RE: [ActiveDir] Disaster recovery scenario comments requested.
That was my major concern too Hunter. Although we have not seen this in the lab, I am wondering in a more complex environment (like production) if the beast will rear it's ugly head then. That would be bad, very bad. Btw, thanks to all of you for the comments and scenario recommendations. Much appreciated! Dave -Original Message- From: Coleman, Hunter [mailto:[EMAIL PROTECTED] Sent: Monday, August 11, 2003 10:40 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Disaster recovery scenario comments requested. My biggest concern in this case is that you end up with an offline backup of the AD database, so you could be happily backing up a database with page-level corruption. Running a couple of virtual DCs on different physical hardare should minimize the risk of -1018 errors, though. Has anyone seen low level corruption of an ntds.dit database? Hunter -Original Message- From: Joe [mailto:[EMAIL PROTECTED] Sent: Friday, August 08, 2003 9:47 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Disaster recovery scenario comments requested. Actually VMWare or more likely Virtual Server are what we are *starting* to look at for a DR system. Basically the idea is to have a couple of nice sized Physical Servers running multiple virtual servers that are domain controllers for all Domains in the Forest. Every night one of the P-Servers shuts down all of the Virtuals and copies off the disk images to some other location for backup to tape. The next night the other P-Server does it. The beauty of this solution is that physical hardware becomes a lot less important for your DR site or your test lab (yes you could bring these images back up in a *segragated* test lab for testing of your production AD and data...). You simply load up your server and then install your virtualization software and then fire up your images and you are off to the races... We actually just got the hardware in for this, which we will use to develop the solution against the test environment and then once comfortable with it will go prod with it. Personally I think this is about the most flexible and safe DR solution you can have. I am not one for restoring AD from system state dumps. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chianese, David P. Sent: Friday, August 08, 2003 7:04 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Disaster recovery scenario comments requested. That would obviously kill the ghost image idea. I do however like the laptop and more graceful way of transferring roles at the DR site. I think I hear the chimes of VMWare ESX Server calling. Thanks for the feedback Don. I see another idea in my head now too. Alas, it's Friday and I'm late for Happy Hour -Dave -Original Message- From: Don Guyer [mailto:[EMAIL PROTECTED] Sent: Friday, August 08, 2003 5:12 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Disaster recovery scenario comments requested. David, We use similar methodology for our DR tests, by keeping a laptop running as a DC on our live network, then transferring FSMO roles at the DR site. This has worked flawlessly for us. We are now looking to be able to restore our AD evironment to a totally different server. Problem is, when we do DR testing we usually get Compaq hardware, whereas we are a Dell shop here. Don Guyer IS Dept Citadel FCU Ph: 610.380.7072 Fax: 610.380.7008 [EMAIL PROTECTED] -Original Message- From: Chianese, David P. [mailto:[EMAIL PROTECTED] Sent: Friday, August 08, 2003 1:17 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Disaster recovery scenario comments requested. All, I want to run this DR situation by the group and see if anyone else can identify any gotcha's in the process. We are currently testing out a DR scenario that involves off-site Domain controllers at a recovery center. During normal operations the DR DC's are linked to our network via VPN and fractional T1 line in order for replication to occur. When we declare a DR test or go into a live DR situation where one of our sites becomes unavailable for an extended period of time due to an outage, network issue or terrorist incident (remember 9/11?) we bring the DR site up, seize the PDC emulator roll (to add workstations, accounts and perform other urgent replication) and let our clients continue operations in all of our remote locations with little interruption of service. Now, here is the hard part. when DR is over we disconnect the DR DC from the wire and delpart.exe (format/fdisk for ntfs) all of the partitions. The site that was down is then restored and the PDC emulator roll is back to its original state. We then take the DR DC and apply a ghosted image of the server as it was when it was first dcpromo'd and let it catch up on replication. This so far has worked flawlessly in the lab. We avoid doing the metadata cleanup of the server since nothing has really changed on the DR DC
RE: [ActiveDir] Disaster recovery scenario comments requested.
