question

NanaSutisna-7928 avatar image
0 Votes"
NanaSutisna-7928 asked NanaSutisna-7928 commented

Backup ADFS server by Cloning

Dear All,

Is it safe to backup ADFS server by Cloning? So if the server crash I will switch on the cloning server.

Regards,
Nana Sutisna

adfs
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

piaudonn avatar image
0 Votes"
piaudonn answered NanaSutisna-7928 commented

It might work. There are a lot of caveats though as some of the "clone" might not have the latest data for smart account lockout for example. Cloning isn't usually a supported way to do a proper restore though. You can keep it as a last resort if other ways are failing.
An easy way to backup and restore ADFS is by using ADFS Rapid Restore. See here: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/ad-fs-rapid-restore-tool

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi Piaudonn,

Thanks for replay.
II mean I cloning by export vitual machine on Hyper-V server. Then import if the virtual server crash.
Before, I backup and restore by ADFS Rapid Restore tool, however I need install OS and ADFS role first. CMIIW.
i think if I clone the virtual server , it is very simple just import the vm, I dont need to install OS and ADFS role.
you said the clone might not have latest data, how about ADFS Rapid Restore, I think the ADFS Rapid Restore will have data while the last backup. So I think cloning or ADF Rapid Restore can have the same data if both are backup on teh same time.
I pay attention to this because if the domain controller server/ AD DS is cloned there will be an issue

I appreciate if you provide an explanation again

Regards,
Nana Sutisna

0 Votes 0 ·
piaudonn avatar image piaudonn NanaSutisna-7928 ·

Assuming that you are using WID, and that the certificates have not rolled-over, and the computer password as well as the service account password are still the same, then it will end up working.

That said, it is not a part of the tested and documented restore procedures. And as such you should make sure you first have a supported backup method (server backup and AD FS Rapid Restore backup).

0 Votes 0 ·

Yes, I'am using WID and group manage service account (GMSA). regarding certificate, it will be working if I restore before certificate expired, isnt it?

0 Votes 0 ·