Re: Copy Active Directory Database to test server

From: LKuderick (npm[NO*SPAM*)
Date: 03/05/04 

Date: Fri, 5 Mar 2004 13:05:28 -0500

Sorry Mike, While I understand your position, your risk assessment of my
position is not supported by my experience. I have been MIS manager of this
company for over 16 years and we have had 2 major hardware failures in that
time and perhaps 4 or 5 minor ones. The major ones were recovered in no more
than 4-6 hours (completely acceptable timeframe in my company) and the minor
ones were recovered in 30 mins to 2 hours (again completely acceptable).
None of our business is dependent on the computer being in operation 24
hours. Programs that run Tape Mills can be loaded from local machines or
even from tape backups. Blueprints are replicated to paper files (it's part
of our ISO requirements). Our company can function fine without a file
server online for a period of days (although that would not be desirable).
We have complete disaster recovery conditions for most situations and
expected recovery timelines that are fine given our business model (If I was
managing a company that was more computer dependent (i.e. MSFT), I would use
more replication, however, in my situation more replication is not worth the
work or cost).

So my network configuration works for my company and I see no complelling
reason to change it to your model.

My current sticking point is how to recover my AD from a failed hardware
disaster. I assume that there must be a method to do this or a method to
migrate the AD to a new hardware configuration. What I would like is the
easiest/best method to accomplish this. If it cannot be done, then I'll work
on that premise and come up with some other plan. If I need to make changes
to my AD structure to make it easier (i.e. make the root domain limited with
just the MS accounts and to set up a child domain (the rest of the company)
below it to make it easier to recover - I can do that. However, I would
appreciate you attempting to work within my model even if you consider that
my model has unacceptable risks in your opinion.

I *do* appreciate your time and responses.

