VMware Cloud Community
Cyberfed27
Hot Shot
Hot Shot
‎04-18-2012 05:58 AM

Backups of a VM Domain Controller

Hey folks,

I built two windows 2008 R2 servers as domain controllers from scratch.

I am now trying to determine the best methods to create backups of these two VM's for DR purposes.

I know that domain controllers are a bit tricky when they are virtual machines so I want to reach out to see how others are handling backups of the VMs.

Right now I am powering down one domain controller at a time and then using vCenter to perform a clone of it. I repeat this process for the other domain controller.

In the event of a OS failure of one of the domain controllers the plan would be to power on one of the clones. Does that sound reasonable? We refresh the clones every month.  We haven't tested this method because I am a bit gunshy of damaging the AD structure.

We recently purchased Veeam for backups of VM's but haven't implemented it yet. Next steps are to test that out too.

How do you all "clone" or make copies of your domain controller VMs?

I am also doing a full AD backup with the microsoft tools just incase, but I would love to just be able to turn on a clone and be up and running if something blows up.

0 Kudos
6 Replies
mydearcosmo
Contributor
Contributor
‎04-18-2012 07:02 AM

I am also thinking where is the best place to store all the backup files if you have a couple of TB worth of applications, programs and files? Any suggestions?

0 Kudos
kjb007
Immortal
Immortal
‎04-18-2012 07:25 AM

Have you seen this doc?

http://www.vmware.com/files/pdf/Virtualizing_Windows_Active_Directory.pdf

-KjB

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB
0 Kudos
Cyberfed27
Hot Shot
Hot Shot
‎04-18-2012 07:35 AM

Yes I've read that document.

Unfortunately that document does say you can (or can't) do a clone of a DC VM.

I have read other KB's that discuss turning a physical machine into a VM that is acting as a domain controller, this is not a best practice. This is also why we built the DC's as fresh VM's.

Question really is, if I am doing a clone of an existing VM that is a DC, is there an issue with the clone? Hardware SIDS wont change ect..

0 Kudos
JimKnopf99
Commander
Commander
‎04-18-2012 07:44 AM

Hi,

so far i know, the only supportet backup from a active directory is backup your systemstate or use certified 3 party tools like quest ad backup or blackbird.

Normaly, you are fine with backup the systemstate. Because install a new ad controller isn´t that complicated and do not take so much time.

In most cases, you only have to see where your fsmo roles are running and transfer them.

For more information:

http://technet.microsoft.com/en-us/library/cc771290%28v=ws.10%29.aspx

fsmo roles:

http://www.petri.co.il/transferring_fsmo_roles.htm

Frank

If you find this information useful, please award points for "correct" or "helpful".
Cyberfed27
Hot Shot
Hot Shot
‎04-18-2012 07:50 AM

Thanks Frank, that is our "backup to our backup" plan. We have full "NTbackups (though they arent called that 2008 anymore" of our AD's just incase.

Maybe I will just test out the clones in an isolated lab to see what happens. Just wanted to see if anyone out there had tried this other method of clones.

0 Kudos
kjb007
Immortal
Immortal
‎04-18-2012 07:51 AM

If you are using clones, then for most of the time, the clone will be ok if you start using it immediately, and the source host is not on the network.  Customization is not supported, so you can't create a new domain controller from an existing one.  And if  you start using it immediately, then you don't have inconsistency or replication problems, but they can be introduced which is why clones aren't typically best practice.

-KjB

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB