Re: Copy Active Directory Database to test server

From: LKuderick (npm[NO*SPAM*)
Date: 03/05/04 

Date: Fri, 5 Mar 2004 14:46:13 -0500

Okay,

Now that we have that out of the way. Can you help with my problem?

"Mike Brannigan [MSFT]" <mikebran@online.microsoft.com> wrote in message
news:eRTyuHuAEHA.444@TK2MSFTNGP11.phx.gbl...
> As I said in my closing line
>
> "It should be noted that if you analyse your working practices and do not
> actually rely on your server infrastructure for business continuity the a
> single point of failure is not a risk and is an acceptable option for
you."
>
> So I do understand and agree with your assessment and willingness to
accept
> the risk of the single point of failure.
>
> --
> Regards,
>
> Mike
> --
> Mike Brannigan [Microsoft]
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights
>
> Please note I cannot respond to e-mailed questions, please use these
> newsgroups
>
> "LKuderick" <npm[NO*SPAM*]@tampabay.rr.com> wrote in message
> news:OkaSyxtAEHA.688@tk2msftngp13.phx.gbl...
> > Sorry Mike, While I understand your position, your risk assessment of my
> > position is not supported by my experience. I have been MIS manager of
> this
> > company for over 16 years and we have had 2 major hardware failures in
> that
> > time and perhaps 4 or 5 minor ones. The major ones were recovered in no
> more
> > than 4-6 hours (completely acceptable timeframe in my company) and the
> minor
> > ones were recovered in 30 mins to 2 hours (again completely acceptable).
> > None of our business is dependent on the computer being in operation 24
> > hours. Programs that run Tape Mills can be loaded from local machines or
> > even from tape backups. Blueprints are replicated to paper files (it's
> part
> > of our ISO requirements). Our company can function fine without a file
> > server online for a period of days (although that would not be
desirable).
> > We have complete disaster recovery conditions for most situations and
> > expected recovery timelines that are fine given our business model (If I
> was
> > managing a company that was more computer dependent (i.e. MSFT), I would
> use
> > more replication, however, in my situation more replication is not worth
> the
> > work or cost).
> >
> > So my network configuration works for my company and I see no
complelling
> > reason to change it to your model.
> >
> > My current sticking point is how to recover my AD from a failed hardware
> > disaster. I assume that there must be a method to do this or a method to
> > migrate the AD to a new hardware configuration. What I would like is the
> > easiest/best method to accomplish this. If it cannot be done, then I'll
> work
> > on that premise and come up with some other plan. If I need to make
> changes
> > to my AD structure to make it easier (i.e. make the root domain limited
> with
> > just the MS accounts and to set up a child domain (the rest of the
> company)
> > below it to make it easier to recover - I can do that. However, I would
> > appreciate you attempting to work within my model even if you consider
> that
> > my model has unacceptable risks in your opinion.
> >
> > I *do* appreciate your time and responses.
> >
> > "Mike Brannigan [MSFT]" <mikebran@online.microsoft.com> wrote in message
> > news:OtSTr1sAEHA.2768@TK2MSFTNGP09.phx.gbl...
> > > You were not misinformed in any way - from a technical and performance
> > > perspective a single Windows Server 2003 system will more then cope
with
> > > your requirements.
> > > HOWEVER from a disaster recovery, single point of failure and general
> > > availability stance - you should never rely on a single server to
> provide
> > > all of your essential services - be that a Netware or a Windows
system.
> > > This leads you to the scenario you are encountering, in the event of
a
> > > failure (hardware or otherwise) your only option may be a repair and
> > recover
> > > from backup, whereas with another server providing various services
> such
> > as
> > > a authentication and file and print as well as the first you recover
> > process
> > > may be only required to recover a files that were on the other server
> but
> > > all services remain operational.
> > >
> > > You would never get a Novell consultant to recommend a single server
> > > providing NDS and File and Print for a corporate, because as I said
> > above -
> > > it is certainly technically feasible from a spec and performance
> > perspective
> > > it is reckless and an unacceptable risk to your business from an
> > operations
> > > perspective to have such an exposed single point of failure.