"Mike Brannigan [MSFT]" <mikebran@online.microsoft.com> wrote in message
news:OtSTr1sAEHA.2768@TK2MSFTNGP09.phx.gbl...
> You were not misinformed in any way - from a technical and performance
> perspective a single Windows Server 2003 system will more then cope with
> your requirements.
> HOWEVER from a disaster recovery, single point of failure and general
> availability stance - you should never rely on a single server to provide
> all of your essential services - be that a Netware or a Windows system.
> This leads you to the scenario you are encountering, in the event of a
> failure (hardware or otherwise) your only option may be a repair and
recover
> from backup, whereas with another server providing various services such
as
> a authentication and file and print as well as the first you recover
process
> may be only required to recover a files that were on the other server but
> all services remain operational.
>
> You would never get a Novell consultant to recommend a single server
> providing NDS and File and Print for a corporate, because as I said
above -
> it is certainly technically feasible from a spec and performance
perspective
> it is reckless and an unacceptable risk to your business from an
operations
> perspective to have such an exposed single point of failure.
>
> This is not about technology or product but is about sound operational
> processes, practices and procedures.
>
> It should be noted that if you analyse your working practices and do not
> actually rely on your server infrastructure for business continuity the a
> single point of failure is not a risk and is an acceptable option for you.
> --
> Regards,
>
> Mike
> --
> Mike Brannigan [Microsoft]
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights
>
> Please note I cannot respond to e-mailed questions, please use these
> newsgroups
>
> "LKuderick" <npm[NO*SPAM*]@tampabay.rr.com> wrote in message
> news:e1tnAosAEHA.3256@TK2MSFTNGP09.phx.gbl...
> > Mike,
> >
> > Sorry, but when I was researching whether to stay with Novell or jump to
> > Windows Server 2003 I was told by the Microsoft sales team that
everything
> I
> > needed could be handled by a single server box. I administer a small
> > manufacturing company and the main purpose of the server is to act as a
> file
> > server. 40 of the workstations that are attached to the system are out
on
> > the shop floor and mainly reference data stored on the system. Of the
> other
> > 20+ systems, 8-10 are relative power users and the rest are clerics or
> > engineers that perform most of their work on their own local stations
> saving
> > the final versions down to the server to be accessed by the other 40
shop
> > floor stations. Using Novell as a comparison, everything was handled by
a
> > single server and it was done well for over 10 years.
> >
> > That said, I see no reason to have a second box dedicated to only
running
> a
> > DC, if under Windows Server this is necessary then I've been mislead and
> > perhaps I need to reconsider our abandonment of Novell. I assure you
it's
> > not because of the cost of having a 2nd box, it's because I can't
> visualize
> > why I would need to have the AD/DC on a 2nd server (which I would assume
> > would require a 2nd licensed version of Windows Server).
> >
> > If you wish to state your opinion on why I should not run a production
> > domain on with only one server, that's fine. However, I can not think of
> any
> > compelling reason why I should have to change from my 1 server model
that
> > has worked with this company for 16+ years.
> >
> > Larry
> >
> > "Mike Brannigan [MSFT]" <mikebran@online.microsoft.com> wrote in message
> > news:%23FCTJLsAEHA.2480@TK2MSFTNGP12.phx.gbl...
> > > Step one - NEVER EVER run a production domain with only one server.
> > > Buy and install an additional DC.
> > >
> > > (I'll address the rest of your scenario and questions later - just a
bit
> > > tied up at the moment)
> > >
> > > --
> > > Regards,
> > >
> > > Mike
> > > --
> > > Mike Brannigan [Microsoft]
> > >
> > > This posting is provided "AS IS" with no warranties, and confers no
> > > rights
> > >
> > > Please note I cannot respond to e-mailed questions, please use these
> > > newsgroups
> > >
> > > "LKuderick" <npm[NO*SPAM*]@tampabay.rr.com> wrote in message
> > > news:uOUDX6rAEHA.1548@TK2MSFTNGP12.phx.gbl...
> > > > Mike,
> > > >
> > > > I reviewed that article, however that doesn't seem to address my
> > > particular
> > > > problem. I need to copy the existing root domain from our live
server
> to
> > > our
> > > > test server. I'm attempting to put together a Disaster Recovery
> document
> > > and
> > > > I need to be able to restore from a backup the entire original root
> > domain
> > > > to new hardware with the minimum of time.
> > > >
> > > > Here is exactly what I want to do: I am simulating a hardware
failure
> of
> > > the
> > > > motherboard or cpu and they either cannot immediately be replaced or
> are
> > > not
> > > > available and I need to get our company server back as quickly as
> > > possible.
> > > >
> > > > We have only one server, and only one domain on the server.
> > > >
> > > > Using ASR doesn't work to a new hardware box as it copies hardware
and
> > > > registry entries that may not be valid on the new server (I tried
this
> > > route
> > > > and had many problems and ultimately corrupted the install). What I
> need
> > > to
> > > > be able to do is to restore the Active directory from the system
state
> > > > backup to the new system.
> > > >
> > > > On the new system I plan the following steps:
> > > >
> > > > 1. I will have to reinstall Windows 2003 server software. This is a
> > given.
> > > >
> > > > 2. I'm assuming at this point it is better to then let Windows
