5

I've ran active directory in the past in the 2003-2008 era. I remember multiple headaches i had back then:

  1. I wanted to upgrade the domain controller hardware which was going to cause a rebuild. I'm not a network guy by trade but rather a programmer. I tried to do a trying to backup / restore my active directory network but i wasn't successful in the end.

  2. AD & all the services would bog down the machine. It took forever to boot and the machine was slow.

I decided to not run a domain any more and just run a simple workgroup at the time. Now trying to constantly learn new things in programming i'm running to roadblocks because some of the services i need to use are only available on AD networks.

So my questions are:

  1. Is it relatively simple to backup and restore an active directory network to another machine without being a windows AD rock star? How about back up if i would loose the machine? Is it pretty straight forward?

    I remember when i tried to create a virtual machine and try to try to use it as a temp domain controller so that i could migrate everything back to the new hardware when i brought it up but it didn't work. I plan to setup the domain controller on a esxi server i built so hopefully that will eliminate

  2. Is AD (and the services it requires) a lot less resource intensive then they used to be? I'm hoping to only allocate 1-2 GB of ram. Its not like i'll have a lot of users on this domain. Probably 10 at most (MSA & Virtual Accounts)

MDMarra
  • 100,183
  • 32
  • 195
  • 326
coding4fun
  • 367
  • 3
  • 6
  • 14
  • AD is not a lot less resource intensive. But hardware is much faster, thus you can get away what these days is considered lightweight hardware. – Hennes Oct 27 '12 at 23:53
  • Re your first item 1). No need to backup. You should have let your **other** domain controller(s) up and running. (Possibly first transfered FSMO roles). No need to know that as a programmer, but if you do this stuff either hire an insultant, or follow some admin course. (or ask your IT guy if you can read his books - buying those is kind a expensive). – Hennes Oct 27 '12 at 23:57
  • 1
    @hennes No need to backup? AD will replicate mistakes just as quickly as anything else. – jscott Oct 28 '12 at 00:19
  • 2
    Good point. I should have written 'no need to use backups for that specific task'. – Hennes Oct 28 '12 at 00:21
  • Is it me, or does this whole question come from a place of ignorance and bad assumptions? – gWaldo Oct 28 '12 at 14:21

1 Answers1

13

Is it relatively simple to backup and restore an active directory network to another machine without being a windows AD rock star?

You just promote the second server to be a domain controller. Replication will happen as part of the promotion. Transfer the FSMO roles. Run dcpromo to demote the first domain controller, and you're basically done. This process has been the same since Windows 2000 Server.

How about back up if i would loose the machine?

You can use Windows Backup for this. You put the DC in Directory Services Restore Mode and restore the backup. Then, you run a couple of commands to make this permanent and reboot in normal mode. This is well documented on technet and other places. This process has been the same since 2000 server, but the backup software bundled with Windows 2008 and later is much improved.

Is it pretty straight forward?

This depends entirely on your skills/knowledge. What I can say is that it is all well documented.

Is AD (and the services it requires) a lot less resource intensive then they used to be? I'm hoping to only allocate 1-2 GB of ram. Its not like i'll have a lot of users on this domain.

It never was resource intensive. I managed an AD database with over 50,000 objects, and the database was about 500MB. As long as you have enough RAM for the AD database to fit into it entirely, there shouldn't really be any performance issues. I regularly deploy DCs that also run DNS and an anti-virus client with 1 vCPU and 2GB of RAM without issue. Again, this concept and database sizing has been the same since Windows 2000 Server.

It sounds to me like your bad experiences running Active Directory in the past were because of something other than the normal load that is generated by Active Directory.

MDMarra
  • 100,183
  • 32
  • 195
  • 326
  • thanks a lot for all the info. Can you recommend any short readings for the level of detail i need? Hopefully its not a 400+ page book. thanks... – coding4fun Oct 28 '12 at 01:53
  • 1
    You have a lot of questions about a variety of thing, it seems. Technet.com documents all of this pretty well. Just look there if you need for info. I also [wrote this Q&A](http://serverfault.com/q/402580/10472) about AD basics. It might have some general knowledge for you. – MDMarra Oct 28 '12 at 01:56