Share via

Best Practice for Deploying a Secondary Domain Controller in a DR Site

Ahmed Essam 245 Reputation points
2025-02-01T21:02:52.17+00:00

Hi everyone,

We currently have a domain controller (DC) hosted in the cloud and are planning to build a disaster recovery (DR) site. The manager suggested using a backup and restore approach to restore the existing domain controller as a second DC in the DR site.

Is using a backup and restore approach for this purpose considered a best practice? If not, what is the recommended approach for creating a secondary domain controller in a DR site?

Additionally, if possible, could you point me to any official Microsoft documentation or best practice articles that outline why the backup and restore method might not be recommended?

Thanks in advance for your help!

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marcin Policht 50,495 Reputation points MVP Volunteer Moderator
    2025-02-01T22:14:10.2066667+00:00

    The best practices by Microsoft dictate to deploy at least one additional domain controller (preferably two) in the DR site. This should be an additional domain controller in the same domain you have in production. To what extent this is a viable solution in our case would depend on a number of factors. Ultimately, this decision is driven by such consideration as RPO, RTO, and cost.

    If your DR site is connected to your primary site and you have budget to run an additional Windows server in that site, then you should follow Microsoft recommendations. You might want to also consider using Azure Site Recovery for this purpose.

    More at

    https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/forest-recovery-guide/ad-forest-recovery-devise-a-plan

    https://learn.microsoft.com/en-us/azure/site-recovery/site-recovery-active-directory

    https://answers.microsoft.com/en-us/windowserver/forum/all/best-practices-for-active-directory-disaster/249ae71f-997d-4162-9951-ad49cbefd7ee

    https://learn.microsoft.com/en-us/answers/questions/1695319/best-practise-for-dr-site-ad-topology

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.