> > >
> > > This is not about technology or product but is about sound operational
> > > processes, practices and procedures.
> > >
> > > It should be noted that if you analyse your working practices and do
not
> > > actually rely on your server infrastructure for business continuity
the
> a
> > > single point of failure is not a risk and is an acceptable option for
> you.
> > > --
> > > Regards,
> > >
> > > Mike
> > > --
> > > Mike Brannigan [Microsoft]
> > >
> > > This posting is provided "AS IS" with no warranties, and confers no
> > > rights
> > >
> > > Please note I cannot respond to e-mailed questions, please use these
> > > newsgroups
> > >
> > > "LKuderick" <npm[NO*SPAM*]@tampabay.rr.com> wrote in message
> > > news:e1tnAosAEHA.3256@TK2MSFTNGP09.phx.gbl...
> > > > Mike,
> > > >
> > > > Sorry, but when I was researching whether to stay with Novell or
jump
> to
> > > > Windows Server 2003 I was told by the Microsoft sales team that
> > everything
> > > I
> > > > needed could be handled by a single server box. I administer a small
> > > > manufacturing company and the main purpose of the server is to act
as
> a
> > > file
> > > > server. 40 of the workstations that are attached to the system are
out
> > on
> > > > the shop floor and mainly reference data stored on the system. Of
the
> > > other
> > > > 20+ systems, 8-10 are relative power users and the rest are clerics
or
> > > > engineers that perform most of their work on their own local
stations
> > > saving
> > > > the final versions down to the server to be accessed by the other 40
> > shop
> > > > floor stations. Using Novell as a comparison, everything was handled
> by
> > a
> > > > single server and it was done well for over 10 years.
> > > >
> > > > That said, I see no reason to have a second box dedicated to only
> > running
> > > a
> > > > DC, if under Windows Server this is necessary then I've been mislead
> and
> > > > perhaps I need to reconsider our abandonment of Novell. I assure you
> > it's
> > > > not because of the cost of having a 2nd box, it's because I can't
> > > visualize
> > > > why I would need to have the AD/DC on a 2nd server (which I would
> assume
> > > > would require a 2nd licensed version of Windows Server).
> > > >
> > > > If you wish to state your opinion on why I should not run a
production
> > > > domain on with only one server, that's fine. However, I can not
think
> of
> > > any
> > > > compelling reason why I should have to change from my 1 server model
> > that
> > > > has worked with this company for 16+ years.
> > > >
> > > > Larry
> > > >
> > > > "Mike Brannigan [MSFT]" <mikebran@online.microsoft.com> wrote in
> message
> > > > news:%23FCTJLsAEHA.2480@TK2MSFTNGP12.phx.gbl...
> > > > > Step one - NEVER EVER run a production domain with only one
server.
> > > > > Buy and install an additional DC.
> > > > >
> > > > > (I'll address the rest of your scenario and questions later - just
a
> > bit
> > > > > tied up at the moment)
> > > > >
> > > > > --
> > > > > Regards,
> > > > >
> > > > > Mike
> > > > > --
> > > > > Mike Brannigan [Microsoft]
> > > > >
> > > > > This posting is provided "AS IS" with no warranties, and confers
no
> > > > > rights
> > > > >
> > > > > Please note I cannot respond to e-mailed questions, please use
these
> > > > > newsgroups
> > > > >
> > > > > "LKuderick" <npm[NO*SPAM*]@tampabay.rr.com> wrote in message
> > > > > news:uOUDX6rAEHA.1548@TK2MSFTNGP12.phx.gbl...
> > > > > > Mike,
> > > > > >
> > > > > > I reviewed that article, however that doesn't seem to address my
> > > > > particular
> > > > > > problem. I need to copy the existing root domain from our live
> > server
> > > to
> > > > > our
> > > > > > test server. I'm attempting to put together a Disaster Recovery
> > > document
> > > > > and
> > > > > > I need to be able to restore from a backup the entire original
> root
> > > > domain
> > > > > > to new hardware with the minimum of time.
