backing up active directory

[rasczak]

for you MS guru's out there, what's your AD backup plan?

I'm currently trying to work this out on a new project, would like to hear what you all do for backing up AD. Is it true that if a DC is offline for more than seven days and there are replication partners, the data becomes inconsistent and you need to do a total reinstall of the offline DC?

Do you schedule your backups of AD everday, every other day, or weekly?

Thanks!

 

[RebateMonger]

AD backups are tiny. I back up System State with every backup. Even if I do a quick partial backup, I back up SS.

Yeah, the tombstoning thing with AD is a pain. I believe the limit is 30 days (roughly). But you definitely want to keep current copies of AD.

 

[dphantom]

This MS article should help explain the tombstone and useful life of an AD backup.

AD Life

It can be changed, just be sure you know what you need to do in terms of an authoritative/non-authoritative restore and what your tombstone settings are.

 

[RebateMonger]

Originally posted by: RebateMonger
I believe the limit is 30 days (roughly). But you definitely want to keep current copies of AD.

Shows you how good my memory is. 60 days is the default value.

As important as this value is to backups and restorations, it's something that is very seldom discussed in backup literature. I haven't modified any of my Domains, but I'm tempted to do so. 180 days would be nice. I got hit by it once when a business partner handed me an unfinished project that had sat for a couple of months. Expired tombstones made the project twice as much work as it should have been.

 

[dphantom]

Originally posted by: RebateMonger

Originally posted by: RebateMonger
I believe the limit is 30 days (roughly). But you definitely want to keep current copies of AD.

Shows you how good my memory is. 60 days is the default value.

As important as this value is to backups and restorations, it's something that is very seldom discussed in backup literature. I haven't modified any of my Domains, but I'm tempted to do so. 180 days would be nice. I got hit by it once when a business partner handed me an unfinished project that had sat for a couple of months. Expired tombstones made the project twice as much work as it should have been.

Right and then the decision is on an authoritative restore or not. Lots of stuff to consider, but it is nice that the tombstone value can now be changed. I have been fortunate not to have run into that type of situation. At least it is correctable.

 

[rasczak]

Originally posted by: dphantom

Originally posted by: RebateMonger

Originally posted by: RebateMonger
I believe the limit is 30 days (roughly). But you definitely want to keep current copies of AD.

Shows you how good my memory is. 60 days is the default value.

As important as this value is to backups and restorations, it's something that is very seldom discussed in backup literature. I haven't modified any of my Domains, but I'm tempted to do so. 180 days would be nice. I got hit by it once when a business partner handed me an unfinished project that had sat for a couple of months. Expired tombstones made the project twice as much work as it should have been.

Right and then the decision is on an authoritative restore or not. Lots of stuff to consider, but it is nice that the tombstone value can now be changed. I have been fortunate not to have run into that type of situation. At least it is correctable.

do you guys use NTBACKUP to backup AD, or backup exec?

 

[dphantom]

Originally posted by: rasczak

Originally posted by: dphantom

Originally posted by: RebateMonger

Originally posted by: RebateMonger
I believe the limit is 30 days (roughly). But you definitely want to keep current copies of AD.

Shows you how good my memory is. 60 days is the default value.

As important as this value is to backups and restorations, it's something that is very seldom discussed in backup literature. I haven't modified any of my Domains, but I'm tempted to do so. 180 days would be nice. I got hit by it once when a business partner handed me an unfinished project that had sat for a couple of months. Expired tombstones made the project twice as much work as it should have been.

Right and then the decision is on an authoritative restore or not. Lots of stuff to consider, but it is nice that the tombstone value can now be changed. I have been fortunate not to have run into that type of situation. At least it is correctable.

do you guys use NTBACKUP to backup AD, or backup exec?

I have used both. Currently use Backup Exec 12.5 SP1 to do my backups for everything except SQL. I also use the Exchange agent for my Exchange 2003 server.

 

[RebateMonger]

Originally posted by: rasczak
[do you guys use NTBACKUP to backup AD, or backup exec?

Almost all of my clients are running SBS 2003 and are very concerned about costs. They hate it when the backup program costs more than the server itself. Unless they specify a need to have "instant" server recoveries, I use NTBackup for all backups, including Exchange and SQL. As noted, I run System State backups (using NTBackup) every time I use NTBackup.

When the ability to do hardware-independent restores or fast restores is important, I use StorageCraft's Shadowprotect Server, which is available for SBS for only $500. It's image-based, does fast restores, and is really good at restoring to non-original hardware configurations. But, as an image-based backup program, it doesn't do independent System State backups. For those I use NTBackup.