Don- We're in the same spot, with production DCs running on Dell and DR hardware often being Compaq. We've found that KB810161 (http://support.microsoft.com/default.aspx?scid=kb;en-us;810161) has been important to successfully accomplishing the restores. Recently, we've also found that building the Compaq boxes with a SmartStart CD, instead of using an OS CD + specific drivers, to be much less painful. The IBM boxes that we've done test restores to have been less picky. Hunter -Original Message- From: Don Guyer [mailto:[EMAIL PROTECTED] Sent: Friday, August 08, 2003 3:12 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Disaster recovery scenario comments requested. David, We use similar methodology for our DR tests, by keeping a laptop running as a DC on our live network, then transferring FSMO roles at the DR site. This has worked flawlessly for us. We are now looking to be able to restore our AD evironment to a totally different server. Problem is, when we do DR testing we usually get Compaq hardware, whereas we are a Dell shop here. Don Guyer IS Dept Citadel FCU Ph: 610.380.7072 Fax: 610.380.7008 [EMAIL PROTECTED] -Original Message- From: Chianese, David P. [mailto:[EMAIL PROTECTED] Sent: Friday, August 08, 2003 1:17 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Disaster recovery scenario comments requested. All, I want to run this DR situation by the group and see if anyone else can identify any gotcha's in the process. We are currently testing out a DR scenario that involves off-site Domain controllers at a recovery center. During normal operations the DR DC's are linked to our network via VPN and fractional T1 line in order for replication to occur. When we declare a DR test or go into a live DR situation where one of our sites becomes unavailable for an extended period of time due to an outage, network issue or terrorist incident (remember 9/11?) we bring the DR site up, seize the PDC emulator roll (to add workstations, accounts and perform other urgent replication) and let our clients continue operations in all of our remote locations with little interruption of service. Now, here is the hard part. when DR is over we disconnect the DR DC from the wire and delpart.exe (format/fdisk for ntfs) all of the partitions. The site that was down is then restored and the PDC emulator roll is back to its original state. We then take the DR DC and apply a ghosted image of the server as it was when it was first dcpromo'd and let it catch up on replication. This so far has worked flawlessly in the lab. We avoid doing the metadata cleanup of the server since nothing has really changed on the DR DC as it was re-imaged previous to the PDC emulator roll seizure. Our lab environment is a fraction of the capacity of our Production and not as complex. Can anyone see any problems arising down the road by doing a DR process like this? The other option planned is to already have the workstations and DR environments created in a separate OU so that in a DR situation we just need to let the site that is disconnected stay disconnected and then catch up on replication when it comes back. This is my preferred method of how to handle our DR woes, but unfortunately we are not there yet. I am only looking for feedback or you to play devil's advocate on the above situation we currently have in place. Thank you in advance for your comments. Regards, David Chianese Senior Engineer IT - Server Services Delaware Investments *Powered By Research A Member of the Lincoln Financial Group This e-mail and any accompanying attachments are confidential. The information is intended solely for the use of the individual to whom it is addressed. Any review, disclosure, copying, distribution, or use of this e-mail communication by others is strictly prohibited. If you are not the intended recipient, please notify us immediately by returning this message to the sender and delete all copies. Thank you for your cooperation. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Disaster recovery scenario comments requested.
Jan, Do you know if they have published a paper or some detail on this process? Naturally, I'm interested in what they are proposing. Currently, their full-fledged technical document is slated for March 2004, which, IMHO, is way too late. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jan Wilson Sent: Sunday, August 10, 2003 10:56 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Disaster recovery scenario comments requested. Just as an aside here - MS of course displayed their VM server at tech ed - one nice idea was DR for Exchange 2003 - you would basically generate a new email server in minutes on a VM - users are then back online and you then begin to backfill their email from tape. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Disaster recovery scenario comments requested.
Just as an aside here - MS of course displayed their VM server at tech ed - one nice idea was DR for Exchange 2003 - you would basically generate a new email server in minutes on a VM - users are then back online and you then begin to backfill their email from tape. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Disaster recovery scenario comments requested.
