Disaster Recovery Active Directory Site – Part 1

In this blog post we will be exploring some of the key points for performing Disaster Recovery in an Active Directory Site. Almost all organizations plan for Disaster Recovery to keep Mission Critical Application up and running 24×7. But when disaster strikes its difficult to understand from where to start. We will be exploring disaster recovery scenarios for Active Directory followed by Exchange Server’s.

Best Practices

It is always a best practice to have at least two domain controllers in each site.

Estimated Time – Depends on the scenario. If data is in place then it should not take more than 2 hours.

Who Will Be Benefitted

IT Professionals, Field Engineers, Consultants, Disaster Recovery Specialists, Project Managers, etc.

Before We Begin

The account with which we are going to perform this task should be a member of Enterprise Admins Group and Domain Admins Group.

Data Gathering

  1. At least one Active Directory Domain Controller should be active and reachable.
  2. DNS Server should be reachable.

Do’s

  • Perform a checklist of what data is available and how fast we can bring the site back into production.
  • Pull all required information from the Site which is Active. Before performing Metadata Cleanup of Crashed site.
  • Make a note of DNS information and also Name of the DC along with IP address.

Don’ts

  • Do not panic.
  • Do not run into performing any steps which may cause further downtime.

===============================================

Lets Explore

For Performing Metadata Cleanup you can follow the steps listed in the below articles.

Metadata Cleanup – Unsuccessful Demotion of Domain Controller – Command Prompt

Metadata Cleanup – Unsuccessful Demotion of Domain Controller – GUI

===============================================

Scenario

Domain Name : MSEXCHANGETEAM.IN

DC Name : DC1 and DC2

Two Active Directory Sites

Default-First-Site-Name / DC1 / 10.10.0.0/16

US – Crashed Site / DC2 / 10.20.0.0/16

Windows Version : Windows Server 2008 R2 SP1

Forest Functional Level : Windows Server 2008 R2

Domain Functional Level : Windows Server 2008 R2

===============================================

Before Crash – Client Side Behavior

image

Figure 1.1 : Before Site Crashed.

In figure 1.1 we can connect to the preferred DC2 from site US.

After Crash – Client Side Behavior

image

Figure 1.2 : NSLOOKUP FAILED

Since DC2 has crashed have made clients to point to DC1 for temporary authentication. DC2 is crashed so no Active Directory Site is available. Only Default-First-Site-Name is available.

===============================================

Due to the flexible design of Active Directory we still have Users and Computer Objects intact in Primary Active Directory Site on DC1.

image

Figure 1.3 : Data available on DC1.

===============================================

Data gathering before performing recovery

image

Figure 1.4 : NLTEST

NLTEST which shows Default-First-Site-Name which is primary and the root site. One Active Directory Domain is required in any site to perform recovery.

image

Figure 1.5 : FSMO OWNERS

FSMO roles are intact and reachable.

Note : Metadata cleanup is already performed. The link to perform Metadata Cleanup is provided above.

Now that we have data available to perform recovery. In the next part we will perform the recovery for the same DC2 server with the help of DCPROMO.

If you wish to read the second part of this blog series please click below.

Disaster Recovery Active Directory Site – Part 2

Happy Recovery

Sunder

MSEXCHANGETEAM | Ideas That Clicks

Tagged , , , . Bookmark the permalink.

One Response to Disaster Recovery Active Directory Site – Part 1

  1. Nelson says:

    You proving that you are a geek squad of active directory, keep writing this book of knowledge this will be source knowledge for many like me…