cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Netbackup - Active Directory Recovery Scenarios

SYM-AJ
Level 5

‎10-24-2018 06:22 AM - edited ‎10-24-2018 06:23 AM

I am involved in a project with customr in this area and would appreciate any input as to the recommended approach / procedures.  The requirement is as follows:

There are 15 AD servers – 3 virtual and 12 physical – all running Windows 2012R2

These are spread across 3 sites (locations) – although all the same AD

Each server is being secured with an MS-Windows policy type – specifying Granular Restore – and having a backup selection of ALL_LOCAL_DRIVES.

 Site A

 1 x Windows Master Server - 8.1.1

1 x 5240 appliance (media server) – 3.1.1

 Site B

 1 x 5240 appliance (Master/Media server) – 3.1.1

 Site C

 No netbackup infrastructure

 I am interested in the following scenario’s:

Requirement to restore individual AD objects

Requirement to perform a FULL AD recovery in the event of a complete AD failure or loss of all sites

 

The first point should be fine – but I have questions around the second point:

 

  1. With NO AD present, what are the implications for the Windows master server not being able to authenticate ?
    1. Do we just logon to the Master Server with a local account ?
    2. Will we encounter any other issues ?
  2. We will logon to the appliances with the local admin account – so no authentication issues there

 

As I am only just starting the design/planning process here I am interested in any information relating to these scenarios.

Also, we have to test these restore scenarios……  As the appliances are both in production and we will need to perform the AD restore in an environment with no AD we need to be very careful as to how we do this.  I am thinking we may need to take one of the appliances (the Master/Media) out of the current environment and place it in the Sand-Box testing environment to simulate this…….

Any input appreciated.

AJ.

0 Kudos
1 REPLY 1

Michal_Mikulik1
Moderator
Moderator
Partner    VIP    Accredited Certified

‎10-24-2018 06:53 AM

Hello,

several notes:

- consult all these questions also with a Windows/Domain Admin, not only on NetBackup forum

- yes you should connect to Master With Local Account - also verify no of Master Server services are running under some domain account (generally they should not) . To be completely sure you can also consider to operate your Master in a workgroup and not domain.

- your AD infrastructure is so redundant that I can imagine only logical corruption in the domain data replicated across all DC's. In this case, so called authoritative restore will be required. But is is very risky to test this scenario in a production environment. I recommend you to implement a separate testing domain with, for example, two DC's, and perform all various tests in it.

Regards

Michal