> > > > > >
> > > > > > Here is exactly what I want to do: I am simulating a hardware
> > failure
> > > of
> > > > > the
> > > > > > motherboard or cpu and they either cannot immediately be
replaced
> or
> > > are
> > > > > not
> > > > > > available and I need to get our company server back as quickly
as
> > > > > possible.
> > > > > >
> > > > > > We have only one server, and only one domain on the server.
> > > > > >
> > > > > > Using ASR doesn't work to a new hardware box as it copies
hardware
> > and
> > > > > > registry entries that may not be valid on the new server (I
tried
> > this
> > > > > route
> > > > > > and had many problems and ultimately corrupted the install).
What
> I
> > > need
> > > > > to
> > > > > > be able to do is to restore the Active directory from the system
> > state
> > > > > > backup to the new system.
> > > > > >
> > > > > > On the new system I plan the following steps:
> > > > > >
> > > > > > 1. I will have to reinstall Windows 2003 server software. This
is
> a
> > > > given.
> > > > > >
> > > > > > 2. I'm assuming at this point it is better to then let Windows
> > Server
> > > > 2003
> > > > > > setup and configure the DNS and DCHP services as the first
server.
> > > > > >
> > > > > > 3. Running DCPROMO at this time, I only get the option to remove
> the
> > > > > > existing DNS tree structure. I'm assuming that I have to go
ahead
> > and
> > > > > > perform this function in order to later restore the AD from the
> > > backup.
> > > > > >
> > > > > > 4. At this time I would like to install from backup the existing
> AD
> > > > > > structure to the new Server. Using PCPROMO again, I get two
> choices,
> > > to
> > > > > > setup a new Domain or to select Additional domain controller in
an
> > > > > existing
> > > > > > domain. If I select the Additional domain selection I get the
> option
> > > to
> > > > > > create the domain from backup files. However, I then have to
enter
> > > > network
> > > > > > credentials (User/Password/Doman) from an existing domain (which
> > does
> > > > not
> > > > > > exist) in order to continue. If I select the option to create a
> new
> > > > > Domain,
> > > > > > I do not get the option to create it from backup files (which is
> > > really
> > > > > what
> > > > > > I want). So exactly how to do I proceed? If this is the method
to
> > > > perform
> > > > > > the restore - what credentials are used (obviously not the
> > > Administrator
> > > > > > account used to log into the system - because I attempted that
and
> > it
> > > > > > wouldn't work)? Or if you can use that account, what should I
use
> as
> > > the
> > > > > > domain to validate the account?
> > > > > >
> > > > > > There has to be a way to do this. While I can recreate the AD
from
> > > > scratch
> > > > > > (we only have some 60 user accounts), it seems that has to be a
> way
> > to
> > > > > > recover this information from a system state backup. If I'm
> missing
> > > > > > something obvious, please forgive me and be patient in your
reply.
> > > > > >
> > > > > > Thanks!
> > > > > >
> > > > > > "Mike Brannigan [MSFT]" <mikebran@online.microsoft.com> wrote in
> > > message
> > > > > > news:u9kaMyjAEHA.2600@TK2MSFTNGP09.phx.gbl...
> > > > > > > "LKuderick" <npm[NO*SPAM*]@tampabay.rr.com> wrote in message
> > > > > > > news:%23ZbKXiiAEHA.1548@TK2MSFTNGP12.phx.gbl...
> > > > > > > > Mike,
> > > > > > > >
> > > > > > > > I see no such option the the dcpromo.exe command. You can
use
> > the
> > > > /adv
> > > > > > > > switch, but nowhere does it give you the option to 'build
from
> > > > media'
> > > > > as
> > > > > > > far
> > > > > > > > as I can see. Can you be more specific as I want to do the
> same
> > > > > Muster.
> > > > > > > >
> > > > > > > > Thanks!
