XOA: backup Active Directory vm
-
@fatek
AD has a maximum period of difference between Domain Controller's and as far as I know it is 24h.
If you don't do this, the oldest one will be out of sync and useless. -
If you need to restore one DC from VM backup, this can help
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/virtual-dc/restore-virtualized-domain-controller#restore-the-virtual-dc-with-a-vhd-file -
You need to use an backup agent or the build in windows backup to be 100% sure you can restore it.
-
It's not really necessary.
As I said, I have 3 x DC and I restored them in the test lab and they were ok.
All three were backed up at the same time with a single normal backup task.
Below is the task I was talking about.
-
@olivierlambert Can you comment on this?
-
btw, Vinchin does not support AD backup.
-
We had 0 feedback of issues with restoring MS AD or MS SQL VMs, since we started to create backup with XO (almost 10 years).
-
@olivierlambert
Since there is 0 feedback of issues, is backup/restore of MS AD officially supported? -
We are not Microsoft experts, we do not manage what's inside your VM, and if you have a problem inside the VM, it's likely unrelated to XO. We can't guarantee the behavior of thousand of thousands of different app, we do VM backup. If official support for AD means we should have the skills to debug AD, then the answer is no. We do guarantee that the VM should be restored as when it was running.
-
I would not expect you to debug AD.
My main focus is can the MS AD vm be restored to it''s previous running state? -
It's a VM snapshot, so the VM will be at the same state than when we did the snapshot, no more, no less
-
@fatek You can backup and restore AD VMs just fine. Like @Gheppy said, ideally within the same day/same time. However, you really should have one primary AD controller and the other ones set to read-only. That way you have one source of truth, but other duplicates can respond to requests, but you need to decide if that's "correct" for your situation obviously.
-
@Nick-085 Are you doing daily full backups of your AD?
-
@fatek One primary domain controller is replicated to an off-site location using the "Continuous Replication" feature every hour using snapshot mode "with memory". The "Full Backup" interval is set to 6. This guide is followed for most of the infrastructure.
However, other LDAP servers are used for authentication and source(s) of truth, so it's a bit more complicated.
-
According to Microsoft you need to use their built in backup feature or a software that supports AD and VSS which will tell the VM OS that it is going to be backed up.
Unless you do this there might be corruption of the AD Databases according to Microsoft.ALL THO we've been backing up our AD servers with XOA snapshots (Both normal backup and incremental) and had only 1 issue since we started using XOA in 2016.
Since that issue we also use a guest agent (From Ahsay CBS) that makes a Windows System State backup and Windows System Backup.More info about that can be found here:
https://wiki.ahsay.com/doku.php?id=public:version_9:client:9447_system_state_backup_vs_system_backup