question

eg1995-5273 avatar image
0 Votes"
eg1995-5273 asked SadiqhAhmed-MSFT answered

azure site recovery hyperv

dears,

i have an azure site recovery deployment for 2 hyperv vms: one sql and one iis server and they are based on ad authentication.
on azure, i created a second dc in case of a failover.

now i want to do the test failover on a separate vnet, so for this reason i want to replicate the exact configuration that i have on prem: iis and sql and one dc.
thats why i will replicate a dc and both vms on a separate vnet for the test failover in order not to impact the prod.

my questions are for the dc behavior:

  1. the dc that needs to be replicated shoud it be the holder of FSMO or there is no need?

  2. When you initiate a test failover, don't include all the domain controllers in the test network. To remove references to other domain controllers that exist in your production environment, you might need to seize FSMO Active Directory roles and do metadata cleanup for missing domain controllers.?

can u advise on point 2 also? i have many dcs on premises but i will just replicate one for the testing. what does it mean remove references to other dcs if i wont replicate remaning dcs? and noting that there wont be communcation between all dcs because there isnt a site to site vpn connection between both sites.

thank you in advance



azure-site-recovery
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

anyone dears?

0 Votes 0 ·

1 Answer

SadiqhAhmed-MSFT avatar image
0 Votes"
SadiqhAhmed-MSFT answered

@eg1995-5273 Thank you for your post and I apologize for the delayed response. Please see the response to your questions below.

  1. The DC that needs to be replicated should it be the holder of FSMO or there is no need?
    Setting up Active Directory for a Disaster Recovery Environment | Azure Blog and Updates | Microsoft Azure This article provides more information.

  2. When you initiate a test failover, don't include all the domain controllers in the test network. To remove references to other domain controllers that exist in your production environment, you might need to seize FSMO Active Directory roles and do metadata cleanup for missing domain controllers.?
    Transfer or seize FSMO roles - Windows Server | Microsoft Docs Recommendations on when to seize FSMO roles

Can you advise on point 2 also? i have many DC’s on premises but i will just replicate one for the testing. what does it mean remove references to other DC’s if i wont replicate remaining DC’s? and noting that there won’t be communication between all DC’s because there isn’t a site to site vpn connection between both sites.

It is recommended to remove references to other DCs as a best practice to prevent any AD errors but is not specifically an ASR requirement. https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-manually-removing-a-domain-controller-server/ba-p/280564


If the response helped, do "Accept Answer" and up-vote it


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.