SUMMARY
How should I back up a Domain Controller?
ISSUE
When an Active Directory Domain Controller (AD DC) is created as a VM, the question often arises should you back it up as a VM, or use an installed agent? With release 10.3 Unitrends now offers agent based image backups as well as file agent and VM host backup types. How do these various backup methods impact the recovery of AD?
RESOLUTION
Questions regarding general best practices for server backup mode by type of server are centrally located in the following KB, which should be the correct reference for all such queries. Should I protect an Asset using VM, File Agent, or image Agent backups? The remainder of this article will further discuss this topic as it specifically applies to AD servers in more depth, as well as provide sample scenarios to assist you in choosing the best backup method for your local DC protection scenario.
Do be aware, the listing in this article is sorted by the best method to recover. Our general Best Practice for AD is to leverage Image backups + wbadmin backups for single DC domains, and File level backups for all other AD scenarios, however, if certain recovery options are available to you, and considering RTO as a priority over simplicity, the list below sorts these in that order instead.
Note, the Per Microsoft itself, best practice to restore a DC is to NOT restore a DC. Typically, when a DC fails, the safest process is instead to build a new clean DC and join it to your still running domain and migrate FSMO roles between remaining servers as necessary. Wherever this possibility exists it will be encouraged by Unitrends Support. That said, the direct recovery of a DC does need to be planned for, specifically in scenarios where all DCs have failed, replicated corruption, where critical data is deleted and cannot be re-linked using Microsoft tools, or where a specific DC also runs additional services or contains business data against Microsoft's best practices that must be recovered.
Additional Actions: Independent of Unitrends Backups used for complete AD server recovery, there are numerous scenarios which require the use of a Microsoft wbadmin System State backup of AD to recover properly. This includes granular recovery of deleted AD objects, or rebuild of a DC on a new host manually. Regardless of which scenario below may apply to your environment, please understand the use cases for and additionally leverage Microsoft's own backups for AD in addition to Unitrends backups of your DC to ensure all possible recovery scenarios can be leveraged.
CAUSE
The best thing to consider when deciding how to back up a Domain Controller is to determine where any why it will be recovered.
This guidance is divided into 2 sections.:
Domains with a single Domain Controller
Domains with Multiple AD Controllers
For Domains with a single domain controller only: This list covers recovery options from best to worse in terms of recovery speed as well as flexibility of recovery taking into account what you may have to recover your DC onto:
1) Windows Replicas on a VMWare or Hyper-V host created from File Agent backups are best for systems not in VMWare
- Conform to Microsoft's own documented best practices
- Provides highest performance in production once spun up, running native on the VM host and storage of your choice and specs
- CPU and RAM count can be chosen at boot time, only uses 1CPU and 2GB RAM when idle.
- Can be left in production post recovery without additional actions
- Can be done for physical windows servers or VMs using the file backup agent
- Easy to configure and maintain, leverages incremental forever backup strategies
- Integrates into CDA and Recovery Automation for Enterprise plus customers
- Can be booted into ADSR mode and can perform Authoritative AD recovery
- Does require dedication of host and storage resources for the VM
- This is the typical scenario used for Unitrends DRaaS Premium customers who are not leveraging VMWare hosted DCs.
2) VMWare Replica on VMWare host using VM Host-based backups where the DC is a VMWare VM
- Provides highest performance in production once spun up, running native on the VM host and storage of your choice and spec
- Requires up to 2X the provisioned size of the VM to maintain the replica through future full backups. Not ideal for large servers, but great for typical singe-role DCs.
- Can be left in production post recovery without additional actions
- Easy to configure and maintain, leverages incremental forever backup strategies
- Can be used with DCA Recovery Automation jobs for Enterprise plus customers
- ADSR mode available, but authoritative DC recovery will require separate wbadmin SysState backup from Microsoft
- Can also be used with Unitrends DRaaS Elite or Premium entitlements.
- Supports being booted from prior checkpoints across up to 14 prior backups (configurable, default is current backup only).
- Note: certain system changes including adding or resizing disks or upgrading certain VMWare guest virtual components may require recreating the VM replica.
- This is the preferred method when leveraging Unitrends Premium DRaaS for VMWare VMs.
3) Image Agent, VMWare or Hyper-V Instant Recovery using VMWare host or Hyper-V host as a target for recovery (requires 2012+ native AD)
- Fast boot time
- Uses a reservation of up to 10% of the VM provisioned size in Unitrends internal storage resources (IR Disk space must be allocated which reduces backup capacity)
- Not ideal for database servers or other IO intensive processes, but perfect for small systems like a standalone DC
- Does not require pre-allocation/reservation of host or storage resources, only uses resources at time of recovery
- Can be left in production post-recovery without additional actions
- ADSR mode available. Authoritative recovery requires wbadmin separate system state backup.
- Can be used with Unitrends DRaaS Elite or standard contracts. Not an option for Premium DRaaS.
- Best used when Replicas on a VM platform cannot be provisioned in advance.
- Quick boot time of critical servers in a disaster where other options are not available. Typically used in small businesses or small remote sites lacking VM clusters
- runtime performance may be IO constrained while data is extracted, not ideal for high IO processes or database servers, but should be ideal for a single role DC.
- IR space reservation equal to 110% of the size of the original machine is required, which may reduce backup appliance max retention or capacity.
- Note: Cannot remain in production permanently! Once live, continue backups of the recovered system. When ready, Unitrends recommends deployment of a new DC in production, migration of FSMO roles and any other data to a new server, and deletion of the on-host copy. Dissimilar recovery to another system after running live on-host is not supported. (Image backups do not support dissimilar recovery). May be restored back to it;s original repaired hardware only.
- While live, other operations like backups, replications, or other recoveries will compete for shared resources which may affect production performance or may need to be disabled.
- Requires allocation of the original client's CPU and RAM resources. Not all appliances may have sufficient IO, CPU, or RAM resources to spin up some systems. Discuss the requirements of your current production servers you intend to support with On-Host recovery with your sales rep to ensure the appropriate physical appliance is scaled for your needs.
- wbadmin system state backup may be required to repair AD or make authoritative AD after on-host recovery.
5) Unitrends Physical Appliance On-Host Replicas using File Agent backups
- Faster runtime performance and boot vs instant recovery on the same Unitrends appliance
- Requires full client disk size to be allocated to IR/Replica space, reducing Unitrends appliance capacity.
- While Live, other operations like backups, replications, or other recoveries will compete for shared resources which may affect production performance or may need to be disabled.
- Requires allocation of at least 50% of the original client's CPU and RAM resources, minimum 2 CPU. Not all appliances may have sufficient IO, CPU, or RAM resources to spin up some systems. Discuss the requirements of your current production servers you intend to support with On-Host recovery with your sales rep to ensure the appropriate physical appliance is scaled for your needs.
- Cannot remain in production permanently! Once live, continue backups of the recovered system. When ready, Unitrends recommends deployment of a new DC in production, migration of FSMO roles and any other data to a new server, and deletion of the on-host copy.
- Windows Replica will need to be torn down and rebuilt on any major windows system change or anytime a new manual full backup is performed.
Options include (in no particular order of preference):
- uBMR Dissimilar Recovery to a compatible physical server using File Agent Backups
- uBMR Recovery to a manually created VM matching or exceeding the configuration of the original DC using File or Image backups. If using image backups, a wbamin system state shoudl be available during recovery.
- VM host backup recovery to an equal or higher edition hypervisor (note, in some cases VM Hardware versions may be upgraded by the target hypervisor on restore which may result in compatability or AD security issues after the DC is recovered). A Microsoft wbadmin System State should be available during this type of recovery to ensure AD can be repaired as needed during any type of dissimilar restore
- Construction of a new DC and recovery of AD data using an available Microsoft wbadmin System State backup (Unitrends processes are not required for this type of recovery)
For Domains with Multiple AD controllers the list of recovery options is more limited. The need for performing Authoritative DC recovery post system recovery requires access to ADSR boot mode as well as the existence of Active Directory backup data. For this reason it is more stronly suggested to NOT restore, but instead replace the failed server with a new server and migrate FSMO roles. However, when the entire domain is down, or requires authortitative rollback, Options 1, 5, and 6 above are the only recommended paths to AD recovery in a multi-DC scenario. For option 2, or 3, which are in theory possible, a Microsoft wbadmin System State must also be present on this system or other restored system accessible at the time of DC recovery and manual AD repair may be required. Image and VM backups are not recommended by Unitrends or Microsoft for scenarios with multiple DCs, File Agent protection is our only official recommendation for AD servers where multiple DCs exist.
Unitrends DRaaS support services will be required to assist customers booting to ADSR as needed which may delay recovery efforts beyond stated SLAs. .
NOTES
Restriction: AD Servers deployed as VMs in Xenserver 7.x must be restored to that platform. Please ensure if you leverage XenServer and intend on leveraging Unitrends Cloud DRaaS options that you discuss this with your sales rep so we ensure your platform is deployed in a Xen-capable cloud location.
For information on Microsoft best practices, please see "Backup and Restore Consideration for Virtualized Domain Controllers" publication direct from Microsoft or equivalent documentation as may apply for differing versions of Windows. If you are unwilling to research AD Virtualization best practices to ensure your DC environment complies with all requirements Unitrends recommends file agent backup procedures for DCs.