BU domain controller 2016 via vss

  • 140 Views
  • Last Post 15 April 2019
Alix posted this 11 April 2019

Hi Everyone,
(First, being a native french speaking, I apologize for the bad english)
We do the backup of our Domain controllers (which are virtual machine on vmware ESXi) via a third application and it is based on system state backup.
It works great with Domain controller 2008 R2 and 2012 R2.
For the moment, we are in the process of upgrading to Domain Controller 2016.
We have a problem concerning the backup : it is impossible to use our third application and the system state backup as before.
So, we have made some tests with Vsphere Data Protection (using vss and snapshot)  on a  private active directory domain with one domain controller :- take backup of the entire vm domain controller, - shutdown (or delete) the original vm domain controller- restore the vm domain controller from the backup.
It is all right and we are planning to use this in production : a domain with 2 domain controller. 
Problem : Just discovering the feature : vm-generation Id etc...So, it seems that our daily backup could initiate a total disaster by disturbing the replication and the RID ???
Same disaster if we clone a domain controller to a (completely separated and isolated) host ESXi ??? (We use this scenario to test an upgrade for example).
Any information will be very appreciated. Thanks !
Alix

Order By: Standard | Newest | Votes
Alix posted this 11 April 2019

After doing some tests :My virtual domain controller doesn't change (VM-GenerationId, msDS GenerationId, InvocationID) after a clone or after a snapshot.=> It will continue to replicate with the other domain controllers.
The clone vm has a different VM-GenerationId, a different msDS GenerationId and a different InvocationID of the original vm.As far as I understand, the clone cannot replicate with the other domain controller BUT it could be used in disaster recovery (when no other domain controller are present).
Conclusion :1. So, we can use Vsphere Data Protection (using vss and snapshot)  for disaster recovery but not for "restore a DC from a backup and let him replicate with other DC".And, in this case, we delete this DC and promote an other one.
2. We can use cloning a domain controller to a seperate and isolated ESXi for doing test.
Correct ?Thancks,
Alix
Le jeu. 11 avr. 2019 à 14:31, Alix Henrotte <alix.henrotte@xxxxxxxxxxxxxxxx> a écrit :
Hi Everyone,
(First, being a native french speaking, I apologize for the bad english)
We do the backup of our Domain controllers (which are virtual machine on vmware ESXi) via a third application and it is based on system state backup.
It works great with Domain controller 2008 R2 and 2012 R2.
For the moment, we are in the process of upgrading to Domain Controller 2016.
We have a problem concerning the backup : it is impossible to use our third application and the system state backup as before.
So, we have made some tests with Vsphere Data Protection (using vss and snapshot)  on a  private active directory domain with one domain controller :- take backup of the entire vm domain controller, - shutdown (or delete) the original vm domain controller- restore the vm domain controller from the backup.
It is all right and we are planning to use this in production : a domain with 2 domain controller. 
Problem : Just discovering the feature : vm-generation Id etc...So, it seems that our daily backup could initiate a total disaster by disturbing the replication and the RID ???
Same disaster if we clone a domain controller to a (completely separated and isolated) host ESXi ??? (We use this scenario to test an upgrade for example).
Any information will be very appreciated. Thanks !
Alix

bdesmond posted this 11 April 2019

Not entirely... The change in VM Generation ID (which is mirrored in the msDS-GenerationID attribute) is designed to prevent situations where replication might rollback or have a bubble

where changes aren’t replicated out. Resetting the invocation ID is part of that. It doesn’t prevent replication from occurring.



 

Thanks,


Brian

 

 

show

PhilipElder posted this 11 April 2019

One does not need to use a third party to back up the system state on a Windows domain controller.

 

# System State Backup via Task Scheduler

 

# Install Windows Server Backup

Install-WindowsFeature Windows-Server-Backup -IncludeAllSubfeature

-IncludeManagementTools

 

# Create a new policy

$policy =

New-WBPolicy

$VolumePath =

"D"

 

# Back up the system state

Add-WBSystemState -Policy

$policy

 

# Set up the target

$target =

New-WBBackupTarget -VolumePath

$VolumePath

 

# Add the Target

Add-WBBackupTarget -Policy

$policy -Target

$target

 

# Add to Task Scheduler for a regular SS

Start-WBBackup -Policy

$policy

 

 

I’ve not figured out the Task Scheduler PowerShell as of yet.

J

 

Philip Elder MCTS

Microsoft High Availability MVP

E-mail:

PhilipElder@xxxxxxxxxxxxxxxx

Phone: (780) 458-2028

www.CommodityClusters.Com

Blog Site

Twitter: MPECSInc

Skype: MPECS Inc.

Cloud: Canadian Cloud Worx

 

 

Please note: Although we may sometimes respond to email, text and phone calls instantly at all hours of the day, our regular business hours are 8:00 AM - 5:00 PM, Monday thru

Friday.


 

show

Alix posted this 15 April 2019

Thanks for your explanations concerning DS Generation Id.
Concerning the BU : we have used wbadmin in the past but we prefer using the same solutions for all the servers.
So, taking backup of the VM (using Vsphere Data Protection + vss and snapshot) Domain Controller just as an other server is what we looking for.
Alix
Le jeu. 11 avr. 2019 à 19:00, Philip Elder <PhilipElder@xxxxxxxxxxxxxxxx> a écrit :
















One does not need to use a third party to back up the system state on a Windows domain controller.

 

# System State Backup via Task Scheduler

 

# Install Windows Server Backup

Install-WindowsFeature Windows-Server-Backup -IncludeAllSubfeature

-IncludeManagementTools

 

# Create a new policy

$policy =

New-WBPolicy

$VolumePath =

"D"

 

# Back up the system state

Add-WBSystemState -Policy

$policy

 

# Set up the target

$target =

New-WBBackupTarget -VolumePath

$VolumePath

 

# Add the Target

Add-WBBackupTarget -Policy

$policy -Target

$target

 

# Add to Task Scheduler for a regular SS

Start-WBBackup -Policy

$policy

 

 

I’ve not figured out the Task Scheduler PowerShell as of yet.

J

 

Philip Elder MCTS

Microsoft High Availability MVP

E-mail:

PhilipElder@xxxxxxxxxxxxxxxx

Phone: (780) 458-2028

www.CommodityClusters.Com

Blog Site

Twitter: MPECSInc

Skype: MPECS Inc.

Cloud: Canadian Cloud Worx

 

 

Please note: Although we may sometimes respond to email, text and phone calls instantly at all hours of the day, our regular business hours are 8:00 AM - 5:00 PM, Monday thru

Friday.


 

show

Close