How can I make a backup computer/machine for AD that would continue to work in the event that the server or the physical machine with AD crashes/stops working for some reason?

Question

Where I work, unfortunately, we have problems with electricity and lightning in the area.

Although there are voltage regulators, UPSs, it happened that when there was a big storm, lightning struck the area and damaged the components of a computer, printer, or completely fried it. It is a rare thing, but it is still possible.

How could I make a backup, that is, literally a physical working copy of the existing AD, which would continue to work in the event that the physical server on which the AD is installed crashes or stops working? So I'm looking for redundancy.

Any help, tutorial, material or advice is greatly appreciated. Thank you very much.

Answer 1

Hello Monty95,

Thank you for posting in Microsoft Community forum.

To achieve redundancy for Active Directory (AD) and ensure it continues to function even if the primary server fails, you will need to implement at least one additional domain controller (DC) in your network.

Here are the steps to do that:

1.Set up an Additional Domain Controller:

Install Windows Server on a Second Machine:

Ensure that it is a physical server or a virtual machine (VM) that resides in a different physical location or on a different power circuit to minimize the risk of both servers getting affected simultaneously.

Promote to a Domain Controller:

1.Open the Server Manager and add the “Active Directory Domain Services” role on the new server.

2.After the role is added, use the AD DS Configuration Wizard to promote the server to a domain controller.

3.During the promotion process, choose to add this server to an existing domain and select your existing domain.

4.Follow the prompts to complete the process, ensuring that you replicate all the necessary data from the existing AD.

2.Ensure Replication is Working Properly:

Active Directory will automatically replicate data between domain controllers, but you can use tools like "Repadmin" to verify and monitor replication health.

Make sure your new domain controller is a Global Catalog server and that both domain controllers are configured to replicate critical AD data.

3. Backup Regularly:

Although having an additional domain controller provides redundancy, it’s also important to regularly back up your AD data. Use the built-in Windows Server Backup to regularly back up the system state, which includes the AD database.

Store these backups in a secure, off-site location.

4.Check Power Protection:

Ensure both domain controllers are connected to UPSs to provide a degree of protection against power outages.

In areas prone to lightning strikes, consider additional surge protection devices.

5.Test Failover:

It’s important to periodically test the failover process. This can be done by temporarily shutting down the primary domain controller and ensuring that the secondary domain controller takes over AD functions seamlessly.

I hope the information above is helpful.

If you have any question or concern, please feel free to let us know.

Best Regards,

Daisy Zhou