David, We use similar methodology for our DR tests, by keeping a laptop running as a DC on our live network, then transferring FSMO roles at the DR site. This has worked flawlessly for us. We are now looking to be able to restore our AD evironment to a totally different server. Problem is, when we do DR testing we usually get Compaq hardware, whereas we are a Dell shop here. Don Guyer IS Dept Citadel FCU Ph: 610.380.7072 Fax: 610.380.7008 [EMAIL PROTECTED] -Original Message- From: Chianese, David P. [mailto:[EMAIL PROTECTED] Sent: Friday, August 08, 2003 1:17 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Disaster recovery scenario comments requested. All, I want to run this DR situation by the group and see if anyone else can identify any gotcha's in the process. We are currently testing out a DR scenario that involves off-site Domain controllers at a recovery center. During normal operations the DR DC's are linked to our network via VPN and fractional T1 line in order for replication to occur. When we declare a DR test or go into a live DR situation where one of our sites becomes unavailable for an extended period of time due to an outage, network issue or terrorist incident (remember 9/11?) we bring the DR site up, seize the PDC emulator roll (to add workstations, accounts and perform other urgent replication) and let our clients continue operations in all of our remote locations with little interruption of service. Now, here is the hard part. when DR is over we disconnect the DR DC from the wire and delpart.exe (format/fdisk for ntfs) all of the partitions. The site that was down is then restored and the PDC emulator roll is back to its original state. We then take the DR DC and apply a ghosted image of the server as it was when it was first dcpromo'd and let it catch up on replication. This so far has worked flawlessly in the lab. We avoid doing the metadata cleanup of the server since nothing has really changed on the DR DC as it was re-imaged previous to the PDC emulator roll seizure. Our lab environment is a fraction of the capacity of our Production and not as complex. Can anyone see any problems arising down the road by doing a DR process like this? The other option planned is to already have the workstations and DR environments created in a separate OU so that in a DR situation we just need to let the site that is disconnected stay disconnected and then catch up on replication when it comes back. This is my preferred method of how to handle our DR woes, but unfortunately we are not there yet. I am only looking for feedback or you to play devil's advocate on the above situation we currently have in place. Thank you in advance for your comments. Regards, David Chianese Senior Engineer IT - Server Services Delaware Investments *Powered By Research A Member of the Lincoln Financial Group This e-mail and any accompanying attachments are confidential. The information is intended solely for the use of the individual to whom it is addressed. Any review, disclosure, copying, distribution, or use of this e-mail communication by others is strictly prohibited. If you are not the intended recipient, please notify us immediately by returning this message to the sender and delete all copies. Thank you for your cooperation. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Disaster recovery scenario comments requested.
My biggest concern in this case is that you end up with an offline backup of the AD database, so you could be happily backing up a database with page-level corruption. Running a couple of virtual DCs on different physical hardare should minimize the risk of -1018 errors, though. Has anyone seen low level corruption of an ntds.dit database? Hunter -Original Message- From: Joe [mailto:[EMAIL PROTECTED] Sent: Friday, August 08, 2003 9:47 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Disaster recovery scenario comments requested. Actually VMWare or more likely Virtual Server are what we are *starting* to look at for a DR system. Basically the idea is to have a couple of nice sized Physical Servers running multiple virtual servers that are domain controllers for all Domains in the Forest. Every night one of the P-Servers shuts down all of the Virtuals and copies off the disk images to some other location for backup to tape. The next night the other P-Server does it. The beauty of this solution is that physical hardware becomes a lot less important for your DR site or your test lab (yes you could bring these images back up in a *segragated* test lab for testing of your production AD and data...). You simply load up your server and then install your virtualization software and then fire up your images and you are off to the races... We actually just got the hardware in for this, which we will use to develop the solution against the test environment and then once comfortable with it will go prod with it. Personally I think this is about the most flexible and safe DR solution you can have. I am not one for restoring AD from system state dumps. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chianese, David P. Sent: Friday, August 08, 2003 7:04 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Disaster recovery scenario comments requested. That would obviously kill the ghost image idea. I do however like the laptop and more graceful way of transferring roles at the DR site. I think I hear the chimes of VMWare ESX Server calling. Thanks for the feedback Don. I see another idea in my head now too. Alas, it's Friday and I'm late for Happy Hour -Dave -Original Message- From: Don Guyer [mailto:[EMAIL PROTECTED] Sent: Friday, August 08, 2003 5:12 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Disaster recovery scenario comments requested. David, We use similar methodology for our DR tests, by keeping a laptop running as a DC on our live network, then transferring FSMO roles at the DR site. This has worked flawlessly for us. We are now looking to be able to restore our AD evironment to a totally different server. Problem is, when we do DR testing we usually get Compaq hardware, whereas we are a Dell shop here. Don Guyer IS Dept Citadel FCU Ph: 610.380.7072 Fax: 610.380.7008 [EMAIL PROTECTED] -Original Message- From: Chianese, David P. [mailto:[EMAIL PROTECTED] Sent: Friday, August 08, 2003 1:17 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Disaster recovery scenario comments requested. All, I want to run this DR situation by the group and see if anyone else can identify any gotcha's in the process. We are currently testing out a DR scenario that involves off-site Domain controllers at a recovery center. During normal operations the DR DC's are linked to our network via VPN and fractional T1 line in order for replication to occur. When we declare a DR test or go into a live DR situation where one of our sites becomes unavailable for an extended period of time due to an outage, network issue or terrorist incident (remember 9/11?) we bring the DR site up, seize the PDC emulator roll (to add workstations, accounts and perform other urgent replication) and let our clients continue operations in all of our remote locations with little interruption of service. Now, here is the hard part. when DR is over we disconnect the DR DC from the wire and delpart.exe (format/fdisk for ntfs) all of the partitions. The site that was down is then restored and the PDC emulator roll is back to its original state. We then take the DR DC and apply a ghosted image of the server as it was when it was first dcpromo'd and let it catch up on replication. This so far has worked flawlessly in the lab. We avoid doing the metadata cleanup of the server since nothing has really changed on the DR DC as it was re-imaged previous to the PDC emulator roll seizure. Our lab environment is a fraction of the capacity of our Production and not as complex. Can anyone see any problems arising down the road by doing a DR process like this? The other option planned is to already have the workstations and DR environments created in a separate OU so that in a DR situation we just need to let the site that is disconnected stay disconnected and then catch up on replication when it comes back. This is my preferred method of how to handle
RE: [ActiveDir] Disaster recovery scenario comments requested.
That would obviously kill the ghost image idea. I do however like the laptop and more graceful way of transferring roles at the DR site. I think I hear the chimes of VMWare ESX Server calling. Thanks for the feedback Don. I see another idea in my head now too. Alas, it's Friday and I'm late for Happy Hour -Dave -Original Message- From: Don Guyer [mailto:[EMAIL PROTECTED] Sent: Friday, August 08, 2003 5:12 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Disaster recovery scenario comments requested. David, We use similar methodology for our DR tests, by keeping a laptop running as a DC on our live network, then transferring FSMO roles at the DR site. This has worked flawlessly for us. We are now looking to be able to restore our AD evironment to a totally different server. Problem is, when we do DR testing we usually get Compaq hardware, whereas we are a Dell shop here. Don Guyer IS Dept Citadel FCU Ph: 610.380.7072 Fax: 610.380.7008 [EMAIL PROTECTED] -Original Message- From: Chianese, David P. [mailto:[EMAIL PROTECTED] Sent: Friday, August 08, 2003 1:17 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Disaster recovery scenario comments requested. All, I want to run this DR situation by the group and see if anyone else can identify any gotcha's in the process. We are currently testing out a DR scenario that involves off-site Domain controllers at a recovery center. During normal operations the DR DC's are linked to our network via VPN and fractional T1 line in order for replication to occur. When we declare a DR test or go into a live DR situation where one of our sites becomes unavailable for an extended period of time due to an outage, network issue or terrorist incident (remember 9/11?) we bring the DR site up, seize the PDC emulator roll (to add workstations, accounts and perform other urgent replication) and let our clients continue operations in all of our remote locations with little interruption of service. Now, here is the hard part. when DR is over we disconnect the DR DC from the wire and delpart.exe (format/fdisk for ntfs) all of the partitions. The site that was down is then restored and the PDC emulator roll is back