![]() I’m going to assume that you have everything running fine. But, if you need help with that, please refer to the following video recorded by a Veeam system engineer. This article doesn’t intend to cover a process of Veeam Backup & Replication installation and configuration, as it’s already been defined a few times. Account of an enterprise administrator or domain administrator. Permissions: Administrative rights for target Active Directory. Veeam server: Windows Server 2008 SP2 and newer Windows 7 SP1 and newer, 64-bit OSĭomain controller virtual machine (VM): Windows Server 2003 SP1 and newer, the minimum supported forest functional level of Windows 2003 Virtual platform: VMware vSphere 4.1 and newer Microsoft Hyper-V 2008 R2 SP1 and newer ![]() The system requirements (of version 9.0) are as following: As for details, you should have Veeam Backup & Replication installed and configured. Once virtualized, they are pretty easy to be managed by a domain/system administrator and can be easily backed up with Veeam Backup & Replication. If you happen to share the old belief of “physical DCs only”, please refer to this post. It’s a well-known fact, that Active Directory services don’t consume a lot of resources of the system, so Domain Controllers are appearing to be the first servers that are always virtualized in the environment. Backup of a Domain Controller has previously been a tiresome process, involving backing up the server’s system state. Microsoft’s Active Directory Services organize and keep information about individual objects within the forest and store it to a relational database (ntds.dit), hosted by a domain controller. How to back up a virtual Domain Controller In this case Veeam will fail over to the VIX and should be able to process your DC. If you have a VMware virtual environment and it is not possible to connect to your Domain Controller over the network, as for example, it can be in DMZ.Veeam Backup & Replication v7 with Patch 3 and onwards) know how to deal with this It’s usually recommended to perform backup of one Domain Controller per time, not to interfere with DFS Replication - even if the modern backup applications (ex.Consider administration operations’ delegation, setting up the restricted access to elevated groups and maintaining a “lag” site There are things that can always mitigate the risk of accidental/intentional deletion/change of AD objects.If you have multiple Domain Controllers for the site and you’re looking for individual objects protection, there’s no need to backup all DCs, as for item-level recovery, one copy of Active Directory database (ntds.dit) would be sufficient.Refer to Active Directory basics white paper to learn more about FSMO roles. Be aware of that, when planning backup and prioritize Domain Controllers accordingly. Otherwise, you will have to transfer roles manually after the restore with ntdsutil seize command. When performing a full domain recovery, you might want to start from the DC with most FSMO roles, usually one with PDC emulator role.Hint: a simple command to check this via command line: > netdom query fsmo Learn what domain controllers hold Flexible Single Master Operations (FSMO) roles in your environment.Below are some considerations I believe might be helpful for creating your own Active Directory policies: It wouldn’t be right to apply the same backup policy you have for SQL or Exchange server here. Backup Domain Controller considerationsĪs Active Directory Domain Services designed with a sort of redundancy, so the common backup rules and tactics can be mitigated and adapted to this level. Today, I’m going to talk about the backup options Veeam offers for both physical and virtualized Domain Controllers, and backup considerations to keep in mind while you do that. ![]() The actual series is going to discuss how Veeam can protect Active Directory data - preserve Domain Controllers (DCs) or individual AD objects and recover either of them when required. Before reading this, you might want to take a look at the Best practices for AD administration series we posted a while ago. The purpose of this series is intended to aid you with the successful backup and recovery of Active Directory Domain Services with Veeam, giving you all the keys to painless AD protection. Not only is Active Directory a great power, but it’s also a great responsibility - and it requires spending a lot of time with it in order to maximize its capabilities. It’s almost impossible to imagine how system administrators would be able to do their jobs effectively if this technology didn’t exist. Microsoft Active Directory is a standard in corporate environments where authentication and central user-management are required. Read the full series: Ch.1 - Backing up Domain ControllerĬh.2 - How to recover a Domain ControllerĬh.3 - Reanimating Active Directory tombstone objectsĬh.4 - Leveraging Active Directory Recycle Bin
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |