True Image in Server

Discussion in 'Acronis True Image Product Line' started by Jose Antonio, Dec 2, 2005.

Thread Status:
Not open for further replies.
  1. Jose Antonio

    Jose Antonio Guest

    Why doesn't Microsoft recommend tools of clonación of disks in servers that are a domain controller's?

    I have two servers that are a domain controller's and once I had to restore one of them through a disk image, when I have restarted I had problems with active directory in windows 2000 server.
     
  2. Acronis Support

    Acronis Support Acronis Support Staff

    Joined:
    Apr 28, 2004
    Posts:
    25,885
    Hello Jose Antonio,

    Thank you for choosing Acronis Server Disk Backup Software.

    Please accept my apologies for the delay with the response.

    Please take a look at my post #2 from this previous thread describing how to backup Domain Controller in more detail.

    As for the problem you have reported, please note that if the Primary Domain Controller goes down and the Backup Domain Controller automatically takes over, then the Active Directory will by out of Sync after the Primary Domain Controller is restored from a backup.

    The are two solutions for the described problem:

    1. Preventive

    This solution allows to avoid such a problem — before it happens.

    2. Resultive

    This solution allows to solve such a problem after it happened.

    Preventive solution:

    Create Active Directory Backup (see Backing Up Active Directory).

    If you ever need to restore the Active Directory, see Restoring Active Directory:

    - Restoring Active Directory Through Reinstallation and Replication;

    - Restoring Active Directory from Backup Media.

    Resultive solution:

    If you did not use the preventive solution, then you will need to demote and promote the restored server as a Domain Controller. While doing this you can encounter problems with the server demotion because of the absence of Sync and Replication. The only way is to force the server demotion by using dcpromo /forceremoval command. This will remove the server from the domain, but will not clean up the database of the current Domain Controller. See Domain controllers do not demote gracefully when you use the Active Directory Installation Wizard to force demotion in Windows Server 2003 and in Windows 2000 Server.

    You will need to clean the database up manually as described in How to remove data in Active Directory after an unsuccessful domain controller demotion.

    Please also take a look at the following articles:

    - How to detect and recover from a USN rollback in Windows 2000 Server;

    - How to detect and recover from a USN rollback in Windows Server 2003.

    If you have any further questions concerning the reason Miscrosoft does not recommend imaging of a Domain Controller for, please contact Microsoft Support Team. I believe they will help you.

    If you have any further questions concerning Acronis software then please feel free to submit a request for technical support or post any of your questions on this forum. We will certainly try to help you.

    Thank you.
    --
    Alexey Popov
     
    Last edited: Dec 16, 2005
  3. TonioRoffo

    TonioRoffo Registered Member

    Joined:
    Apr 23, 2005
    Posts:
    237
    There *is* another way described in MS papers for people running VMWARE servers.

    freezing & restarting DC's gives the same problem described in the former post, that of USN rollback hell.

    There's the simple way out (backup of system state before imaging) and there's another way but you *need* to have SP1 installed on your DC'S prior to restores.

    It's a trick to fool your image-restored DC to start in non-authorative restore mode - please note that this is cut&paste from a MS paper that talks about virtual machines but the principle remains the same:

    Again you need W2K3 SP1

    To restore a previous image when USN rollback has not occurred - this means after restore, you *CANNOT* startup windows in a normal mode or it's all too late...

    1.Using the previous image, start the domain controller in Directory Services Restore mode. (F8 at boot)
    2.In a registry editor, if the entry DSA Previous Restore Count under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters is visible, make a note of the value. If the entry is not visible, assume a value of 0. Do not add the entry.
    3.Add the registry entry Database restored from backup under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
    Data type: REG_DWORD
    Value=1
    This setting creates a valid system state backup and immediately restores the backup.
    4.Restart the domain controller normally.
    5.In the registry, check to be sure that the value in DSA Previous Restore Count is equal to its previous value plus 1.
    6.In the Directory Service event log, check to see that event ID 1109 appears. This event confirms that the .vhd file has been restored and the invocation ID has been changed. Event ID 1109 places the following information in the log:
    Active Directory has been restored from backup media, or has been configured to host an application partition. The invocationID attribute for this directory server has been changed. The highest update sequence number at the time the backup was created is a%n
    %nInvocationID attribute (old value):%n%1
    %nInvocationID attribute (new value):%n%2
    %nUpdate sequence number:%n%3
    %n
    %nThe invocationID is changed when a directory server is restored from backup media or is configured to host a writeable application directory partition.

    I'll send the invoice later ;-)
     
Thread Status:
Not open for further replies.