Hello,
I have read some documentations about this but I have some question
My infrastructure:
Site1:
DC1 -> with all FSMO roles
DC2
Site2
DC3
DC4
All the DCs are in the same domain, currently we backup every night entire servers in local and we have a backup copy job to export the Site1 backups to Site2 and vice versa.
Tomorrow I want to implement Replication to reduce my RTO and protect the fact to lose my primary domain controller. Is there any recommandations?
In the case of a disaster on Site1, I ll have to start a failover on Site2, which procedure I have to follow, I read this KB https://www.veeam.com/kb2119 , but is that the same procedure for a DC with all FSMO role?
I m a bit confuse so thanks by advance.
Phil
-
- Veeam Legend
- Posts: 133
- Liked: 11 times
- Joined: Apr 07, 2017 7:40 am
- Full Name: Philippe DUPUIS
- Contact:
-
- Veeam Software
- Posts: 21139
- Liked: 2141 times
- Joined: Jul 11, 2011 10:22 am
- Full Name: Alexander Fogelson
- Contact:
Re: Primary domain controler and DRP
Hi Philippe, you can safely failover to the replica of the DC with FSMO roles, the procedure is 100% automatic. Another option is just seize the roles on some other live DC.
-
- Veeam Legend
- Posts: 133
- Liked: 11 times
- Joined: Apr 07, 2017 7:40 am
- Full Name: Philippe DUPUIS
- Contact:
Re: Primary domain controler and DRP
Hi,
Sorry for the delay of my answer, I was out of the office.
Thanks for the reply, apparently a lot of people seize the roles when there are another live DCs, and they use failover when no more DCs are available
I ll discuss about this with my CIO.
Philippe
Sorry for the delay of my answer, I was out of the office.
Thanks for the reply, apparently a lot of people seize the roles when there are another live DCs, and they use failover when no more DCs are available
I ll discuss about this with my CIO.
Philippe
-
- Product Manager
- Posts: 8191
- Liked: 1322 times
- Joined: Feb 08, 2013 3:08 pm
- Full Name: Mike Resseler
- Location: Belgium
- Contact:
Re: Primary domain controler and DRP
Hi Philippe,
Correct. Protecting your AD (which is x amount of DC's) is a layered approach. While not always achievable depending on the environment and resources available this is what I normally recommend.
* Have at least 2 DC's, one being at "another location" if possible. Reason = If one fails, you can seize the roles and continue working. You can then try to fix the failed DC or simply rebuild a new one and let the AD replication do its work
* Take a backup of at least 1 DC. Reason = every human error such as deleting 1 account too much (Been there, done that unfortunately) and you can do item-level recovery for that single (or multiple, I have once deleted an entire OU because of a script error from my side...) object
* Replicate a DC if possible. Reason = a DC (or AD) will be needed in almost every DR scenario so being able to quickly start a DC in a disaster scenario is mostly a must
Hope it gives you additional information to talk to your CIO
Mike
Correct. Protecting your AD (which is x amount of DC's) is a layered approach. While not always achievable depending on the environment and resources available this is what I normally recommend.
* Have at least 2 DC's, one being at "another location" if possible. Reason = If one fails, you can seize the roles and continue working. You can then try to fix the failed DC or simply rebuild a new one and let the AD replication do its work
* Take a backup of at least 1 DC. Reason = every human error such as deleting 1 account too much (Been there, done that unfortunately) and you can do item-level recovery for that single (or multiple, I have once deleted an entire OU because of a script error from my side...) object
* Replicate a DC if possible. Reason = a DC (or AD) will be needed in almost every DR scenario so being able to quickly start a DC in a disaster scenario is mostly a must
Hope it gives you additional information to talk to your CIO
Mike
Who is online
Users browsing this forum: Bing [Bot] and 54 guests