In this blog post we will be exploring some of the key points for performing Disaster Recovery in an Active Directory Site. Almost all organizations plan for Disaster Recovery to keep Mission Critical Application up and running 24×7. But when disaster strikes its difficult to understand from where to start. We will be exploring disaster recovery scenarios for Active Directory followed by Exchange Server’s.
It is always a best practice to have at least two domain controllers in each site.
Estimated Time – Depends on the scenario. If data is in place then it should not take more than 2 hours.
Who Will Be Benefitted
IT Professionals, Field Engineers, Consultants, Disaster Recovery Specialists, Project Managers, etc.
Before We Begin
The account with which we are going to perform this task should be a member of Enterprise Admins Group and Domain Admins Group.
- At least one Active Directory Domain Controller should be active and reachable.
- DNS Server should be reachable.
- Perform a checklist of what data is available and how fast we can bring the site back into production.
- Pull all required information from the Site which is Active. Before performing Metadata Cleanup of Crashed site.
- Make a note of DNS information and also Name of the DC along with IP address.
- Do not panic.
- Do not run into performing any steps which may cause further downtime.
For Performing Metadata Cleanup you can follow the steps listed in the below articles.
Domain Name : MSEXCHANGETEAM.IN
DC Name : DC1 and DC2
Two Active Directory Sites
Default-First-Site-Name / DC1 / 10.10.0.0/16
US – Crashed Site / DC2 / 10.20.0.0/16
Windows Version : Windows Server 2008 R2 SP1
Forest Functional Level : Windows Server 2008 R2
Domain Functional Level : Windows Server 2008 R2
Before Crash – Client Side Behavior
Figure 1.1 : Before Site Crashed.
In figure 1.1 we can connect to the preferred DC2 from site US.
After Crash – Client Side Behavior
Figure 1.2 : NSLOOKUP FAILED
Since DC2 has crashed have made clients to point to DC1 for temporary authentication. DC2 is crashed so no Active Directory Site is available. Only Default-First-Site-Name is available.
Due to the flexible design of Active Directory we still have Users and Computer Objects intact in Primary Active Directory Site on DC1.
Figure 1.3 : Data available on DC1.
Data gathering before performing recovery
Figure 1.4 : NLTEST
NLTEST which shows Default-First-Site-Name which is primary and the root site. One Active Directory Domain is required in any site to perform recovery.
Figure 1.5 : FSMO OWNERS
FSMO roles are intact and reachable.
Note : Metadata cleanup is already performed. The link to perform Metadata Cleanup is provided above.
Now that we have data available to perform recovery. In the next part we will perform the recovery for the same DC2 server with the help of DCPROMO.
If you wish to read the second part of this blog series please click below.
MSEXCHANGETEAM | Ideas That Clicks