Kaseya Community

Active Directory Backups

  • Recently, we've found errors in the event logs of our new managed backup clients that report AD hasn't been backed up in 30 days or more. We do full volume backups every 7 days, which covers AD....but apparently isn't resetting the AD logs.

    Any advice out there?

    Legacy Forum Name: Active Directory Backups,
    Legacy Posted By Username: Erik
  • Acronis (BUDR) is not an AD aware backup product (its block/sector level backups). Nor is it aware of any transactional DBs for that Matter (SQL, Exchange, etc...). Is it NOT a replacement for traditional backups methods, nor will it purge your committed logs.

    Backup Exec, ArcServe, NTBackup, etc... still have the use these tools.

    Legacy Forum Name: BU-DR,
    Legacy Posted By Username: SADAsystems
  • Everyone in this shop claims that "Acronis is getting everything" and somewhere they mention VSS during their mantra. No, no, no. I think that VSS button is misleading. It must make people think that Microsoft's utilites are pointless. "Oh pray, why would Microsoft make such utilities? For fun?!" Microsoft has been very hush-hush as always but their most explicit comments about these misunderstandings happened in a KB about VSS and Exchange backups. RTFM. I quote,

    During a VSS backup, there is no opportunity for Exchange to read each database file in its entirety and to verify its checksum integrity. ... If you do not checksum-verify your VSS backups, it is possible that a damaged page could remain undetected in the database and eventually become present in all existing backups.


    An Exchange backup util performs these checks. It makes perfect sense to me that the utilites, even ones scoffed at like NTBackup, must be used because the database itself can't necessarily be shadowed. The "database" might (or is often) spread across several flat-files; all these files are brought into a snapshot state by utilities that are aware of transactions pending -- transactions that render the Acronis backup void if VSS makes a copy of one file that isn't in the same state as other db files sucked into the shadow. Acronis/BUDR never claimed to be AD aware, or Exchange aware, or did I miss something?! I quote Acronis,

    Although Acronis True Image takes care of hard disk and file system-level consistency via snapshot technology, it can not guarantee application-level consistency.


    DUH. And I don't think VSS was ever intended to be a backup miracle for databases on Windows. From everything I've read, VSS sounds like it sits far to close to NTFS than anything like the executables writing stuff to disk. Maybe this is my *nix rage coming out for loosing a database years ago for similar misunderstandings. Once burned; never again.

    Here's the list of popular databases (typified by SBS) that need their respective backup utilities ran before an Acronis flat-file/image backup. Links are to MS articles explaining the simplest means for full backups:

    [INDENT]Window's System State - includes AD! and hive files!
    IIS Metabase - includes email, ftp, and gobs of site specific configuration. Some of this is needed to correctly restore Exchange!
    MS-SQL - duh; all databases (names) is best, not just "production" ones
    MS-Exchange - it used to be a Jet database; who knows now. But as ubuquitious and central as it is to SOHO's, it needs verified backups[/INDENT]

    I was about to write some pre-scripting for these backups since ntbackup.exe and others can be driven ... unless someone already did this ... and wants to share. Smile

    Legacy Forum Name: BU-DR,
    Legacy Posted By Username: justin4dti
  • Justin seems to have nailed everything squarely on the head, actually. Acronis is, flat out, not capable of backing up system states or SQL databases or anything of that sort. It makes a great volume image in case you have to restore the whole system after a drive failure or what-have-you, but it's useless as (for example) an Exchange backup mechanism.

    Deploy Kaseya BUDR and other tools accordingly.

    Legacy Forum Name: BU-DR,
    Legacy Posted By Username: GreyDuck
  • I'll share our experiences with Acronis, NTBackup and VSS backing up AD, Exchange and SQL Databases.

    Exchange:

    I have tested using Acronis, with VSS enabled for a backup of Exchange. It worked once I confirmed that Exchange VSS writer was enabled. What Acronis and the VSS writer perform is a backup of all Exchange database files ensuring that there are no transactions allowed during the snapshot. There are no database checks or trans. log updating performed.

