GenerationID. Window Server 2012 Hyper-V supports VM-GenerationID. If using a third party Hypervisor, check with the vendor if their latest version supports this feature.
- The source virtual domain controller must be running Windows Server 2012.
- A Windows Server 2012 PDC Emulator FSMO Role must be running and available for the cloned DC.

And yes VMware fully supports it.

https://blogs.vmware.com/apps/2013/01/w ... phere.html
https://kb.vmware.com/selfservice/micro ... Id=2041872

[Didi7]

Nice one zuldan

What about Windows 2008R2 Domain Controllers. Does the same apply to them?

Regards,
Didi7

[zuldan]

2012 and above, only.

[Didi7]

Obviously not, yes! That's what I could read from the links you provided.

The question now is ...

What are Windows 2003, Windows 2008 and Windows 2008R2 Domain Controller backups with VBR and it's AAIP integration worth in the end?

It helps to open Active Directory contents in Veeam's Explorer for MS Active Directory and to find changed, deleted or newly created AD items with live comparison and possibly restore single items and a lot more.

If there is only one DC in your forest or Active Directory, would it be save to restore the complete VM (DC 2K3, 2K8 or 2K8R2) without any hassle afterwards? As soon, as more than one DC is part of your forest or Active Directory, would it make more sense to create a new DC with a new name and IP from scratch and replace the defective DC (get rid of it in AD)?

What else benefits you have from a VBR backup of a 2K3, 2K8 or 2K8R2 MS Domain Controller?

Regards,
Didi7

[zuldan]

Please read the following blog posts and KB. If you are still unsure with what's possible in 2K3, 2K8 or 2K8R2 then please open a support case with Veeam for assistance. They are very helpful.

https://www.veeam.com/blog/backing-up-d ... ction.html
https://www.veeam.com/blog/how-to-recov ... ction.html
https://www.veeam.com/kb2119