Best practice - Backup of a virtual Domain Controller

Last post 02-22-2020, 7:04 PM by Anthony.Hodges. 2 replies.
Sort Posts: Previous Next
  • Best practice - Backup of a virtual Domain Controller
    Posted: 02-21-2020, 7:41 AM

    Hi all.

     

    What is best backup/restore practice regarding a Domain Controller (Windows server 12/16/19) residing on Vmware virtual server?

     

    Can you restore a Domain Controller from a VADP snapshot or is this not supported by Microsoft?

    Should you backup the Domain Controller by using a file system agent with system state backup instead of during a snapshot?

    Should you do both, snapshot and file agent?

     

    How do you do this?

    What do Commvault recommend?

     

    Thanks

    -Anders

  • Re: Best practice - Backup of a virtual Domain Controller
    Posted: 02-21-2020, 3:37 PM

    I hesitate to respond because I am no expert, but here's what we do.

    I have 3 local DCs, 1 is physical, 2 are VMs.  And I have 2 more VM DCs offsite, 20 miles away and 200 miles away.  They all replicate to each other, so our AD database is replicated in various locales.  We use VMWare as well.   Hopefully that level of duplication protects us from most problems.

    I do File System agent backup on the file systems of 2 of them, the physical & 1 virtual.  And I use the AD agent to do an AD backup of those two.  We also have 2 Aux copies of these backups.

    It is our understanding that a snapshot of the AD database would not be recoverable.  But the AD agent works pretty well, since it is a very small footprint.

  • Re: Best practice - Backup of a virtual Domain Controller
    Posted: 02-22-2020, 7:04 PM

    Total Disaster Recovery, e.g. from Tape to a new site is possible for Active Directory.  I have done it myself, but it is by far the least elegant way to protect your AD.  Use multiple domain controllers with cross site AD replication or better still, replicate AD into Azure.

    The granular AD agent works well for almost all of the object you would want to granularly revoery, but it does mean that you have save Domain Administrator credentials within Commvault and not everyone likes that.

The content of the forums, threads and posts reflects the thoughts and opinions of each author, and does not represent the thoughts, opinions, plans or strategies of Commvault Systems, Inc. ("Commvault") and Commvault undertakes no obligation to update, correct or modify any statements made in this forum. Any and all third party links, statements, comments, or feedback posted to, or otherwise provided by this forum, thread or post are not affiliated with, nor endorsed by, Commvault.
Commvault, Commvault and logo, the “CV” logo, Commvault Systems, Solving Forward, SIM, Singular Information Management, Simpana, Commvault Galaxy, Unified Data Management, QiNetix, Quick Recovery, QR, CommNet, GridStor, Vault Tracker, InnerVault, QuickSnap, QSnap, Recovery Director, CommServe, CommCell, SnapProtect, ROMS, and CommValue, are trademarks or registered trademarks of Commvault Systems, Inc. All other third party brands, products, service names, trademarks, or registered service marks are the property of and used to identify the products or services of their respective owners. All specifications are subject to change without notice.
Close
Copyright © 2020 Commvault | All Rights Reserved. | Legal | Privacy Policy