    But what I use is NTBackup to backup Exchange and the system state. NTBackup does use VSS, therefore a snapshot of AD, system state and the Exchange database files, ensuring no transactions during the snapshot.

    Advantages of NTBackup are:

    1. You have a backup of AD which can be used for a AD restore ( boot option ) if necessary.
    2. Exchange is backed up and then run through checks, which includes commiting the trans. logs to the database and truncating the trans. logs.

    We do run Acronis imaging, but we also have these NTBackups scheduled so that we have Exchange backed up at the application level.

    SQLServer:

    I have found that Acronis with VSS enabled, does backup SQL Databases correctly. After Acronis performs a snapshot with VSS, there are logs appearing in the SQL Server logs which confirm that the Databases have backed up. I further confirmed the backups worked as I was able to truncate and shrink these databases, therefore the backup of the databases was performed, with the trans. data written to the backup as well.

    The issue I found was that the old VSS writer, "MSDEWriter.exe" should be used for all versions of SQLServer backup. With the new SQL2005 writer, there were many windows event errors and no backup events in the sql server logs.

    Therfore Acronis is used to backup the SQL Databases to the application level.

    Legacy Forum Name: BU-DR,
    Legacy Posted By Username: dbaster
  • GreyDuck
    Justin seems to have nailed everything squarely on the head, actually. Acronis is, flat out, not capable of backing up system states or SQL databases or anything of that sort. It makes a great volume image in case you have to restore the whole system after a drive failure or what-have-you, but it's useless as (for example) an Exchange backup mechanism.

    Deploy Kaseya BUDR and other tools accordingly.


    This is completely false. We use BUDR in 100's of places. We have restored Exchange, SQL, Active Directory, and many other servers/services. We have NEVER had a single incident where we were not able to restore using BUDR alone.

    With Exchange and SQL it's simple. With AD you have to perform a few special steps after a restore so you don't hose your AD.

    Legacy Forum Name: BU-DR,
    Legacy Posted By Username: far182
  • It is not completely false, and I have experieced a failure with restoring the Exch DB from an Acronis image (the Exch DB was "dirty"). MS Support was able to recover the DB, but there was some lost data (fortunately nothing worthwhile). After talking with Acronis support, they explained that their imaging application is not application aware for Exch and SQL (straight from the vendor's mouth) and do not rely on them alone to make sure you have good backups of exch and SQL (and AD & IIS Metabase too). For that matter, other apps (such as MySQL) will also have issues (unless you stop the service, backup the DB, and then restart).

    Legacy Forum Name: BU-DR,
    Legacy Posted By Username: boudj
  • boudj
    It is not completely false, and I have experieced a failure with restoring the Exch DB from an Acronis image (the Exch DB was "dirty"). MS Support was able to recover the DB, but there was some lost data (fortunately nothing worthwhile). After talking with Acronis support, they explained that their imaging application is not application aware for Exch and SQL (straight from the vendor's mouth) and do not rely on them alone to make sure you have good backups of exch and SQL (and AD & IIS Metabase too). For that matter, other apps (such as MySQL) will also have issues (unless you stop the service, backup the DB, and then restart).


    I wonder who you talked to at Acronis. Right there in their manual it says it backs up SQL & Exchange without first shutting them down.

    Legacy Forum Name: BU-DR,
    Legacy Posted By Username: far182
  • Hey Far182,

    Straight from Acronis's website:

    "Although Acronis True Image takes care of hard disk and file system-level consistency via snapshot technology, it can not guarantee application-level consistency. "

    http://www.acronis.com/enterprise/support/kb/topics/Products/cid/181/articles/503#item2

    That one statement from Acronis verifies what I previously posted... you may get an image of the db (whether its Exch or SQL) but it doesn't mean that it is a good image.

    Now the 9.5 version of Acronis True Image from Kaseya (coming in a few weeks we hope!) will work with MS VSS (and not their own, which really didn't work) and then we should be able to get good backups of DBs with Acronis backup.

