I am involved in a project with customr in this area and would appreciate any input as to the recommended approach / procedures. The requirement is as follows:
There are 15 AD servers – 3 virtual and 12 physical – all running Windows 2012R2
These are spread across 3 sites (locations) – although all the same AD
Each server is being secured with an MS-Windows policy type – specifying Granular Restore – and having a backup selection of ALL_LOCAL_DRIVES.
1 x Windows Master Server - 8.1.1
1 x 5240 appliance (media server) – 3.1.1
1 x 5240 appliance (Master/Media server) – 3.1.1
No netbackup infrastructure
I am interested in the following scenario’s:
Requirement to restore individual AD objects
Requirement to perform a FULL AD recovery in the event of a complete AD failure or loss of all sites
The first point should be fine – but I have questions around the second point:
As I am only just starting the design/planning process here I am interested in any information relating to these scenarios.
Also, we have to test these restore scenarios…… As the appliances are both in production and we will need to perform the AD restore in an environment with no AD we need to be very careful as to how we do this. I am thinking we may need to take one of the appliances (the Master/Media) out of the current environment and place it in the Sand-Box testing environment to simulate this…….
Any input appreciated.
- consult all these questions also with a Windows/Domain Admin, not only on NetBackup forum
- yes you should connect to Master With Local Account - also verify no of Master Server services are running under some domain account (generally they should not) . To be completely sure you can also consider to operate your Master in a workgroup and not domain.
- your AD infrastructure is so redundant that I can imagine only logical corruption in the domain data replicated across all DC's. In this case, so called authoritative restore will be required. But is is very risky to test this scenario in a production environment. I recommend you to implement a separate testing domain with, for example, two DC's, and perform all various tests in it.