Domain Controller Disaster Recovery

I'm running a single Windows 2000 server Domain Controller in a small
network with 9 computers. I take daily backups of the full system to DVD
discs which are stored offsite. If, for instance, the computer is stolen or
consumed in a fire, how do I quickly recover my system to an operational
state? Obviously I'd purchase new hardware but it would almost certainly be
different, i.e. faster processor, more memory, etc.



All references to this problem seem to indicate how to restore a Domain
Controller back to the same machine, not much use after a fire though. How
do big organisations cover themselves from major hardware failure?



Any help or direction on this problem would be appreciated, thank you.

In short, reinstall the OS to the same or better, promot the server to a DC
using the same domain name, netbios name, db and log file locations etc....
Once it has been promoted, boot into Directory Services Recovery mode and
perform an Authoritative restore.

http://support.microsoft.com/kb/q241594/

DNS records should re-register fine, DHCP can be backed up and restored too.

http://www.windowsitpro.com/Articles...ArticleID=4976

Thats it in a nutshell Inevitably there will be some errors in the logs
that wioll need to be cleared up. Wanna do a test run? Download Virtual PC
2004 trial and give it a run through

http://www.microsoft.com/windows/virtualpc/default.mspx

--

Rodney Buike MCSE 2000/2003
http://thelazyadmin.com


"Dan Page" <(E-Mail Removed)> wrote in message
news:u$ED%(E-Mail Removed)...
> I'm running a single Windows 2000 server Domain Controller in a small
> network with 9 computers. I take daily backups of the full system to DVD
> discs which are stored offsite. If, for instance, the computer is stolen
> or consumed in a fire, how do I quickly recover my system to an
> operational state? Obviously I'd purchase new hardware but it would
> almost certainly be different, i.e. faster processor, more memory, etc.
>
>
>
> All references to this problem seem to indicate how to restore a Domain
> Controller back to the same machine, not much use after a fire though.
> How do big organisations cover themselves from major hardware failure?
>
>
>
> Any help or direction on this problem would be appreciated, thank you.
>
>
>
>

In addition to Rodney's reply review and print out the KB article below on
how to restore Active Directory to different hardware. Be sure that you are
including a backup of the System State in your backups as that is where the
AD info is. Most networks have additional domain controllers for performance
and redundancy reasons. When you have additional domain controllers you
basically dcpromo a new or repaired server and it will replicate with the
other domain controllers to become current with AD. --- Steve

http://support.microsoft.com/kb/263532

"Dan Page" <(E-Mail Removed)> wrote in message
news:u$ED%(E-Mail Removed)...
> I'm running a single Windows 2000 server Domain Controller in a small
> network with 9 computers. I take daily backups of the full system to DVD
> discs which are stored offsite. If, for instance, the computer is stolen
> or consumed in a fire, how do I quickly recover my system to an
> operational state? Obviously I'd purchase new hardware but it would
> almost certainly be different, i.e. faster processor, more memory, etc.
>
>
>
> All references to this problem seem to indicate how to restore a Domain
> Controller back to the same machine, not much use after a fire though.
> How do big organisations cover themselves from major hardware failure?
>
>
>
> Any help or direction on this problem would be appreciated, thank you.
>
>
>
>

Thank you!
I'll give Virtual PC a try I wasn't aware of this.
At what point will I require my backups? is this part of the Authoritative
Restore?

Thanks again!


"Thelazyadmin.com" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> In short, reinstall the OS to the same or better, promot the server to a
> DC using the same domain name, netbios name, db and log file locations
> etc.... Once it has been promoted, boot into Directory Services Recovery
> mode and perform an Authoritative restore.
>
> http://support.microsoft.com/kb/q241594/
>
> DNS records should re-register fine, DHCP can be backed up and restored
> too.
>
> http://www.windowsitpro.com/Articles...ArticleID=4976
>
> Thats it in a nutshell Inevitably there will be some errors in the
> logs that wioll need to be cleared up. Wanna do a test run? Download
> Virtual PC 2004 trial and give it a run through
>
> http://www.microsoft.com/windows/virtualpc/default.mspx
>
> --
>
> Rodney Buike MCSE 2000/2003
> http://thelazyadmin.com
>
>
> "Dan Page" <(E-Mail Removed)> wrote in message
> news:u$ED%(E-Mail Removed)...
>> I'm running a single Windows 2000 server Domain Controller in a small
>> network with 9 computers. I take daily backups of the full system to DVD
>> discs which are stored offsite. If, for instance, the computer is stolen
>> or consumed in a fire, how do I quickly recover my system to an
>> operational state? Obviously I'd purchase new hardware but it would
>> almost certainly be different, i.e. faster processor, more memory, etc.
>>
>>
>>
>> All references to this problem seem to indicate how to restore a Domain
>> Controller back to the same machine, not much use after a fire though.
>> How do big organisations cover themselves from major hardware failure?
>>
>>
>>
>> Any help or direction on this problem would be appreciated, thank you.
>>
>>
>>
>>
>
>

Thank you!

I do backup the system state along with everything else using NTbackup
included with windows, I don't know if this is the best solution as I'm
pretty new to this. The idea of having a 2nd computer as a backup Domain
Controller is attractive, would it automatically take over if my first DC
failed? Could I also use this to build a new server when my current server
becomes outdated?

Thanks again.

Yes teh second DC would take over. In actullity they both operate together,
but can operate independantly if one goes down. Its alot easier to lose a
DC if you have a seond DC. If you have two DCs and one dies, you can remove
it from AD with NTDSUTIL and then reinstall and promote it and it will pull
all necessarry AD info from the operational DC.

Two DC's is definatley the recommended way

--

Rodney Buike MCSE 2000/2003
http://thelazyadmin.com


"Dan Page" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Thank you!
>
> I do backup the system state along with everything else using NTbackup
> included with windows, I don't know if this is the best solution as I'm
> pretty new to this. The idea of having a 2nd computer as a backup Domain
> Controller is attractive, would it automatically take over if my first DC
> failed? Could I also use this to build a new server when my current
> server becomes outdated?
>
> Thanks again.
>
>
>
>

The second one would take over as long as the domain clients are configured
with it also as a preferred dns server in their tcp/ip properties. The other
issue would be that if the domain controller that went down held any of the
five fsmo roles you may have to transfer or seize them to the remaining
domain controller and also make sure it is a global catalog server. If the
failed dc is going to be restored in a short period of time from a System
State backup it may not be necessary to transfer/seize the fsmo role holders
and should only be done when the other domain controller will not be
restored from a System State backup. --- Steve


"Thelazyadmin.com" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Yes teh second DC would take over. In actullity they both operate
> together, but can operate independantly if one goes down. Its alot easier
> to lose a DC if you have a seond DC. If you have two DCs and one dies,
> you can remove it from AD with NTDSUTIL and then reinstall and promote it
> and it will pull all necessarry AD info from the operational DC.
>
> Two DC's is definatley the recommended way
>
> --
>
> Rodney Buike MCSE 2000/2003
> http://thelazyadmin.com
>
>
> "Dan Page" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> Thank you!
>>
>> I do backup the system state along with everything else using NTbackup
>> included with windows, I don't know if this is the best solution as I'm
>> pretty new to this. The idea of having a 2nd computer as a backup Domain
>> Controller is attractive, would it automatically take over if my first DC
>> failed? Could I also use this to build a new server when my current
>> server becomes outdated?
>>
>> Thanks again.
>>
>>
>>
>>
>
>