commvault.com commvault.com
Solved

Inquiries regarding VM live sync of the Domain Controller.

  • 23 November 2023
  • 3 replies
  • 34 views
D
Rank
Userlevel 3
Badge +13

Hello Community,

 

The domain controller is currently hosted in vCenter. Our plan involves replicating the domain controller from one site to another using Commvault VMware Live Sync.

Questions :

  1. Is Commvault support this, and are there any considerations specific to DC live sync?
  2. Our primary concern around the trust relationship. If the source DC VM becomes unavailable and we need to power on the replica in the DR site without the latest replication, there's a potential risk of breaking the trust relationship?
  3. Are there any other critical aspects we should take into consideration in this scenario?

 

thanks

icon

Best answer by Javier 28 November 2023, 11:18

View original

3 replies

J
Rank
Userlevel 2
Badge +3

Hi DanC,

  1. Is Commvault support this, and are there any considerations specific to DC live sync?

Generally speaking yes we do. Could you tell us which type of replication you’re using? 

https://documentation.commvault.com/2023e/essential/87228_auto_recovery_of_virtual_machines.html

It will treat it like any other VM. 

 

  1. Yes it can and your workstations may need to re-join the domain after the DC restore. Do you have only a single domain controller in a single domain? 

 

  1. If you’re using LAPS (The "Local Administrator Password Solution" (LAPS) provides management of local account passwords of domain joined computers.) on your workstations, it can get tricky to login as local administrator to rejoin the domain. 

 

Thank you for your time.

Kind regards,

Jiye Lee

J
Rank
Userlevel 4
Badge +10

Hi @DanC ,

 

As @Jiye has advised, there is no issue from a Commvault perspective since it will be just treated as a VM that is replicated via LiveSync.

 

BUT, and it is a quite big but, it may lead into issues with the actual Domain Controller operations, since GUIDs might be replicated or missing, trust relationships between machines broken….

Active Directory already does a pretty good job at replicating its information when multiple Domain Controllers are available in the environment. That way, if 1 DC goes down, the remaining will take care of AD operations without downtime (and most importantly ensure the AD information is correctly synchronised between nodes)

 

Trying to Replicate a DC via VM LiveSync seems to me a bit over-engineered to resolve an issue that AD already handles pretty well.

 

I would suggest to explore options to deploy a new DC within your AD infrastructure (it could even be a Read Only Domain Controller) that will take care of operations in the event of a Disaster.

D
Rank
Userlevel 3
Badge +13

@thanks Javier and Jiye

Reply


Terms & ConditionsCookie settings