> > > > > > >
> > > > > > > see
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deployguide/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/all/deployguide/en-us/dssbm_drd_gmcr.asp
> > > > > > >
> > > > > > > --
> > > > > > > Regards,
> > > > > > >
> > > > > > > Mike
> > > > > > > --
> > > > > > > Mike Brannigan [Microsoft]
> > > > > > >
> > > > > > > This posting is provided "AS IS" with no warranties, and
confers
> > no
> > > > > > > rights
> > > > > > >
> > > > > > > Please note I cannot respond to e-mailed questions, please use
> > these
> > > > > > > newsgroups
> > > > > > >
> > > > > > > "LKuderick" <npm[NO*SPAM*]@tampabay.rr.com> wrote in message
> > > > > > > news:%23ZbKXiiAEHA.1548@TK2MSFTNGP12.phx.gbl...
> > > > > > > > Mike,
> > > > > > > >
> > > > > > > > I see no such option the the dcpromo.exe command. You can
use
> > the
> > > > /adv
> > > > > > > > switch, but nowhere does it give you the option to 'build
from
> > > > media'
> > > > > as
> > > > > > > far
> > > > > > > > as I can see. Can you be more specific as I want to do the
> same
> > > > > Muster.
> > > > > > > >
> > > > > > > > Thanks!
> > > > > > > >
> > > > > > > >
> > > > > > > > "Mike Brannigan [MSFT]" <mikebran@online.microsoft.com>
wrote
> in
> > > > > message
> > > > > > > > news:%23icgf9DAEHA.808@TK2MSFTNGP12.phx.gbl...
> > > > > > > > > "Muster" <stefan@netlane.com> wrote in message
> > > > > > > > > news:ce1076cb.0403020126.4b559707@posting.google.com...
> > > > > > > > > > I would like to set up a replica of our AD on a
> testserver,
> > > > mainly
> > > > > > to
> > > > > > > > > > test import/export functions of userdata. The testserver
> > > cannot
> > > > be
> > > > > > on
> > > > > > > > > > the same LAN as the production server.
> > > > > > > > > > I've tried making a backup/restore but since System
state
> > also
> > > > > > backups
> > > > > > > > > > the registry the restored machine becomes a mess since
> > either
> > > > > > hardware
> > > > > > > > > > or software is the same.
> > > > > > > > > >
> > > > > > > > > > How can I make a copy of the ad database and restore it
on
> > my
> > > > new
> > > > > > > > > > machine?
> > > > > > > > >
> > > > > > > > > You can take a backup and then do a DCPROMO and "build
from
> > > media"
> > > > > on
> > > > > > > the
> > > > > > > > > test system.
> > > > > > > > > This is only applicable to Server 2003
> > > > > > > > >
> > > > > > > > > --
> > > > > > > > > Regards,
> > > > > > > > >
> > > > > > > > > Mike
> > > > > > > > > --
> > > > > > > > > Mike Brannigan [Microsoft]
> > > > > > > > >
> > > > > > > > > This posting is provided "AS IS" with no warranties, and
> > confers
> > > > no
> > > > > > > > > rights
> > > > > > > > >
> > > > > > > > > Please note I cannot respond to e-mailed questions, please
> use
> > > > these
> > > > > > > > > newsgroups
> > > > > > > > >
> > > > > > > > > "Muster" <stefan@netlane.com> wrote in message
> > > > > > > > > news:ce1076cb.0403020126.4b559707@posting.google.com...
> > > > > > > > > > I would like to set up a replica of our AD on a
> testserver,
> > > > mainly
> > > > > > to
> > > > > > > > > > test import/export functions of userdata. The testserver
> > > cannot
> > > > be
> > > > > > on
> > > > > > > > > > the same LAN as the production server.
> > > > > > > > > > I've tried making a backup/restore but since System
state
> > also
> > > > > > backups
> > > > > > > > > > the registry the restored machine becomes a mess since
> > either
> > > > > > hardware
> > > > > > > > > > or software is the same.
> > > > > > > > > >
> > > > > > > > > > How can I make a copy of the ad database and restore it
on
> > my
> > > > new
> > > > > > > > > > machine?
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>