    Ref this article from Acronis about this:

    http://www.acronis.com/enterprise/products/ATIES/faq/backup-exchange-server/

    Legacy Forum Name: BU-DR,
    Legacy Posted By Username: boudj
  • The whole point here is that there's TWO types of Excahnge backup:

    1) Offline
    2) Online

    Acronis performs an "offline backup" (using VSS technology
    NTBACKUP performs an ONLINE backup

    The online backup checks the integrity of the database, cleans out the transaction logs, etc. OFFLINE backup DOESN'T do this.

    So the case for doing an NT Backup first - or even WEEKLY if you want - makes sense. You get the best of BOTH worlds.

    Gavin

    Legacy Forum Name: BU-DR,
    Legacy Posted By Username: Interprom
  • Part of the problem with Acronic backups of Exchange (for example) is that this does not purge the transaction logs. There are also some other potentially (very) serious issues concerning DC active directory restores from Acronis style backups.

    The simple solution is to run an online ntbackup iof your databases and system state, which IS application and AD aware, and just configure it to overwrite the media in a folder on the local drive. If possible, I would configure this to run everyday and make sure the folder location is included in your daily Acronis backups.

    Hope this helps!

    Legacy Forum Name: BU-DR,
    Legacy Posted By Username: Alan M
  • I've also done full recovery of Exchange and Active Directory using nothing but BUDR.

    In one recovery "case" I needed to recover a public folder from an exchange 2003 information store. I was able to mount the backup image as a drive, and restore the public information store using native exchange tools.

    I also have recently migrated a lightly used sharepoint server /w SQL to a Virtual Machine using nothing but BUDR with Universal Restore.

    As a matter of best practice, you should take full advantage of the Pre script to pause Exchange and SQL before backup.

    It is also easy to backup things like AD and the IIS Metabase from the pre/post script.

    i.e. I have a backup script to backup systemstate on domain controllers... the nut of the script is

    incremental
    backup "@#share#\#machid#.bks" /a /d "Set created #sdate# " /v:yes /r:no /rs:no /hcRed Facedff /m incremental /j "#machid# Backup" /l:s /f "#share#\#machid#_#sdate#.bkf"

    full
    backup "@#share#\#machid#.bks" /d "Set created #sdate# " /v:yes /r:no /rs:no /hcRed Facedff /m normal /j "#machid# Backup" /l:s /f "#share#\#machid#_#sdate#.bkf"

    IISMetabase backup goes like this:

    %SYSTEMROOT%\System32\cscript.exe iisback.vbs /backup /b IISBackup -overwrite

    Legacy Forum Name: BU-DR,
    Legacy Posted By Username: myArch-man
  • Thanks everyone. Stepping back and looking at things rationally, you can see that some people have preferences. I'm paranoid about backups so we have both online and offline, as Interprom calls them, of Exchange, AD, and MSSQL. And looking back at Acronis' product line you can see that their traditional solution was imaging (quasi-offline ... but not even that). Images work great for simple things like workstations. Acronis has moved on but that history is incentive enough to pull out the old-school, tried and true backup methods for servers.

    Anyways, as my old UNIX mentor would say, "Backup early, backup often."

    Legacy Forum Name: BU-DR,
    Legacy Posted By Username: justin4dti
  • far182
    This is completely false. We use BUDR in 100's of places. We have restored Exchange, SQL, Active Directory, and many other servers/services. We have NEVER had a single incident where we were not able to restore using BUDR alone.

    With Exchange and SQL it's simple. With AD you have to perform a few special steps after a restore so you don't hose your AD.


    i did a restore and active directory didn't load properly. what were the special steps you had to do after the restore?

    Legacy Forum Name: BU-DR,
    Legacy Posted By Username: boblzer0
  • Have any of these issues on page one been resolved with this latest instance of BUDR?

    Legacy Forum Name: BU-DR,
    Legacy Posted By Username: FarVision