- This topic has 4 replies, 3 voices, and was last updated September 20, 2016 by Bryan F.
Active Directory replication?
-
Rhett BAugust 8, 2016 10:06:04 PM
I was wondering if anybody has any experience with replication Active Directory Domain Controllers? Are you actually using Zerto to do the replication to a “AD specific VPG” as indicated here: http://s3.amazonaws.com/zertodownload_docs/Latest/Zerto%20Virtual%20Replication%20and%20MSCS.pdf, or are you letting Active Directory native replication occur to a “live” VM in the DR environment?
I am asking as Active Directory has some “uniqueness” when it comes to making sure the AD databases and versioning (USN rollback issues) are all on the same page between the DCs. I have some concerns with letting Zerto just replication the DC through its process, rather than letting the DC use the native AD replication.
Any help/suggestions would be appreciated.
Bryan FAugust 25, 2016 06:35:30 PMRhett B – question can be answered as “yes”. Both methods will work.
The real answer lies in how you have your DR site set up or if you are using a DRaaS offering from a service provider. If your DC is virtualized then I recommend replicating the DC. This keeps everything in the “island” moving to the Recovery “island” the same as it was. This will aid in testing and will in no way effect production as the recovery sites should land on network(s) (vlans, ect) that do not talk back to the production site. You will be able to login with domain creds, ect. Now the vm’s that failover all need to point to the DC as primary or secondary like they do in production.
Now I don’t like the use of a permanent DC in the Recovery vCenter as it would have to access to the production network all the time to talk to the other DC(s). This Network communication will need to be severed at testing and the DC given access to the testing network, for the vm’s that are failing over to talk to it for authentication. If something is missed and your DC is still talking to the other DC’s, it could report both vm’s (production and test) meaning production work could land on the test vm’s, thus the that data will be lost after test is complete and the opposite could happen as testing could be done on production vm’s. This will cause you trouble. So why take the chance, just replicate the DC.
Rhett BAugust 29, 2016 03:56:47 PMThanks for the follow-up. We have decided on the “fenced option” for the exact same reasons you mentioned (don’t want the DR DC polluting the production DCs during testing). Thanks again.
Carlos CSeptember 7, 2016 06:19:02 PMhey guys
I think i did not quite understand….
right now I ‘m a service provider providing DraaS… that means having multiple customers replicating a lot of servers and of course they have ADs right now we have ADs in the the recovery site for each customer (so meaning native AD windows replication)…. is that the way to go or i should be replicating using Zerto instead?
Tagged: karlochacon@gmail.comBryan FSeptember 20, 2016 01:32:26 PMCarlos C – I too am a service provider and I have all of my customers (at least all that ask me) to just replicate the AD server. I have a large number of offsite customers and have all of them setup this way where AD is replicated.