[Samba] DC disaster recovery

Gregory Sloop gregs at sloop.net
Tue Jul 14 15:51:16 UTC 2020 

Yeah, I could setup an extra XCP box - but at smaller setups, it really seems like overkill.
So, it sounds like restores of the VM work "fine."

How often do machine accounts reset their passwords?
[This is the one that is most likely to be problematic. Rejoining the domain means a new profile. And that's a big PITA on the client side.]

User password changes can simply be handled by the admin resetting them, or the like. Machine accounts? Not so straight-forward, at least not that I'm aware of - unless there's some way to "reset" the computer account password and sync with the workstation.

---
Offtopic: Louis re: XOA
BTW, There's a script that allows you to run XOA community, and keep the XOA install up to date. I can't justify "paid" XOA for any of my clients, except for perhaps one - and even then it's a big stretch. XOA community is a great alternative for those smaller cases. (And I use very few of XOA's features - other than backup and keeping XCP up to date.

-Greg


LPHvBvs> If your runing XEN (XCP-NG), which im also using. 

LPHvBvs> I use the automated snapshots, and this. 
LPHvBvs> https://docs.citrix.com/en-us/xencenter/7-1/vms-snapshots-export.html

LPHvBvs> That should give an resonable backup. 
LPHvBvs> XOA, yes thats looks nice also, i never used it.

LPHvBvs> If you have only 1 XEN server, i would just pickup an pc, or buy a second hand server
LPHvBvs> and install XEN and run a second DC Or just add a second DC somewhere,
LPHvBvs> save you in case of disaster recovery a lot of troubles. 

LPHvBvs> You can add one a a cloud, but the dont forget to configure the GPO's and then
LPHvBvs> make sure you assign the server in lan for resolving and authenticion.
LPHvBvs> The cloud one is then only the backup DC. 

LPHvBvs> Just an extra idea. 


LPHvBvs> Greetz, 

LPHvBvs> Louis




>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
>> Gregory Sloop via samba
>> Verzonden: dinsdag 14 juli 2020 1:26
>> Aan: samba at lists.samba.org
>> Onderwerp: [Samba] DC disaster recovery

>> So, I'm generally running my DC's in VM's on Xen [XCP-NG].
>> And I'm considering recovery from different disaster 
>> situations - say a crashed/corrupt DC. Or hardware failure.

>> Yes, I could run a second VM with a second DC. But unless I 
>> setup another XCP server and put the VM on that - the biggest 
>> threat to the current VM/DC is the hardware it's running on. 
>> So, it really doesn't make a lot of sense to run a second DC 
>> on the same VM hardware, in an attempt to make it more resilient, IMO.

>> I backup the VM's [XOA, in this case] - and was wondering 
>> about what the best recovery procedure would be.

>> In short, restoring the VM from the XOA backup, in it's 
>> entirety, is quick and painless. 
>> [A hardware equivalent of DD'ing the disk to a new machine, I think.]

>> I obviously get that if I restore a backup or snapshot from, 
>> say, a week ago - that any changes to AD since the backup 
>> will be lost.

>> But lets assume I've not made any serious changes I really 
>> have to have to AD. 
>> Are there any other serious problems with restoring an 
>> earlier version of the AD VM that would really cause serious issues?

>> [Obviously the original VM can't come back up, as that's 
>> going to cause all sorts of havoc - because we'll have two 
>> different AD-DC's that think they're authoritative for the 
>> domain. But outside of that...]

>> I did a search of the list, but didn't find anything very 
>> specific easily.

>> -Greg
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba





-- 
Gregory Sloop, Principal: Sloop Network & Computer Consulting
Voice: 503.251.0452 x121
EMail: gregs at sloop.net
http://www.sloop.net
---

More information about the samba mailing list