question

ShaggyDog-0886 avatar image
0 Votes"
ShaggyDog-0886 asked VickyWang-MFST answered

Best Way to Test DC and Network Fileshare Server Backups

I've been doing some research but am having a tough time finding best practices for testing DC and network fileshare server backups. I have backup service that regularly sends me notifications that our domain controller and fileshare servers have successfully been backed up offsite but I would like to periodically test the backups to make sure I know how to recover after an incident and also to confirm that my assumptions about what is backing up are correct.

I have created a testing vlan on our network and was thinking I could setup a test server to pull the backups onto. Is this the right approach?

I am trying to figure out how to test the DC backup on the testing vlan without creating any redundancy conflicts with the genuine DCs running on our operations vlan. Even though though there is no traffic between vlans, I'm concerned that restoring a DC backup with the same domain name could wreak havoc in our environment.

Is it possible to test the DC backup on a test domain, i.e. create a test domain--"AD.test.edu" and import the DC backup to inspect AD Users and Groups, DHCP, DNS and other services?

Testing the fileshare server seems more straightforward as it will be isolated on the testing vlan and is not running any other network services other than hosting the shared files.

Please forgive me if these hypotheses are wildly impractical or misguided.

Thanks in advance for any guidance you can offer.

windows-server-backup
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

best practice for testing a backup in an isolated network environment so that it does not create conflict with services running on our operations vlan

As long as the environment is isolated from production it won't be a problem.

--please don't forget to upvote and Accept as answer if the reply is helpful--






5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Its always recommended to have at least two domain controllers for high availability and disaster mitigation. If the role holder fails you can simply seize roles to another healthy domain controller without downtime, then do cleanup prior to rebuilding the failed one.

--please don't forget to upvote and Accept as answer if the reply is helpful--





5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ShaggyDog-0886 avatar image
0 Votes"
ShaggyDog-0886 answered

As always, thank you for your timely response DSPatrick.

We do have two DCs running on our domain, but we only back up the configuration of the primary DC offsite.

I want to do disaster recovering testing with this offsite backup to make sure we can get our domain back online in the event of a ransomware or other attack that would cause use to shutdown our network or otherwise lose access to our domain services.

Do best practices exist for testing recovery from such undesirable scenarios?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

You could probably do your recovery testing in an isolated environment.

--please don't forget to upvote and Accept as answer if the reply is helpful--


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ShaggyDog-0886 avatar image
0 Votes"
ShaggyDog-0886 answered

Thank you. Last question should be: Do you know if there any known issues with replicating an existing domain in an isolated environment? Any issues to watch out for/avoid?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Since you have more than one domain controller I'd expect the process would be to recover a known good backup, seize roles (if necessary) then do metadata cleanup, then build a new replacement from scratch for the second one. Restoring multiple domain controllers could be risky and problematic.

--please don't forget to upvote and Accept as answer if the reply is helpful--





5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ShaggyDog-0886 avatar image
0 Votes"
ShaggyDog-0886 answered

Mostly I want to make sure the AD Users and Groups, DNS, and DHCP records look accurate. This sounds like a good plan. Always appreciate your help DSPatrick.

If anyone else has more specifics regarding workflows for backup testing, I'm all ears.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Glad to help, you're welcome.

--please don't forget to upvote and Accept as answer if the reply is helpful--



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

VickyWang-MFST avatar image
0 Votes"
VickyWang-MFST answered

Hi,

Thank you for posting in our forum.

If you have only One Domain Controller in the network, backup immediately!

If you have more than one, which is recommended for fail-over protection, backup at least one DC.

Although a fail-over solution could give you fault tolerance for AD, ALWAYS perform a Backup.

The ideal DC to backup should be the one running the FSMO (Flexible Single Master Operation) role.

reference: https://www.pcwdld.com/active-directory-backup

Tip: This answer contains the content of a third-party website. Microsoft makes no representations about the content of these websites. We provide this content only for your convenience.


Hope this information can help you

Best wishes

Vicky

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ShaggyDog-0886 avatar image
0 Votes"
ShaggyDog-0886 answered

Hi Vicky,
Thank you so much for providing this guidance. This is very useful information, but I am specifically looking for a best practice for testing a backup in an isolated network environment so that it does not create conflict with services running on our operations vlan. I will be sure to follow the backup recommendations in this very useful document, though.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.