[Samba] DC disaster recovery

L.P.H. van Belle belle at bazuin.nl
Tue Jul 14 07:33:13 UTC 2020 

If your runing XEN (XCP-NG), which im also using. 

I use the automated snapshots, and this. 
https://docs.citrix.com/en-us/xencenter/7-1/vms-snapshots-export.html

That should give an resonable backup. 
XOA, yes thats looks nice also, i never used it.

If you have only 1 XEN server, i would just pickup an pc, or buy a second hand server 
and install XEN and run a second DC Or just add a second DC somewhere, 
save you in case of disaster recovery a lot of troubles. 

You can add one a a cloud, but the dont forget to configure the GPO's and then 
make sure you assign the server in lan for resolving and authenticion.
The cloud one is then only the backup DC. 

Just an extra idea. 


Greetz, 

Louis




> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Gregory Sloop via samba
> Verzonden: dinsdag 14 juli 2020 1:26
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] DC disaster recovery
> 
> So, I'm generally running my DC's in VM's on Xen [XCP-NG].
> And I'm considering recovery from different disaster 
> situations - say a crashed/corrupt DC. Or hardware failure.
> 
> Yes, I could run a second VM with a second DC. But unless I 
> setup another XCP server and put the VM on that - the biggest 
> threat to the current VM/DC is the hardware it's running on. 
> So, it really doesn't make a lot of sense to run a second DC 
> on the same VM hardware, in an attempt to make it more resilient, IMO.
> 
> I backup the VM's [XOA, in this case] - and was wondering 
> about what the best recovery procedure would be.
> 
> In short, restoring the VM from the XOA backup, in it's 
> entirety, is quick and painless. 
> [A hardware equivalent of DD'ing the disk to a new machine, I think.]
> 
> I obviously get that if I restore a backup or snapshot from, 
> say, a week ago - that any changes to AD since the backup 
> will be lost.
> 
> But lets assume I've not made any serious changes I really 
> have to have to AD. 
> Are there any other serious problems with restoring an 
> earlier version of the AD VM that would really cause serious issues?
> 
> [Obviously the original VM can't come back up, as that's 
> going to cause all sorts of havoc - because we'll have two 
> different AD-DC's that think they're authoritative for the 
> domain. But outside of that...]
> 
> I did a search of the list, but didn't find anything very 
> specific easily.
> 
> -Greg
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list