Server
> > 2003
> > > > setup and configure the DNS and DCHP services as the first server.
> > > >
> > > > 3. Running DCPROMO at this time, I only get the option to remove the
> > > > existing DNS tree structure. I'm assuming that I have to go ahead
and
> > > > perform this function in order to later restore the AD from the
> backup.
> > > >
> > > > 4. At this time I would like to install from backup the existing AD
> > > > structure to the new Server. Using PCPROMO again, I get two choices,
> to
> > > > setup a new Domain or to select Additional domain controller in an
> > > existing
> > > > domain. If I select the Additional domain selection I get the option
> to
> > > > create the domain from backup files. However, I then have to enter
> > network
> > > > credentials (User/Password/Doman) from an existing domain (which
does
> > not
> > > > exist) in order to continue. If I select the option to create a new
> > > Domain,
> > > > I do not get the option to create it from backup files (which is
> really
> > > what
> > > > I want). So exactly how to do I proceed? If this is the method to
> > perform
> > > > the restore - what credentials are used (obviously not the
> Administrator
> > > > account used to log into the system - because I attempted that and
it
> > > > wouldn't work)? Or if you can use that account, what should I use as
> the
> > > > domain to validate the account?
> > > >
> > > > There has to be a way to do this. While I can recreate the AD from
> > scratch
> > > > (we only have some 60 user accounts), it seems that has to be a way
to
> > > > recover this information from a system state backup. If I'm missing
> > > > something obvious, please forgive me and be patient in your reply.
> > > >
> > > > Thanks!
> > > >
> > > > "Mike Brannigan [MSFT]" <mikebran@online.microsoft.com> wrote in
> message
> > > > news:u9kaMyjAEHA.2600@TK2MSFTNGP09.phx.gbl...
> > > > > "LKuderick" <npm[NO*SPAM*]@tampabay.rr.com> wrote in message
> > > > > news:%23ZbKXiiAEHA.1548@TK2MSFTNGP12.phx.gbl...
> > > > > > Mike,
> > > > > >
> > > > > > I see no such option the the dcpromo.exe command. You can use
the
> > /adv
> > > > > > switch, but nowhere does it give you the option to 'build from
> > media'
> > > as
> > > > > far
> > > > > > as I can see. Can you be more specific as I want to do the same
> > > Muster.
> > > > > >
> > > > > > Thanks!
> > > > >
> > > > > see
> > > > >
> > > >
> > >
> >
>
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deployguide/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/all/deployguide/en-us/dssbm_drd_gmcr.asp
> > > > >
> > > > > --
> > > > > Regards,
> > > > >
> > > > > Mike
> > > > > --
> > > > > Mike Brannigan [Microsoft]
> > > > >
> > > > > This posting is provided "AS IS" with no warranties, and confers
no
> > > > > rights
> > > > >
> > > > > Please note I cannot respond to e-mailed questions, please use
these
> > > > > newsgroups
> > > > >
> > > > > "LKuderick" <npm[NO*SPAM*]@tampabay.rr.com> wrote in message
> > > > > news:%23ZbKXiiAEHA.1548@TK2MSFTNGP12.phx.gbl...
> > > > > > Mike,
> > > > > >
> > > > > > I see no such option the the dcpromo.exe command. You can use
the
> > /adv
> > > > > > switch, but nowhere does it give you the option to 'build from
> > media'
> > > as
> > > > > far
> > > > > > as I can see. Can you be more specific as I want to do the same
> > > Muster.
> > > > > >
> > > > > > Thanks!
> > > > > >
> > > > > >
> > > > > > "Mike Brannigan [MSFT]" <mikebran@online.microsoft.com> wrote in
> > > message
> > > > > > news:%23icgf9DAEHA.808@TK2MSFTNGP12.phx.gbl...
> > > > > > > "Muster" <stefan@netlane.com> wrote in message
> > > > > > > news:ce1076cb.0403020126.4b559707@posting.google.com...
> > > > > > > > I would like to set up a replica of our AD on a testserver,
> > mainly
> > > > to
> > > > > > > > test import/export functions of userdata. The testserver
> cannot
> > be
> > > > on
> > > > > > > > the same LAN as the production server.
> > > > > > > > I've tried making a backup/restore but since System state
also
> > > > backups
> > > > > > > > the registry the restored machine becomes a mess since
either
> > > > hardware
> > > > > > > > or software is the same.
> > > > > > > >
> > > > > > > > How can I make a copy of the ad database and restore it on
my
> > new
> > > > > > > > machine?
> > > > > > >
> > > > > > > You can take a backup and then do a DCPROMO and "build from
> media"
> > > on
> > > > > the
> > > > > > > test system.
> > > > > > > This is only applicable to Server 2003
> > > > > > >
> > > > > > > --
> > > > > > > Regards,
> > > > > > >
> > > > > > > Mike
> > > > > > > --
> > > > > > > Mike Brannigan [Microsoft]
> > > > > > >
> > > > > > > This posting is provided "AS IS" with no warranties, and
confers
> > no
> > > > > > > rights
> > > > > > >
> > > > > > > Please note I cannot respond to e-mailed questions, please use
> > these
> > > > > > > newsgroups
> > > > > > >
> > > > > > > "Muster" <stefan@netlane.com> wrote in message
> > > > > > > news:ce1076cb.0403020126.4b559707@posting.google.com...
> > > > > > > > I would like to set up a replica of our AD on a testserver,
> > mainly
> > > > to
> > > > > > > > test import/export functions of userdata. The testserver
> cannot
> > be
> > > > on
> > > > > > > > the same LAN as the production server.
> > > > > > > > I've tried making a backup/restore but since System state
also
> > > > backups
> > > > > > > > the registry the restored machine becomes a mess since
either
> > > > hardware
> > > > > > > > or software is the same.
> > > > > > > >
> > > > > > > > How can I make a copy of the ad database and restore it on
my
> > new
> > > > > > > > machine?
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>