Comparing Flexible AD Recovery Options

Welcome. This is Quest Unscripted. --A vlog series on trending topics-- --and Quest solutions related to Active Directory-- --Office 365-- --oh, and don't forget Azure AD. You are here because you have questions. We're here because we have answers. I think. We will address questions we've received from customers-- --experiencing the same challenges as you. All with the goal of helping you confidently move-- --manage-- --and secure-- --your Microsoft environment. We call the show Quest Unscripted because-- --except for this intro-- --nothing we say is scripted or rehearsed. And we're pretty sure you'll notice that right away. All right, Brian, we can do BMR, Bare Metal Recovery, we can do clean operating system. Why would you ever want to do bare-metal recovery? Oh well, that's a great question. So I think the primary reason is that you're not Microsoft-centric, or you're not Active Directory-centric on your domain controllers. So a couple-- there's probably political reasons too. Let's say for example, if you're a large corporation there's a lot more segregation in what's going on, and so maybe the server build teams are separate from the Active Directory Teams. So I've got a few clients like that. And they want that ability to recover their domain controllers completely and not rely on the server build team to get them new servers. Because the one thing you do need for Clean OS, that you don't necessarily need for bare metal, is Windows servers already installed. That's where we start. So that's one reason why you'd do it. Another is maybe you're running DHCP or you've got DNS zones that are not AD integrated zones running on your DCs, hosted on your DCs. Or you're running something else like a certificate authority or some other Microsoft service or role that's not an Active Directory role or Active Directory related role. Those won't be recovered with Clean OS recovery. We only back up Active Directory components, and we only recover Active Directory. So I could see a lot of small, medium businesses that are doing multipurpose servers having that view. Yeah, and that's really where the problem begins is multi-purposing your servers. But if you're clean, a Clean OS is definitely the way to go. And maybe we can talk about the difference in backups, and we can bring that up to light. Yeah, please. So let me just go ahead and share a couple of slides. Yeah, what are the requirements for BMR? So this slide kind of explains things. So here's my original domain controller, and I've backed that up. And we do just use Windows Server Backup. But we back up every disk, every partition, I should say, that has something to do with Active Directory. So that's boot level, Windows level and of course, the Active Directory parts into, yes, the DIT, the Logs. You can see them listed here. Brian, I see original DC. Does it have to be the same hardware? That's a great question. No, it doesn't have to be the original hardware. You can actually include drivers for new hardware when you build out your Windows RE environment. We do that automatically for you. You can just take the drivers and put them in a folder and we bring those in. But your disk layout needs to be the same. So and I'll just grab a pen here, Bryan, so I can draw a little bit. You'll notice I've got three physical disks here. If I have that I need the same three physical disks to restore the partitions to. Because I'm going to lay down the entire partition, so this is probably some system reserved without a letter but this is probably C. That makes sense. This is maybe D. Is that a D? It's something. This is E and maybe F, right? So these drive letters-- we back up the entire partition. And we need to have the same amount of space or more on the physical disk for your blank host, your target host, which, by the way, doesn't need an OS installed, so that we can lay down those partitions in the same way. And you get the same kind of layout over here at the end. Now, again, we're backing up the partition. So let's say SYSVOL's only taking up, I don't know, 20% of my drive. That's SYSVOL. But I have other stuff on this drive. Maybe I've got PerfMon data, or maybe I backed up my music collection to there. I'm just kidding. But whatever it is, I'm backing that up too. And it's going to be in the backup I restore, and it's going to be on the restored machine because there's no way for us to separate it. Like a tainted malware, could be hiding. Well, that's a really big point, Bryan, because when you get into your boot volume or your system volume, wherever Windows is, or your program files directory, there's a lot of binaries that get backed up. Do you need those? Well, with Clean OS you don't. So let's talk about Clean OS. So here I've got the same server. You can see the drive layout's pretty close to the same. When I back things up I'm not backing up partitions. I'm only backing up files. So I grab the NTDS and the Logs and the SYSVOL Volume, the SYSVOL files themselves. And in the Windows Directory I grab parts of the registry. Not the whole registry, just things like HKLM. Wow, I just had a screen go blank. That was weird. I'll pause for a minute. Just things like the HKLM and system partitions, not things like user hives in other parts of the registry that you don't really need. And we take those files and we back them up into their own compressed file, and we get roughly 60% compression. But if there was extra stuff like that SYSVOL partition, we didn't bring that over, that's not in our backup. And then when we restore, you'll see here in my target machine, I don't have a Logs Directory. I just have NTDS and SYSVOLs. So my Logs and my database need to go into the same drive, in this example. Now I could have had everything on drive C if I wanted to. It doesn't really matter. And your storage costs are going to be a lot less too, aren't they? Yeah, your backups are going to take a lot less space, especially since we can also compress those backups. But your target machine, especially if you're in a disaster and you're really just trying to get up quickly so you can get back to business as usual, maybe you don't want to take the time to partition out three physical disks and have that all broken up within your drive arrays. Maybe you just want to get standard server builds up and get back and running. So yeah, it takes care of that, but you need enough free space. You need free space, and you need Windows preinstalled. Now, what version of Windows? The same version as the DC. Another question I get asked is, do I need service packs to the same level? And the answer is no, you don't need to be patched to the same level. The same OS version is enough. So kind of what I'm taking away is, if you can, do clean operating system probably a little bit faster as well. But if you can't, you're like an SMB and you have multiple different roles, multipurpose, you need to be able to do BMR. We have you covered as well where you can restore two disks in the hopper. Absolutely. Do I have that right? Yup, absolutely. All right great. Thank you, Bryan. Cheers.