to its original state. We then take the DR DC and apply a ghosted image of the server as it was when it was first dcpromo'd and let it catch up on replication. This so far has worked flawlessly in the lab. We avoid doing the metadata cleanup of the server since nothing has really changed on the DR DC as it was re-imaged previous to the PDC emulator roll seizure. Our lab environment is a fraction of the capacity of our Production and not as complex. Can anyone see any problems arising down the road by doing a DR process like this? The other option planned is to already have the workstations and DR environments created in a separate OU so that in a DR situation we just need to let the site that is disconnected stay disconnected and then catch up on replication when it comes back. This is my preferred method of how to handle our DR woes, but unfortunately we are not there yet. I am only looking for feedback or you to play devil's advocate on the above situation we currently have in place. Thank you in advance for your comments. Regards, David Chianese Senior Engineer IT - Server Services Delaware Investments *Powered By Research A Member of the Lincoln Financial Group This e-mail and any accompanying attachments are confidential. The information is intended solely for the use of the individual to whom it is addressed. Any review, disclosure, copying, distribution, or use of this e-mail communication by others is strictly prohibited. If you are not the intended recipient, please notify us immediately by returning this message to the sender and delete all copies. Thank you for your cooperation. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any accompanying attachments are confidential. The information is intended solely for the use of the individual to whom it is addressed. Any review, disclosure, copying, distribution, or use of this e-mail communication by others is strictly prohibited. If you are not the intended recipient, please notify us immediately by returning this message to the sender and delete all copies. Thank you for your cooperation. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Disaster recovery scenario comments requested.
Joe, David, all - Interestingly, we've been looking at exactly the same thing, due to our remote site environment and network infrastructure, we could use any remote as a DR site. Given this, there is some level of non-consistent hardware in the remote sites and we needed a solution that would allow a majority of core business resumption is the shortest time. VMWare or some 'virtual server' technology clearly is at the forefront of our thoughts. It simply means that a quick install or startup of the services associated with the VM and the 'import', if you will, of the image created at a timely period CAN be the best possible recovery. At the worst, it will give you the needed time to recover systems that one might consider more traditional and would be used for on-going long term business. At the best, it might provide a model that could transform some systems to a different model, as the actual running of the systems for business resumption provide a 'trial-by-fire' proof that VM servers are viable alternatives for some functions. However, our testing continues - and it's interesting to hear the opinions and reactions of those who are confused by the fact that it is possible to run multiple servers on one physical machine. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Sent: Friday, August 08, 2003 10:47 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Disaster recovery scenario comments requested. Actually VMWare or more likely Virtual Server are what we are *starting* to look at for a DR system. Basically the idea is to have a couple of nice sized Physical Servers running multiple virtual servers that are domain controllers for all Domains in the Forest. Every night one of the P-Servers shuts down all of the Virtuals and copies off the disk images to some other location for backup to tape. The next night the other P-Server does it. The beauty of this solution is that physical hardware becomes a lot less important for your DR site or your test lab (yes you could bring these images back up in a *segragated* test lab for testing of your production AD and data...). You simply load up your server and then install your virtualization software and then fire up your images and you are off to the races... We actually just got the hardware in for this, which we will use to develop the solution against the test environment and then once comfortable with it will go prod with it. Personally I think this is about the most flexible and safe DR solution you can have. I am not one for restoring AD from system state dumps. