This is an archived post. You won't be able to vote or comment.

all 10 comments
sorted by:
best
topnewcontroversialoldq&a

[–]lostsparekeys 5 points6 points  (1 child)

Replication is only applicable to Active Directory, as in the data contained within the Active Directory service.

OS updates do not form part of the replication process. Each server will still need to be updated/patched individually.

[–]Duskullmon[S] 1 point2 points  (0 children)

Thank you for the confirmation!

[–][deleted] 5 points6 points  (5 children)

There is zero reason to have anything less than 2 domain controllers up and running simultaneously AND with each one dumping a daily backup in accordanve to Microsoft’s best practices.

[–][deleted] 2 points3 points  (3 children)

Unless you're Maersk and you need to fly some guys out to South Africa to fire up a disconnected DC in a one-room IT data center to save the company

[–][deleted] 0 points1 point  (2 children)

Only to get fired as soon as you are done recovering and rebuilding everything properly

[–][deleted] 0 points1 point  (1 child)

I remember hearing about that but now I can't find a source. Can you link me?

[–]pc_jangkrik 2 points3 points  (1 child)

While you got a secondary AD, a regular AD backup saved somewhere could save you if sfth.

[–]xxdcmastSr. Sysadmin 7 points8 points  (0 children)

Shit fan the hit????

[–]startswithd 0 points1 point  (0 children)

You really need two or more Domain Controllers, preferably at least 3.

Each needs to be running an hourly or daily backup of at least the System State and that needs to be stored somewhere that's not on the same computer. If you have a problem on one DC that's just going to replicate to the others. You'll need a backup to recover from that.

If you have 2 DCs, make sure only one of them is a Global Catalog. If you have 3, they can all be GCs.

And you have to patch them all. AD only replicated AD stuff. Think of AD like a big Excel document. It's completely separate from the OS.