Primary domain controler and DRP

Availability for the Always-On Enterprise

Primary domain controler and DRP

Veeam Logoby Stabz » Fri Apr 07, 2017 9:36 am

Hello,

I have read some documentations about this but I have some question
My infrastructure:
Site1:
DC1 -> with all FSMO roles
DC2

Site2
DC3
DC4

All the DCs are in the same domain, currently we backup every night entire servers in local and we have a backup copy job to export the Site1 backups to Site2 and vice versa.
Tomorrow I want to implement Replication to reduce my RTO and protect the fact to lose my primary domain controller. Is there any recommandations?

In the case of a disaster on Site1, I ll have to start a failover on Site2, which procedure I have to follow, I read this KB https://www.veeam.com/kb2119 , but is that the same procedure for a DC with all FSMO role?
I m a bit confuse so thanks by advance.
Phil
Stabz
Novice
 
Posts: 6
Liked: never
Joined: Fri Apr 07, 2017 7:40 am
Full Name: Philippe DUPUIS

Re: Primary domain controler and DRP

Veeam Logoby foggy » Fri Apr 07, 2017 3:00 pm

Hi Philippe, you can safely failover to the replica of the DC with FSMO roles, the procedure is 100% automatic. Another option is just seize the roles on some other live DC.
foggy
Veeam Software
 
Posts: 14742
Liked: 1079 times
Joined: Mon Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson

Re: Primary domain controler and DRP

Veeam Logoby Stabz » Tue Apr 11, 2017 7:02 am

Hi,

Sorry for the delay of my answer, I was out of the office.
Thanks for the reply, apparently a lot of people seize the roles when there are another live DCs, and they use failover when no more DCs are available
I ll discuss about this with my CIO.

Philippe
Stabz
Novice
 
Posts: 6
Liked: never
Joined: Fri Apr 07, 2017 7:40 am
Full Name: Philippe DUPUIS

Re: Primary domain controler and DRP

Veeam Logoby Mike Resseler » Wed Apr 12, 2017 6:47 am

Hi Philippe,

Correct. Protecting your AD (which is x amount of DC's) is a layered approach. While not always achievable depending on the environment and resources available this is what I normally recommend.
* Have at least 2 DC's, one being at "another location" if possible. Reason = If one fails, you can seize the roles and continue working. You can then try to fix the failed DC or simply rebuild a new one and let the AD replication do its work
* Take a backup of at least 1 DC. Reason = every human error such as deleting 1 account too much (Been there, done that unfortunately) and you can do item-level recovery for that single (or multiple, I have once deleted an entire OU because of a script error from my side...) object
* Replicate a DC if possible. Reason = a DC (or AD) will be needed in almost every DR scenario so being able to quickly start a DC in a disaster scenario is mostly a must

Hope it gives you additional information to talk to your CIO

Mike
Mike Resseler
Veeam Software
 
Posts: 3151
Liked: 362 times
Joined: Fri Feb 08, 2013 3:08 pm
Location: Belgium, the land of the fries, the beer, the chocolate and the diamonds...
Full Name: Mike Resseler


Return to Veeam Backup & Replication



Who is online

Users browsing this forum: allenrlacy, Bing [Bot], Google [Bot], Google Feedfetcher, gravasio, Majestic-12 [Bot], Yahoo [Bot] and 34 guests