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chianese, David P. Sent: Friday, August 08, 2003 7:04 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Disaster recovery scenario comments requested. That would obviously kill the ghost image idea. I do however like the laptop and more graceful way of transferring roles at the DR site. I think I hear the chimes of VMWare ESX Server calling. Thanks for the feedback Don. I see another idea in my head now too. Alas, it's Friday and I'm late for Happy Hour -Dave -Original Message- From: Don Guyer [mailto:[EMAIL PROTECTED] Sent: Friday, August 08, 2003 5:12 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Disaster recovery scenario comments requested. David, We use similar methodology for our DR tests, by keeping a laptop running as a DC on our live network, then transferring FSMO roles at the DR site. This has worked flawlessly for us. We are now looking to be able to restore our AD evironment to a totally different server. Problem is, when we do DR testing we usually get Compaq hardware, whereas we are a Dell shop here. Don Guyer IS Dept Citadel FCU Ph: 610.380.7072 Fax: 610.380.7008 [EMAIL PROTECTED] -Original Message- From: Chianese, David P. [mailto:[EMAIL PROTECTED] Sent: Friday, August 08, 2003 1:17 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Disaster recovery scenario comments requested. All, I want to run this DR situation by the group and see if anyone else can identify any gotcha's in the process. We are currently testing out a DR scenario that involves off-site Domain controllers at a recovery center. During normal operations the DR DC's are linked to our network via VPN and fractional T1 line in order for replication to occur. When we declare a DR test or go into a live DR situation where one of our sites becomes unavailable for an extended period of time due to an outage, network issue or terrorist incident (remember 9/11?) we bring the DR site up, seize the PDC emulator roll (to add workstations, accounts and perform other urgent replication) and let our clients continue operations in all of our remote locations with little interruption
RE: [ActiveDir] Disaster recovery scenario comments requested.
. Troubleshooting Troubleshooting is more a tactical skill now a day. It used to be a operations skill, but with so many functions that need to be managed, you can't rely on the same tech's to plan and troubleshoot the technology to also maintain them. Something has to give. To be a good troubleshooter you need to know network, hardware, OS, and ultimately application troubleshooting. You have to know your own abilities, be willing to grow, think differently, research, test, and ultimately execute. Also you can't plan for things you can see. A good reporting package is a must. Bindview Control has good reporting tools for both Exchange and also security. Aelita In-trust is also another good utility. Quest also has a pretty good tool for interactive troubleshooting called Spotlight. It is like perfmon on steroids. Also proactive Monitoring is a must. MOM, or NetIQ's appmanager are good tools to monitor your environment with. Mom is more event driven and can fire off resolutions. Appmanager is more historic information gathering. It is basically good to tell you something broke, and then allows you to research the historic information. Troubleshooting Exchange can be a challenge, because most of the problems come from the client side. You need to be able to collect data from a client perspective and the server's perspective, see what systems are in between and determine if it is a network bottleneck, or a hardware bottleneck. Knowing the protocols, how they act, and how they act when there is problems, is a very important thing to understand. Also understanding quirks of the systems and software is also good knowledge. Documentation and contacts are also a valuable tool. I highly recommend that you look at Chris Wolf's newest book, Troubleshooting Microsoft Technologies for further information. He is also working on a book for Enterprise troubleshooting. Conclusion I have been in 7 disasters in my lifetime. I used to work at a hospital as an orderly; train wrecks, blizzards, and patient's coding taught me that you have to work together in order to protect and heal people. In IT, I was a veteran of I Love You, Several Data Disasters, 9/11 and most recently SQL Slammer. What is interesting is that SQL slammer was actually the worst disaster I ran into, probably because it involved the most managers, and not a team. It got way too political. As you can see, DR for exchange sometimes only shows you the tip of the iceberg. I hope my sharing information to you all is helpful. Please tell me what you think, I am always open to critical review. Toddler -Original Message- From: Rick Kingslan [mailto:[EMAIL PROTECTED] Sent: Sunday, August 10, 2003 12:13 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Disaster recovery scenario comments requested. Jan, Do you know if they have published a paper or some detail on this process? Naturally, I'm interested in what they are proposing. Currently, their full-fledged technical document is slated for March 2004, which, IMHO, is way too late. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jan Wilson Sent: Sunday, August 10, 2003 10:56 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Disaster recovery scenario comments requested. Just as an aside here - MS of course displayed their VM server at tech ed - one nice idea was DR for Exchange 2003 - you would basically generate a new email server in minutes on a VM - users are then back online and you then begin to backfill their email from tape. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
