Protecting AD – Active Directory Lifesaver – Umove
A couple of months ago I have received a test licence from Align Technology for the Umove product and I’ve decided to make a short demo. Because I am always overcautious I haven’t had the necessity to use this software in a productive environment. But I know a lot of admins that were asking for something like that.
The product can have many usage scenarios, from the movement of a domain controller to other hardware, cloning Active Directory to a test environment, restoration of a failed DC, to even optimize the Active directory backup process. It should run on any Windows Server version (even 2008).
How did I tested it: 2 virtual machines (Windows 2003 R2). Scenario: the restore of a failed DC (let’s say that it has a failed motherboard, or due to a virus the OS doesn’t start anymore – but the ntds.dit file is still there). I know a lot of cases were people have only one DC (SBS anyone? Sometimes with no backup?) and can not create a new DC by replication.
The first server installed was a Windows Server 2003 R2 that I’ve promoted to a domain controller (name of the domain was itboard). The boot drive was SCSI – we’ll use an IDE drive to the second server to show that you can move it to different hardware (using the normal systemstate backup/restore procedure there are big chances that this will fail).
So, let’s assume that our first server is unable to boot (corrupted boot files, system files, virused, etc). We will attach the hard drive from the first server to the second server. This is running Windows 2003 R2, standalone server, different IP address – it has no relation to the first server. The only thing on this server is the installation kit for Umove.
Let’s start the Umove installation (that has a lot of usefull informations about Active Directory; reading the tips from the install and the help you can say you’ve participated to a small AD class).
Here we have selected the Restore option (not the Backup as in screenshoot).
At the location we’ll specify the drive that we’ve just attached (the drive from the crashed server).
Now we map the info from the attached drive to the local drives. there are cases when the AD info are located on multiple volumes.
Oops! Umove tells me that I don’t have the DNS service installed. It is mandatory that the second server have the same components installed as the first one. The wizard will let you know what is missing.
Next it will look for duplicate servers on the same network. Just a protective measure for some admins.
And finish. My database and SYSVOL were very small so it was very fast. Now reboot.
Wow. It really works. From a standalone server I’ve obtained my old domain controller. It’s identical; the IP address, everything.
Let’s check Event Log. It’s using the right AD restore procedures and resets the invocation IDs used by the replication mechanism. That’s very good; it means that you can use it in environments with more than one DC.
And the SYSVOl looks good also. Mission accomplished!
I’ve said from the begining that it can be used in many scenarios. It was built specially for Active Directory, BUT, if on the same machine you have some other applications (SBS case) it will move those also. Should be able to move: Sharepoint, Exchange, IIS, DHCP, WINS, Certificate Services, TS Licensing Services and even some EFS stuff.
So, in emergency cases (or when you want an easy backup/restore procedure for AD) don’t forget about this software. Utools can be bought online from utools.com – 32 or 64 bit versions for $129.95.